Securing Linux

  • Katushai
  • Graduate
  • Graduate
  • User avatar
  • Posts: 152

Post 3+ Months Ago

hey, ive been playing around with iptables and stuff like that, and i was wondering if anybody has information on hacking linux...id like to read it so i can better secure my system. Ive looked a little bit on google, but not too much...can somebody at least explain how it works?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • WNxGratefulJed
  • Beginner
  • Beginner
  • WNxGratefulJed
  • Posts: 52
  • Loc: Trailerparkansas

Post 3+ Months Ago

I dont know much but I do know that there are some combinations TCP flags that you dont want to allow such as syn, syn, reset which when done in large numbers can cause a DOS on your system which was used in the famous Mitnick attack. The attack fooled the Intrusion Detection System because 2 syns are common when establishing a connection and to make sure that there were only 2 syns per connection attempt Mitnick put a reset flag in there which breaks his own connection then he sent the syn, syn again followed by another reset and kept repeating the process and eventually causing a DOS and he didnt stop there.... He eventually managed to hijack the session between the server and another host by predicting the sequence numbers...Read up on it cause it is a very ingenious hacking...just google Mitnick attack.

Basically just get to know TCP/IP really really REALLY well because there are little flaws in there and when you know about them you can really protect your system....or bring one down :D

Another tool you can work with is Snort which can protect you from crafted/fake packets designed to cause malicious activities on either you or someone elses machines.

In case your wondering I have an A. A. S. in this stuff but no real life experience (just graduated last month) so Im a little rusty. Hopefully by posting on this type of stuff and discussing it, it will keep my knowledge sharp.
  • Katushai
  • Graduate
  • Graduate
  • User avatar
  • Posts: 152

Post 3+ Months Ago

thanks very much, now i shall hack you. 1 pwn you. lol jk, but seriously, thanks
  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

It should be noted that Kevin's attack was two-fold, and he used the SYN flooding(which is what it was called) to permit his real exploitation, the TCP hijacking.
It should also be noted that it does not have to be Linux; the TCP stack was the risk factor for that particular piece. The whole thing exploited a trust relationship between two systems, and sadly, this venerable attack mechanism can still be executed on several TCP stacks. It's also nearly impossible to detect within the confines of a single tool. (Snort, will not do it in its entirety).

Thankfully, admins though have learned a lot, most importantly not to use certain certain exploitable code which is based in trust relationships; rlogin, rsh, etc.

To catch this sort of attack, your environment needs to be monitored from many vantage points. Network-based and host-based using correlative techniques. Also things can be done on the individual systems to reduce threat potential and mitigate risk of services that are required, such as tcp wrappers and tripwire.
  • WNxGratefulJed
  • Beginner
  • Beginner
  • WNxGratefulJed
  • Posts: 52
  • Loc: Trailerparkansas

Post 3+ Months Ago

Look up these other attacks...the more you know about them the better you can protect yourself.

Tear Drop Attack - packet fragments are crafted to over lap (i forget what it causes when this happens)

Smurf Attack - Its kinda like a reverse DOS because you send a fake packet with the address of the victim instead of yours to ping the broadcast address of a large network. ALL the machines on the network respond back to the victims address eventually causing a DOS.

half open connections - during the syn/syn, ack/ack TCP connection establishment the hacker does not send back an ack flag after the other end of the connection sends the syn and ack flags. This eventually causes the victim machine's memory buffer to overflow allowing for many different exploits such as the Mitnick attack.

Just keep reading reading reading because in the world of security knowledge is power. If a hacker knows an exploit and you dont know how to prevent it then the hacker wins simply because he is more knowledgable about how whatever it is he is trying to attack works. If you know how something works then you should be able to find its exploits and set up defences for them.

Post Information

  • Total Posts in this topic: 5 posts
  • Users browsing this forum: No registered users and 55 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.