last data update: 2011/10/14, 21:36

Website loading time

during the test: 1.63 s

cable connection (average): 2.01 s

DSL connection (average): 2.38 s

modem (average): 22.28 s

HTTP headers

Information about DNS servers

terminal23.netMX40aspmx2.googlemail.comIN43200
terminal23.netMX50aspmx3.googlemail.comIN43200
terminal23.netMX10aspmx.l.google.comIN43200
terminal23.netMX20alt1.aspmx.l.google.comIN43200
terminal23.netMX30alt2.aspmx.l.google.comIN43200
terminal23.netA173.28.34.75IN3600
terminal23.netSOAns33.domaincontrol.comdns.jomax.net201012130028800 7200 604800 86400 IN 43200
terminal23.netNSns34.domaincontrol.comIN3600
terminal23.netNSns33.domaincontrol.comIN3600

Received from the first DNS server

Request to the server "terminal23.net"
You used the following DNS server:
DNS Name: ns34.domaincontrol.com
DNS Server Address: 208.109.255.17#53
DNS server aliases:

HEADER opcode: REQUEST, status: NOERROR, id: 13873
flag: qr aa rd REQUEST: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 0

REQUEST SECTION:
terminal23.net. IN ANY

ANSWER SECTION:
terminal23.net. 86400 IN SOA ns33.domaincontrol.com. dns.jomax.net. 2010121300 28800 7200 604800 86400
terminal23.net. 3600 IN A 173.28.34.75
terminal23.net. 3600 IN NS ns33.domaincontrol.com.
terminal23.net. 3600 IN NS ns34.domaincontrol.com.
terminal23.net. 604800 IN MX 10 aspmx.l.google.com.
terminal23.net. 604800 IN MX 20 alt1.aspmx.l.google.com.
terminal23.net. 604800 IN MX 30 alt2.aspmx.l.google.com.
terminal23.net. 604800 IN MX 40 aspmx2.googlemail.com.
terminal23.net. 604800 IN MX 50 aspmx3.googlemail.com.

Received 301 bytes from address 208.109.255.17#53 in 98 ms

Received from the second DNS server

Request to the server "terminal23.net"
You used the following DNS server:
DNS Name: ns33.domaincontrol.com
DNS Server Address: 216.69.185.17#53
DNS server aliases:

HEADER opcode: REQUEST, status: NOERROR, id: 18457
flag: qr aa REQUEST: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 0

REQUEST SECTION:
terminal23.net. IN ANY

ANSWER SECTION:
terminal23.net. 86400 IN SOA ns33.domaincontrol.com. dns.jomax.net. 2010121300 28800 7200 604800 86400
terminal23.net. 3600 IN A 173.28.34.75
terminal23.net. 3600 IN NS ns33.domaincontrol.com.
terminal23.net. 3600 IN NS ns34.domaincontrol.com.
terminal23.net. 604800 IN MX 10 aspmx.l.google.com.
terminal23.net. 604800 IN MX 20 alt1.aspmx.l.google.com.
terminal23.net. 604800 IN MX 30 alt2.aspmx.l.google.com.
terminal23.net. 604800 IN MX 40 aspmx2.googlemail.com.
terminal23.net. 604800 IN MX 50 aspmx3.googlemail.com.

Received 301 bytes from address 216.69.185.17#53 in 14 ms

Subdomains (the first 50)

Typos (misspells)

rerminal23.net
ferminal23.net
germinal23.net
yerminal23.net
6erminal23.net
5erminal23.net
twrminal23.net
tsrminal23.net
tdrminal23.net
trrminal23.net
t4rminal23.net
t3rminal23.net
teeminal23.net
tedminal23.net
tefminal23.net
tetminal23.net
te5minal23.net
te4minal23.net
terninal23.net
terkinal23.net
terjinal23.net
termunal23.net
termjnal23.net
termknal23.net
termonal23.net
term9nal23.net
term8nal23.net
termibal23.net
termimal23.net
termijal23.net
termihal23.net
terminzl23.net
terminsl23.net
terminwl23.net
terminql23.net
terminak23.net
terminap23.net
terminao23.net
terminal13.net
terminalq3.net
terminalw3.net
terminal33.net
terminal22.net
terminal2w.net
terminal2e.net
terminal24.net
erminal23.net
trminal23.net
teminal23.net
terinal23.net
termnal23.net
termial23.net
terminl23.net
termina23.net
terminal3.net
terminal2.net
etrminal23.net
treminal23.net
temrinal23.net
terimnal23.net
termnial23.net
termianl23.net
terminla23.net
termina2l3.net
terminal32.net
tterminal23.net
teerminal23.net
terrminal23.net
termminal23.net
termiinal23.net
terminnal23.net
terminaal23.net
terminall23.net
terminal223.net
terminal233.net

