Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 59
- Pagina / 82
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
If all else fails, and you can't find a process owner for an open port, suspect that it may be an RPC (Remote
Procedure Call) service of some kind. These use randomly assigned ports without any seeming logic or
consistency, and are typically controlled by the portmap daemon. In some cases, these may not reveal the
process owner to netstat or lsof. Try stopping portmap, and then see if the mystery service goes away. Or
you can use rpcinfo −p localhost to see what RPC services may be running (portmap must be running for
this to work).
If you suspect you have been broken into, do not
trust netstat or ps output. There is a good chance that
they, and other system components, has been tampered
with in such a way that the output is not reliable.
8.4. Attacks and Threats
In this section, we will take a quick look at some of the common threats and techniques that are out there, and
attempt to put them into some perspective.
The corporate world, government agencies and high profile Internet sites have to be concerned with a much
more diverse and challenging set of threats than the typical home desktop user. There are many reasons
someone may want to break in to someone else's computer. It may be just for kicks, or any number of
malicious reasons. They may just want a base from which to attack someone else. This is a very common
motivation.
The most common "attack" for most of us is from already compromised systems. The Internet is littered with
computers that have been broken into, and are now doing their master's bidding blindly, in zombie−like
fashion. They are programmed to scan massively large address ranges, probing each individual IP address as
they go. Looking for one or more open ports, and then probing for known weaknesses if they get the chance.
Very impersonal. Very methodical. And very effective. We are all in the path of such robotic scans. All
because those responsible for these systems fail to do what you are doing now − taking steps to protect their
system(s), and avoid being r00ted.
These scans do not look at login banners that may be presented on connection. It will do little good to change
your /etc/issue.net to pretend that you are running some obscure operating system. If they find
something listening, they will try all of the exploits appropriate to that port, without regard to any indications
your system may give. If it works, they are in −− if not, they will move on.
8.4.1. Port Scans and Probes
First, let's define "scan" and "probe" since these terms come up quite a bit. A "probe" implies testing if a
given port is open or closed, and possibly what might be listening on that port. A "scan" implies either
"probing" multiple ports on one or more systems. Or individual ports on multiple systems. So you might
"scan" all ports on your own system for instance. Or a cracker might "scan" the 216.78.*.* address range to
see who has port 111 open.
Black hats can use scan and probe information to know what services are running on a given system, and then
they might know what exploits to try. They may even be able to tell what Operating System is running, and
Security Quick−Start HOWTO for Red Hat Linux
8.4. Attacks and Threats 56
- Hal Burgiss 1
- Table of Contents 2
- 1. Introduction 4
- 1.2. Notes 5
- 1.3. Copyright 5
- 1.4. Credits 6
- 1.5. Disclaimer 6
- 1.7. Feedback 7
- 2. Foreword 8
- 2.2. Before We Start 9
- 3.1. System Audit 10
- 3.3. Stopping Services 12
- 3.3.1. Stopping Init Services 13
- 3.3.2. Inetd 14
- 3.3.2. Inetd 12 15
- 3.3.3. Xinetd 16
- 3.3.4. When All Else Fails 17
- 3.4. Exceptions 18
- 4. Step 2: Updating 20
- 4. Step 2: Updating 18 21
- 5.1. Strategy 22
- 5.2.1. ipchains 23
- 5.2.1. ipchains 21 24
- 5.2.2. iptables 26
- 5.2.2. iptables 24 27
- 5.3. Tcpwrappers (libwrap) 29
- 5.3.1. xinetd 31
- 5.4. PortSentry 32
- 5.5. Proxies 32
- 5.6. Individual Applications 33
- 5.7. Verifying 35
- 5.8. Logging 36
- 5.9. Where to Start 37
- 6. Intrusion Detection 39
- # chattr +i /bin/ps 40
- −−−i−−−−−−−−−− /bin/ps 40
- # chattr −i /bin/ps 40
- 7. General Tips 43
- # must exist 44
- root: hal@bigcat 44
- 8. Appendix 46
- 8.2. Common Ports 48
- 8.3. Netstat Tutorial 51
- 8.4. Attacks and Threats 59
- 8.4.2. Rootkits 60
- 8.4.3. Worms and Zombies 60
- 8.4.4. Script Kiddies 61
- 8.4.5. Spoofed IPs 61
- 8.4.6. Targeted Attacks 61
- 8.4.8. Brute Force 62
- 8.5. Links 63
- 8.6. Editing Text Files 65
- 8.7. nmap 68
- 8.8. Sysctl Options 71
- 8.8. Sysctl Options 69 72
- 8.9. Secure Alternatives 73
- 8.9. Secure Alternatives 71 74
- 8.9. Secure Alternatives 72 75
- 8.9. Secure Alternatives 73 76
- 8.10.2. iptables II 77
- 8.10.2. iptables II 75 78
- 8.10.2. iptables II 76 79
- 8.10.2. iptables II 77 80
- 8.10.3. Summary 81
- 8.10.4. iptables mini−me 82
© 2020, manymanuals.it. Tutti i diritti riservati | 0.028 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale