[SLUG] System security

From: Derek Glidden (dglidden@illusionary.com)
Date: Tue May 15 2001 - 18:02:10 EDT


While some of the freebie port-scanning stuff you guys have been talking
about on the list lately, like Gibson Research's "Sheilds Up" web-based
scan thing, are kinda cool and do some basic scanning, I feel they
really are mostly there to convince you to buy whatever product the
company is shilling.

For "real" port-scanning like the big boys (or script kiddies anyway :)
try 'nmap':

http://www.insecure.org/nmap/

nmap is not an *exploit* scanner, but it has the ability to tell you
what machines on the network are listening to what.

If you want a high-powered exploit scanner, give 'nessus' a try:

http://www.nessus.org/

nessus actually knows about most of the known exploits that a script
kiddie can actually use to get into your box (assuming your box is
listening in the first place) and scans for them. It also encorporates
some nmap functionality/code, so there's some crossover between the
two. (Ah you gotta love free software.) Once you've scanned with nmap
to make sure you're only running the services you need to be running,
you hit the box with nessus to make sure those few required services
aren't exploitable.

And I think I've mentioned 'snort' before:

http://www.snort.org/

snort is an Intrusion Detection System you run on the box you're worried
might be compromised. It has some pretty extensive rulesets that match
network "fingerprints" of known exploits and can be configured to alert
you if it sees traffic that looks like someone trying to get into your
box.

If I could only pick three tools to help me secure my network, they'd be
nmap, nessus and snort. Network admins who are serious about security
use these tools. (Well, at least the ones who don't believe "you always
get what you pay for" anyway, since these are all free software tools.)

It's always best if you yourself have full control of the tool you're
using to scan your network. Of course, to effectively use nmap or
nessus, you need an offsite system from which to run the scans, which
makes it a little less convenient for people with home DSL connections
just trying to check their security. (If you look around on the
respective sites, I think there are a few people who run publically
accessible, web-front-ended nmap and nessus scanners you can utilize if
you don't have your own server to use.)

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#!/usr/bin/perl -w
$_='while(read+STDIN,$_,2048){$a=29;$b=73;$c=142;$t=255;@t=map
{$_%16or$t^=$c^=($m=(11,10,116,100,11,122,20,100)[$_/16%8])&110;
$t^=(72,@z=(64,72,$a^=12*($_%16-2?0:$m&17)),$b^=$_%64?12:0,@z)
[$_%8]}(16..271);if((@a=unx"C*",$_)[20]&48){$h=5;$_=unxb24,join
"",@b=map{xB8,unxb8,chr($_^$a[--$h+84])}@ARGV;s/...$/1$&/;$d=
unxV,xb25,$_;$e=256|(ord$b[4])<<9|ord$b[3];$d=$d>>8^($f=$t&($d
>>12^$d>>4^$d^$d/8))<<17,$e=$e>>8^($t&($g=($q=$e>>14&7^$e)^$q*
8^$q<<6))<<9,$_=$t[$_]^(($h>>=8)+=$f+(~$g&$t))for@a[128..$#a]}
print+x"C*",@a}';s/x/pack+/g;eval 

usage: qrpff 153 2 8 105 225 < /mnt/dvd/VOB_FILENAME \ | extract_mpeg2 | mpeg2dec -

http://www.eff.org/ http://www.opendvd.org/ http://www.cs.cmu.edu/~dst/DeCSS/Gallery/



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:15:49 EDT