Location

IP: 173.28.34.75

continent: NA, country: United States (USA), city: Davenport

Website value

rank in the traffic statistics:

There is not enough data to estimate website value.

Basic information

website build using CSS

code weight: 144.55 KB

text per all code ratio: 0 %

title: terminal23

description:

keywords:

encoding: utf-8

language: en

Website code analysis

one word phrases repeated minimum three times

two word phrases repeated minimum three times

three word phrases repeated minimum three times

B tags

1. Avoid password re-use for admins.

2. Run something that detects new hardware on your network.

3. Monitor your internal network to detect weird behavior and unexpected requests.

4. Monitor external DNS to detect new website/hostname exposed on Internet by your company.

5. Let your System/Network Admins use their magic.

6. Win small fights - one at a time

7. Save the money to hire people with skills instead of getting magic boxes that do little or nothing.

8. Use open source.

9. Go to real hacking conferences.

10. As a CSO, you MUST be involved with all “critical” projects.

11. Rub shoulders with those in the trenches.

12. It takes time.

13. Find a blend of talented people for various roles.

14. Dedicate time to your security technologies.

job.

The first step of a PCI DSS assessment is to accurately determine the scope of the review. At least annually and prior to the annual assessment, the assessed entity should confirm

verify that no cardholder data exists outside of the currently defined cardholder data environment (CDE)

PANBuster

Spider from Cornell

It can also scan UNC paths, including admin shares with the proper permissions.

SENF

CardRecon

IdentityFinder

DLP solutions

Forensics tools like EnCase

Either you're happy or you're not. If you're not happy, change things to attain that happy state. If you're unable or unwilling to make those changes, then you *must* change your viewpoint such that you become happy.

"That's not your problem."

The reaction to DigiNotar is not scalable.

1. Who are you using for trust?

2. Where are the certificates?

3. Be ready to replace certificates in response to a problem.

...But if you want to quickly learn a key lesson, check out these highlights from the investigation report – thanks to Ira Victor and the SANS forensics blog. No logging. Flat network. Unpatched Internet-facing systems. Total security fundamentals FAIL.

other security companies have been breached in recent years and failed to disclose.

StarCraft II

.: about

.: news

.: blogs/personal

.: learn-general

.: learn-web apps

.: vulns/exploits/tools

.: audio/podcasts

.: video

.: livecd

.: zines

.: forums

.: tools/apps

.: resources

.: dashboards

.: virus info

.: malware checkers

.: papers/guides

.: cons/training

.: archives

U tags

I tags

If anyone has any suggestions on this topic, please comment or tweet or email me!

images

file namealternative text
noc14.jpg

headers

H1

H2

H3

H4

H5

H6

internal links

addressanchor text
noc14.jpg
how a cso can make life harder for an attacker
/general
comments
(0)
the passing on of steve jobs
/general
comments
(0)
the vendor beating and lessons in operations mgmt
/general
comments
(0)
graham on ways to do real damage to the nyse
/general
comments
(0)
htc phones log information and don't secure it
/general
comments
(0)
pci 2.0: scan your whole network for cardholder data
/general
comments
(1)
happiness in slavery...I mean, security
/general
comments
(0)
lock picking video series
/general
searchsecurity article on cissp growth vs security value
/general
comments
(0)
physical/wireless incidents won't happen to us!
/
resources for analyzing malicious pdfs
/general
quick look at sept 2011 microsoft security patches
/general
for the technically proficient, an article on laptop security
/general
comments
(1)
diginotar response, plus ca bcp/dr planning
/general
security elephants aren't endangered
Richard Bejtlich
/general
hardening guide to drupal 7.7
/general
thought: replace diginotar with network solutions or verisign
/general
tinfoil hats and web of trust chatting
/general
procrastinating cpe earnings? more like just not reporting them
/general
jayson street's defcon 19 talk
/general
site
author
wiki
img
/
/general
/terminal23
/tools
/web
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
January 2006
August 2005
April 2005
March 2005
February 2005
December 2004
November 2004
October 2004
September 2004
August 2004

