Toggle navigation
Toggle navigation
Home
DCUM Forums
Nanny Forums
Events
About DCUM
Advertising
Search
Recent Topics
Hottest Topics
FAQs and Guidelines
Privacy Policy
Your current identity is: Anonymous
Login
Preview
Subject:
Forum Index
»
Political Discussion
Reply to "OK... you wanted a Russia investigation, so DNC, start to cooperate"
Subject:
Emoticons
More smilies
Text Color:
Default
Dark Red
Red
Orange
Brown
Yellow
Green
Olive
Cyan
Blue
Dark Blue
Violet
White
Black
Font:
Very Small
Small
Normal
Big
Giant
Close Marks
[quote=jsteele][quote=Anonymous]"The current configuration of firewalls and IDSs is of no concern. " They sure are, because you find out how they get extracted information out of the network. [/quote] You are simply embarrassing yourself with your nonsensical gibberish. Do you think anything you are saying makes sense? What would today's configuration of a firewall tell you about something that happened a year ago? Don't you think things have changed since then? [quote=Anonymous] "At any rate, normal procedure is to keep backups of configurations." We're not talking about normal configurations obviously. That's done by competent people, not incompetent morons at the DNC. [/quote] Do you have evidence to support your allegation that the DNC did not follow such procedures and was not able to provide relevant configuration files to the FBI? Can you point to a single documented statement by the FBI that such data was not provided? You are just throwing mud based on your imagination because you have no facts to support your argument. [quote=Anonymous] "What matters is the configuration at the time of the intrusion. Even those configurations are not actually that important since they can be deduced from the traffic logs" No, definitely not. The time of the intrusion? The intrusion can go on for years once it begins and one of the first things that happens are logs get overwritten. Tell me how great your logs are when your whole network isn't time synced. Tell me how great your logs are when you get hit by a zero day. Again, we're talking nation-state according to you. [/quote] If the logs are incomplete, there is nothing in the current configuration that will fill the holes. You repeatedly display your lack of understanding of how things actually work. You combine imaginative scenarios that are completely unsupported by evidence with unrelated allegations that you think make sense, but really don't. Investigators know when the exploit started and when it ended. No mystery there. The DNC wasn't hit by a "zero day" and merely being hit by a "zero day" doesn't mean anything by itself about log files. What makes you think a "zero day" will always -- or even frequently -- affect your logs? It's nice that you learned a new term that you think makes you sound smart, now learn what that term actually means. [quote=Anonymous] "That can be easily determined from the traffic log. Have you actually ever administered a firewall? " No actually it can't. Tell me from your log files what ports were open and closed on the firewalls at the time of the incident(s), who logged in via an encrypted tunnel if they previously disabled logging on the FW, what the running configuration is, and if the firmware is genuine or the MD5 hashes of the firmware are actually valid? [/quote] Again, your repeated combination of imagination and unrelated allegations. If there are logs, then obviously logging has not been turned off. If traffic appears as being allowed in the logs, obviously that port was opened. Similarly, if traffic was blocked, obviously that port was closed. You don't need a year-old configuration to understand that. VPN logins, if there were any, would be similarly logged. What is amazing is your inability to understand that none of that information could be provided by today's running configuration on the device. How are you going to tell who logged in on a VPN a year ago by looking at the device today? Clearly you have no direct experience administering firewalls. At some point you really need to recognize that you are out of your depth. Better luck next time. [quote=Anonymous] "Wrong. I worked as a network security engineer in a government facility for several years during which time I conducted multiple investigations of network intrusions (even one originating from Russia)." - Glad I didn't hire you. [/quote] I'm glad too. There is nothing worse than working for a know-it-all boss who actually knows nothing. [quote=Anonymous] Advanced Persistent Threats can be in networks for years, especially when it involves nation-states, and it's obvious you don't have a clue WTF you're talking about. But yes, you have it all solved. So who done it, govvy CISSP hack-boy?[/quote] Oh, look, you learned another new term. Do you even know what "Advanced Persistent Threat" means? Yes, lots of things could happen. Many of those things would be interesting for you to include in a fictional cyber warfare thriller. Your skillset appears quite suitable for such an undertaking. But, you would never make it as a network security engineer. The folks who -- unlike you -- have actually had their hands on the data say that the Russians did it. Your uninformed, if imaginative, objections do nothing to disprove their theories. [/quote]
Options
Disable HTML in this message
Disable BB Code in this message
Disable smilies in this message
Review message
Search
Recent Topics
Hottest Topics
