Re: [NGSEC] AntiPharming v1.00 FREE

To: "lists @ NGSEC" <lists@xxxxxxxxx>
Subject: Re: [NGSEC] AntiPharming v1.00 FREE
From: Joel Esler <eslerj@xxxxxxxxx>
Date: Tue, 14 Jun 2005 17:19:57 -0400
Cc: bugtraq@xxxxxxxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=es7uCgftygSJFH26vV+P5gnIsKac3PSTXm3Rj8oNg/LZvZe+MvTmJVaQCCMeZqwXSu4Vc28LkIlpcvA6pPDFExWT00YV1MEC69slLrRc3/0vh6tLHkk9gQDfZkLYGIa8cAKltizSOLi0bi+2xcAtN4tV+KqivF7Bs8Wlxad736w=
In-reply-to: <8c643a50050614141878efb1b5@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20050614111716.13DDD1FD81@xxxxxxxxxxxxxxxxxxx> <8c643a50050614141878efb1b5@xxxxxxxxxxxxxx>
Reply-to: Joel Esler <eslerj@xxxxxxxxx>

 "  * Denying any user (even Administrator) to write to the hosts file.
      * Denying any user (even Administrator) to change your DNS settings."
  
  Then who is going to modify the settings?
 
  
  
 
 
> On 6/14/05, lists @ NGSEC <lists@xxxxxxxxx> wrote:
> >  
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Hello,
> > 
> > NGSEC is proud to announce the new release of our new product
> > AntiPharming v1.00 [1] TOTALLY FREE for non-commercial use.
> > 
> > What is Pharming? 
> > 
> > "(...)Pharming is the exploitation of a vulnerability in the DNS
> > server software that allows a hacker to acquire the Domain Name
> > for a site, and to redirect traffic to that web site to another
> > web site. DNS servers are the machines responsible for resolving 
> > internet names into their real addresses - the "signposts" of the
> > internet.
> > 
> > If the web site receiving the traffic is a fake web site, such
> > as a copy of a bank's website, it can be used to "phish" or steal 
> > a computer user's passwords, PIN number or account number.
> > 
> > AntiPharming Configuration For example, in January, 2005, the Domain
> > Name for a large New York ISP, Panix, was hijacked to a site in
> > Australia. In 2004 a German teenager hijacked the  eBay.de Domain Name.
> > Secure e-mail provider Hushmail was also caught by this attack on
> > 24th of April 2005 when the attacker rang up the domain registrar
> > and gained enough information to redirect users to a defaced 
> > webpage(...)" (Source WikiPedia).
> > 
> > What is AntiPharming?
> > 
> > AntiPharming uses active and passive protections for identifying and
> > stopping Pharming (Phising variant) attacks.
> > 
> > AntiPharming will actively protect your windows server from pharming 
> > attacks by:
> > 
> >     * Denying any user (even Administrator) to write to the hosts file.
> >     * Denying any user (even Administrator) to change your DNS settings.
> > 
> > AntiPharming will passively protect your windows server from pharming 
> > attacks by sniffing on each netowrk interface for DNS replies (both
> > TCP and UDP) and recheck them against at least with three secure DNS
> > nameservers.
> > 
> > AntiPharming is TOTALLY FREE for non-commercial use.
> >  
> > This e-mail has been signed with labs@NGSEC PGP key available at:
> > 
> >   http://www.ngsec.com/pgp/labs.asc
> > 
> > [1]   http://www.ngsec.com/ngproducts/antipharming/
> > 
> > Best Regards,
> > 
> > - ---
> > NEXT GENERATION SECURITY, S.L. [NGSEC]
> > C\ O'donnell 46, 3º B
> > 28009 - Madrid, SPAIN
> > Tel: +34 91 435 56 27
> > Fax: +34 91 577 84 45 
> > 
> > http://www.ngsec.com
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.1 (GNU/Linux)
> > 
> > iD8DBQFCrrwBKrwoKcQl8Y4RAsO5AJwIJ1Ngm38IT0JCujagcAz4oWgUUwCgl0Lv
> > vWvO9R/kd5Skb/vzeER7kls= 
> > =XCYN
> > -----END PGP SIGNATURE-----
> > 
> > 
> 
>

Follow-Ups:
- Re: [NGSEC] AntiPharming v1.00 FREE
  - From: Ansgar -59cobalt- Wiechers

References:
- [NGSEC] AntiPharming v1.00 FREE
  - From: lists

Prev by Date: MADSHEEP-05SA (security advisory): WebHints <= v1.03 Remote Command Execution Vulnerability
Next by Date: eEye Advisory - EEYEB-20050316 - HTML Help File Parsing Buffer Overflow
Previous by thread: [NGSEC] AntiPharming v1.00 FREE
Next by thread: Re: [NGSEC] AntiPharming v1.00 FREE
Index(es):
- Date
- Thread