external links

addressanchor text
14 things a CSO (read: IT security) can do to make an attacker's life harder.
Securosis
vendor beating and some hard lessons in IT.
Anonymous threats against the NYSE.
detailed an issue with recent HTC phones
subsequent response
PANBuster
Spider from Cornell
SENF
CardRecon
IdentityFinder
optimism in security
Securosis mention it
24-part lock picking series
@Mckeay
problem between CISSP value and security industry growth
infosecnews
cyber-thieves who would break into business wireless networks or even physical buildings
this analysis walkthru
isc.sans.org
eeye
MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege (2571621)
MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution (2570947)
MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)
MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)
DigiNotar fraudulent root certificate revocations
Securosis
detailed article on laptop security
Cyber Jungle podcast
Incite at Securosis
reviews at Infosec Events
highlights from the investigation report
hardening guide for Drupal 7.7
found elsewhere
"Steal Everything, Kill Everyone, Cause Total Financial Ruin"
twitter
astalavista
darkreading
infosecnews
linux exposed
net-security
net sec
rootprompt
rootsecure
searchsecurity
searchwin
security-database
wifinetnews
wirelessdefence
zone-h
1-manitdept
adminspotting
adnan's blog
aldeid
andrew hay
andy itguy
anti-virus rants
anton chuvakin
artofinfosec
arved
attack vector
b10[m
g]
branden williams
carnal0wnage
ccckc
cdc
cipherdyne
clearnetsec
cmd line kung fu
computerdefense
cqure
dan morrill
darknet
darkoperator
dave dittrich
david piscitello
/dev/null
didier stevens
digital voice
dino dai zovi
dissectingthehack
dominic white
douglas schweitzer
ed smiley
errata security
f-secure
geek00l
geekybits
gnucitizen
greebo
ha.ckers.org
i-hacked
hackreport
hackosis
headhacker
honeyblog
honeynets
hype-free
infonomicon
infosecleaders
infosec potpourri
infosecplace
infosecramblings
infosuck
innismir
internet storm center
the interw3bs
ismellpackets
jay jacobs
jeremiah grossman
joatblog
joelonsoftware
kinqpinz
krebs on security
layer8
lazyadmin
lazy genius
lifehacker
locutus
mark curphey
matasano chargen
matthew neely
mcwresearch
metasploit
book
modsecurity
moxie marlinspike
msrc
nate lawson
ncircle
nettwerked
network security
newschoolsecurity
notsosecure
n0where
offensivecomputing
ogenstad
operation n
osvdb
packetlife
pci answers
penetrationtests
philosecurity
portswigger
practicalexploitation
prosectesters
rarmknecht
rational survivability
ravichar
rebecca herold
riosec
riskanalysis
room362
rootkit
secmaniac
sectechno
secure thoughts
securityaegis
securitythoughts
securiteam blog
securitybraindump
security4all
securityhacks
securityincite
security mentor
security monkey
security-shell
securitywizardry
securosis
shmoo group
siemninja
simple nomad
skullsecurity
social-engineer
spoofed.org
starmind.org
steve goodbarn
sysadmin1138
tacticalwebappsec
tao security
techbuddha
thespanner
tom eston
topheavysecurity
tssci security
2blocksaway
unleash networks
un-excogitate
veracode
vulnerable minds
windowsir
wirelessve
write-quit
another list (el)
corewars
cyberarmy
darklevel
de-ice
ethicalhacker
forensics challenges
ha.ckers.org list
hackerslab
hackthissite
honeynet challenges
honeynet scans
malware quizzes
metasploitable
moth
overthewire
packet captures
packetlife lab
pentest mindmap
python challenge
reversing lessons
smash the stack
acunetix-asp (live)
acunetix-aspnet (live)
acunetix-php (live)
badstore
butterfly (php)
cenzic (live)
damn vuln webapp
enigmagroup
gruyere
hacmebank
hacmebank updated
