Yeah, I'm not sure that this is a good idea... You should probably get written permission from the SysAdmin rather than accepting a 'bet'.

Hi and welcome!

You sound like the sort of person who likes to learn. These people generally do very well in whatever they set their minds too.
I think you will be fine.

Get a few more books and read as much as you can from as many different sources as you can.
Very critical for this exam is hands-on practical. Get a copy of VM Ware and set a few virtual machines with different OS's and practice what you are reading about.
I would also advise you to setup Ubuntu on one of these virtual machines. Some of the test is Linux-based and this is the easiest flavour of Linux for newbie’s. Install some apps, configure various settings and see for yourself that it's not all that hard. Try to become familiar with the different commands and options available. Then format it and set it up again!

As for the exam itself, it is a little worrying that you haven’t done any certifications before. Tests can be stressful, especially if you are new to them. Study hard. Go into the exam confident and know your materials, then you'll be fine. As far as exams go, CEH is an intermediate level exam, so it will be hard but not too hard.

Hope this helps!

100% agree

Or what about a more traditional attack? (seems crude, I know!)

The attacker has gotten into the printer he can disable protocols, services, change the ports it operates on, hostname, etc...
Then you've either got a DOS scenario (imagine this printer is the only printer in a branch office, with no on-site IT staff - far from impossible to resolve remotely but could be a headache and will definitely result in 'downtime').
Maybe if the attacker changes the IP address of printer to that of a server or the router, we've got an IP conflict that could potentially result in a much more serious DOS attack...

I also got my Boss to do the letter thing and had no problems

A WHOIS on the IP should tell you who the ISP is. The best advice I can give you is to complain to them. Especially as you've said you think the person that hacked you is in the US - they have pretty clear laws about breaking into computer systems. If he was in China or Russia you may get less sympathy 

Most ISP's have an 'abuse@domain-name' email address to deal with complaints like this. Take some screenshots and copy the logs then attach these to the email.
Be assertive - if it's a business server that's been hacked stress to the ISP that they need to deal with this criminal ASAP.
Chances are they will as they don't want to be sued and if you havae clear evidence then they may get the police/FBI involved.

I wouldn't suggest trying to hack into his TS or FTP server. A simple port-scan can't do any harm, but actively attacking him could get you into trouble ("but he started it" is never going to fly in a court of law).
Also, if he's any good, he has probably just relayed his connection through another hacked box so you might be attempting to hack another legitmate company!

Dude - I don't think it's very ethical to post the IP address here... try to keep yuor questions generic and people will be more than happy to help out.

I agree - the new web site looks much more professional

And IPCOP! (http://ipcop.org/)
Why has no one mentioned this yet? I would have thought it was the most well known/popular...

But yeah, you have options 

Hi,

First of all - welcome!

In answer to your question, can I ask if why you don't have access to the router? If it's because it's ISP managed that's cool, but if it's because you are not the network admin and just want to see what people in your office are up to you probably won't get a lot of help here... (Ethical Hacking Forum).

If you are doing some sort of pen-test or are the onsite IT guru, then the easiest (and best) way to monitor/restrict HTTP traffic is via a proxy-server with content filtering. There are many examples of software you can implement to do this - SurfControl springs to mind as the one I've most recently configured, but MS ISA, Wingate, etc support this functionality.
Otherwise if you just want to view the traffic and not implement a solution than Wireshark/Ethereal with the appropriate filters should show    you what you want to know. The obvious rules related to sniffing (ie., same segment, harder in a switched LAN, etc) apply here of course.

I hope this helps answer your question and again, I apologise if I've misinterpreted your intentions!     

Where are you sitting on the network?
We probably need a better picture of the setup to help out more...

If you are on a LAN segment in the head office and are trying to sniff packets between the branch office and the head office it's probably not going to work very well. The router that connects the two sites will be configured to do something with that traffic (ie. forward, drop, etc), probably with ACLs telling it to do different things with different types of traffic, and you being on the other side of the router won't be able to see it unless it's configured to pass it onto your segment.

Interesting read... there will certainly be repercussions if the courts agree with Blizzard!

I agree that ideally the poll should not be cert-related if possible.

I really like Negrita's number two idea about the programming/scripting requirements for a security professional.
I would very much like to see the results of such a poll!

If we are doing that, it would be great to see more articles or tutorials on this topic as well.

So those of us fortunate enough to not be in the US get either 'London' or 'Other'? 


What about rephrasing the question to something like:

"What certificate/qualification do you regard as the best door-opener in the IT Security Industry?"

And then list a bunch of various certs like Cisco (CCNA/CCSP), Security+, CISSP/SSCP, GIAC, CEH, etc...?

That way (as the poll would be open to non-members too) people in the industry can state their experiences and those perhaps wanting to get into the industry can add their view from an outsiders perspective.
Could be good to compare the two?

Done