Hacking Exposed 5th Edition

Using the information gathered from American Registry for Internet Numbers (ARIN) and Network Solutions Inc. (NSI), several primary contact names can be gathered for any organization. Searching for contact names on http://groups.google.com sometimes will show some interesting information:

From: Bradford Smith (smithbm@example.com) Subject: Cisco Logging Newsgroups: comp.dcom.sys.cisco This is the only article in this thread Date: 2002/12/20 View: Original Format I have been unsuccessful is pulling logs off any cisco device onto a syslog server. I refuse to spend time viewing logs on every device. I am using a cisco 7206 router (10.14.208.3) (IOS 11.1) and sending the logs to local syslog server (10.14.208.10). I receive a "Access-Reject" message in the logs. What causes this error? Responses before the holidays are appreciated as I will be away from the office dec 20 - jan 5. -Brad

From one simple newsgroup post, we now know Brad is currently not checking his logs, and he will be away from the office for 15 days. What a great discovery!

Profiling Countermeasures

No trick or tool can substitute for a good grasp of network protocols and the software used to access them. All the IDSs and firewalls in the world mean little when wielded by an inexperienced user .

The following list of guidelines is a good start in keeping your information private:

• Be wary of what you say and where you say it. Help forums are very useful; just remember to use them responsibly.

• Only run applications in a production environment if you are comfortable and know steps to restrict information disclosure.

• Alter defaults and change application messages. Although this is not a true security technique, obscuring information is often successful in deterring an attacker.

• Above all else, use common sense. Allow extra time to verify configurations. Double-check your intentions and document any changes.