hacmecasino
hacmeshipping
hacmetravel
mutillidae
owasp insecureapp
owasp sitegenerator
owasp vicnum
owasp webgoat
pctechtips (live)
securibench
securibench-micro
spi dynamics (live)
watchfire (live)
webgoat
webmaven
x5s
auscert
bugtraq
cert
cvedetails
eeye 0day tracker
itsecdb/oval
knowledgecave
mcafee
milw0rm
nvd
offsec exploits
osvdb
pentests videos
securiteam
securitytracker
secwatch
us cert
vigil@nce
vupen
websense
wiretapped
binary revolution
blue box voip
the cyber jungle
cyberspeak
forensic4cast
eurotr@sh
exoticliability
getmon
hackermedia
hackerpublicradio
hacker voice
lets talk computers
hacker voice
netsecpodcast
off the hook
off the wall
OWASP
pauldotcom
risky-business
runyourownserver
SANS audiocasts
securabit
securityinfowatch
security justice
silver bullet security
social-engineer.org
southern fried sec
sploitcast
carnal0wnage
dojosec
hack tv
hak5
irongeek
isc2 webinars
learnsecurityonline
milw0rm videos
practicalexploitation
revision3
sans webinars
security-freak
securitytube
techcentric
the academy.ca
windows scripting
backbox
backtrack
deft
easyids (distro)
hex
honeywall
insta-snorby (distro)
katana
netsec toolkit (nst)
owasp
pentoo
samuraiwtf
securityonion
siem-live
smooth-sec (distro)
trinity rescue kit
ubcd4win
vipervast (voip)
(in)secure
itaudit
phrack
securityjournal
uninformed
usenix
antionline
daniweb
h4cky0u
hacking-passion
hackinthebox
hak5
infosyssec
ism community
remote-exploit
securitycatalyst
taz forums
undergroundnews
waraxe
backtrack wiki
dirk loss
forensics - harbour
forensics toolkit
foundstone tools
mandiant tools
nirsoft
opensource windows
owasp flash project
owasp phx tools
packetstorm
pcap apps
russix
securityfocus tools
securityforest
staticrez tools
top 15 hack tools
top 50 tools 2003
top 50 tools asta
top 100 tools 2006
top freeware apps
top portable apps
usb goodies on hak5
voip tacvoip tools
voip tools
web security tools
wikistc
anon web browsing
anon web proxies
anon web proxies
ascii converters
o
o
auditmypc
base64 to binary
clez tools
csrc
data breaches
decode vigenere
default passwords
o
dnsstuff
o
o
e-proxy
exploit search
firewall test
hashcrack
ip-to-country lookup
iso 17799 portal
jsunpack
linux security sheet
mac assignments
mailinator
mail relay test
md5 and sha1 lookup
md5 hashes
o
o
o
nist standards
nmap-online
nmap tweaker
nocs list
nslookup
nsa standards
numbr
online net/file scan
owasp testing guide
packetfocus
password lists
penetration testing
pentesting-bookmarks
ports list
o
o
o
ports lookup
rainbow gen
rainbow online
o
reverse ip tool
robtex dns tool
seclists
securitydistro
securityfriday
serversniff
shodan (search)
sql-i cheatsheet
ssl check
o
o
startup list
unix toolbox
vs-db (vulnerable sites)
wardriving
wigle
wireless corner
wireless gear
o
wireless links
wordlist makers
o
wordlists
o
o
o
o
o
xss cheatsheet
xssed
atlas
cyberdefender
dshield
f-secure
internet pulse
internet weather
mynightwatchman
phishing monitor
security-database
senderbase
shadowserver
talisker radar
threat level
world virus map
ca
f-secure
mcafee
messagelabs
symantec
trend
virus.org
viruslist
anubis (file/url)
google diags (url)
linkscanner (url)
nortonsafeweb (url rep)
onlinelinkscan (url)
siteadvisor (url)
stopbadware (url)
trustedsource (url rep)
virustotal (file)
wepawet (file/url)
giac papers
howto forge
infosecwriters
jay beale papers
nmap
open reverse engi
orkspace
secmanager papers
techtutorials
blackhat
media
cccure
cissp training
defcon
guide to infosec certs
imiti
issa-ps
learnsecurityonline
metasploit unleased
nanog
offensive security
opst
sans
securitybriefings
schmoocon
sensepost
simulation exams