(horriblydated) Unix and Network Security Resources
"Yes, there are "good" hackers, just like the Good Witch in
Oz... but in the real world, they develop and share tools 'n skills
-- they don't burgle systems. Trespass and vandalism are still
trespass and vandalism." -- gailt
I've been interested in the concept of "computer security" for a while --
although my attitudes have changed over the past decade.
I've found that it's just as much fun to repel talented intruders
hunting that elusive uid zero as it
is to be one :-)
Good security tools
- Nessus, a module-based, open-source
security scanner. A very complete tool, but what makes it truly
krad is the NASL
programming language that facilitates the creation of new modules.
- hping. a ping-like
tool that allows you to construct arbitrary packets, send them to
a host, and print the reply. hping can be used as a scanning tool
like nmap (below), but it brings the user a little closer to the wire
network-level grep'er. Instant password sniffer.
ngrep -iq 'user|pass' tcp). Yeek.
- xinetd - a nice replacement for
the aging inetd. Built-in access control, rate limiting, and other goodies.
A lightweight network intrusion detection system (NIDS), snort gives
you, the harried sysadmin, visibility into what kind of krad
hack attempts being targeted at your network.
- Nomad Mobile Research Center.
Home of nifty stuff like
- Immunix, home to
StackGuard, a gcc hack that makes buffer overflows far less
trivial to exploit.
Foil wiretappers -- federal and criminal alike!
- Whatcha gonna do when they come for you?
bad hacker, bad hacker..
- Wietse Venema's
Home of the tcpwrapper package, a program designed to enable
user@host -based access to various TCP and RPC services.
- pidentd -- aka the "identification daemon". Answers the
"who is talking to me?" requests sent by programs such as tcpwrapper.
Be a good net.neighbor and install it today.
Unfortunately, sometimes identd can
give away some information. (but this
sort of activity is easy to detect.)
- ssh - the Secure Shell remote
login package. Drop-in replacement for rsh/rcp/rlogin which encrypts
network sessions, and inhibits IP and DNS spoofing.
- tcpdump - log
packets as they fly across the local network. Essential tool in
constructing network analysis & intrusion detection engines.
- Casper Dik's Solaris tools
-- some useful programs such as fixmodes (fixes broked solaris 2 file/directory
modes) and mountd (slightly more secure NFS mount daemon), among others.
- Crack 5.0.
Alec Muffett's phenomenal password cracker.
- Leendert van Doorn
is the author of some nifty NFS tools -
which does a nice & simple security audit of a NFS server, and
a handy little tool to show how dangerous NFS can be. Nail down
your portmappers! Restrict your mount daemons! sigh..
All you ever wanted in a portscanner -- connect() scanning, rpc scanning,
half-open/stealth scanning, ICMP probing, all in a nice little package.
- While not a security tool per se,
NetCat (aka 'nc') tool
is quite handy for manipulating sockets in the shell
(local copy, since avian.org seems to be
Some useful computer security links & papers
- Basic Steps in Forensic Analysis of Unix Systems. Been hacked and want to know
what's happened? Start here.
- Runtime kernel kmem patching. urp.
- COAST's Projects
UNIX tools archive.
- CMU's Computer Emergency Response Team.
Founded after the release of the Internet Worm (1988), CERT attempts
to distribute warnings about computer security problems. Yes, their warnings
are often months to years out of date, but the fact that they exist is
at least a start.
- You're in trouble now - Dan Farmer's
site; interesting paper on the state of Internet security.
- If you're a UNIX or TCP/IP network administrator and you haven't
Dan Farmer's and
Improving the Security of your Site by Breaking Into it, then you really, really should. This is an ancient paper, but
still remarkably topical..
- Insertion, Evasion, and
Denial of Service: Eluding Network Intrusion Detection, or why
developing successful IDS can be a real pain in the ass. Don't count your SYNs
before they're ACK'd ...
- Phrack Magazine -- the longest
running hack/phreak journal around.
- Secure Networks, Inc.
Makers of the Ballista
auditing tool (light years ahead of its nearest competition,
ISS). They've since sold out
to fear-mongering motherfuckers.
(ahem. Well, those commercials *are* pretty tabloid.)
- distributed.net --
got a key to crack? Why not use the idle time of a few million computers?
Just think if this was applied to something really "secret"..
- Default Password
- Thank you for using Kevin Mitnick
I have a fantasy. In my fantasy, John Markoff bursts into
a room where Tsutomu Shimomura sits as solemn as a zen master,
peering impassively at a computer screen while he types a Perl script.
"Tsutomu, I have good news and bad news!" Markoff exclaims.
"The good news is, we sold the book rights for three-quarters of a
million. The bad news is, I haven't got a clue what Mitnick was
doing for the past two years. What the hell are we going to write about?"
Shimomura doesn't even bother to look up. He gives a barely perceptible
shrug and says, "Me, of course."
- -- The Mad-Scientist Myth figure from the
Kevin Mitnick Shack
newly-script-gifted "security expert" who,
because they can
run a program
that gets them root on your systems,
suddenly become all-powerful and all-knowing. There are many frauds
and charlatans in the computer security community -- and I'm
not referring to reformed or "grey-hat" hackers; I'm referring to
those people who have either the audacity or delusions of granduer
and the media
that they are "computer security experts."
If you are talking to someone who claims to be a computer
security expert, or who claims to know "alot" about computer
security, ask them to prove it. If they're waving around
some exploit script they dug up, ask them to explain to you
how the program works, and how it can be fixed. (Granted, if
you're not a technical person, you won't be able to distinguish
fact from fiction. If this is the case, find someone who can.)
Ask them what they have contributed to the computer security community --
underground or aboveground. Ask for references. Ask for papers.
Ask for URL's. Do a web or
If they've been around for any
length of time, you should be able to find something.
Think about it: is an "expert" someone who is well-versed in a field of study,
or are they someone who knows something that you don't?
Return to jwa's home page
$Id: index.html,v 1.2 2001/05/01 08:17:18 jwa Exp $