Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 60
- Pagina / 82
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
even kernel version, and thus get even more information. "Worms", on the other hand, are automated and
scan blindly, generally just looking for open ports, and then a susceptible victim. They are not trying to
"learn" anything, the way a cracker might.
The distinction between "scan" and "probe"is often blurred. Both can used in good ways, or in bad ways,
depending on who is doing it, and why. You might ask a friend to scan you, for instance, to see how well
your firewall is working. This is a legitimate use of scanning tools such as nmap. But what if someone you
don't know does this? What is their intent? If it's your ISP, they may be trying to enforce their Terms of
Service Agreement. Or maybe, it is someone just playing, and seeing who is "out there". But more than likely
it is someone or something with not such good intentions.
Full range port scans (meaning probing of many ports on the same machine) seem to be a not so common
threat for home based networks. But certainly, scanning individual ports across numerous systems is a very,
very common occurrence.
8.4.2. Rootkits
A "rootkit" is the script kiddie's stock in trade. When a successful intrusion takes place, the first thing that is
often done, is to download and install such "rootkits". The rootkit is a set of scripts designed to take control
of the system, and then hide the intrusion. Rootkits are readily available on the web for various Operating
Systems.
A rootkit will typically replace critical system files such as ls, ps, netstat, login and others. Passwords may
be added, hidden daemons started, logs tampered with, and surely one of more backdoors are opened. The
hidden backdoors allow easy access any time the attacker wants back in. And often the vulnerability itself
may even be fixed so that the new "owner" has the system all to himself. The entire process is scripted so it
happens very quickly. The rightful owners of these compromised systems generally have no idea what is
going on, and are victims themselves. A well designed rootkit can be very difficult to detect.
8.4.3. Worms and Zombies
A "worm" is a self replicating exploit. It infects a system, then attempts to spread itself typically via the same
vulnerability. Various "worms" are weaving their way through the entire Internet address space constantly,
spreading themselves as they go.
But somewhere behind the zombie, there is a controller. Someone launched the worm, and they will be
informed after a successful intrusion. It is then up to them how the system will be used.
Many of these are Linux systems, looking for other Linux systems to "infect" via a number of exploits. But
most Operating Systems share in this threat. Once a vulnerable system is found, the actual entry and take over
is quick, and may be difficult to detect after the fact. The first thing an intruder (whether human or "worm")
will do is attempt to cover their tracks. A "rootkit" is downloaded and installed. This trend has been
exacerbated by the growing popularity of cable modems and DSL. The number of full time Internet
connections is growing rapidly, and this makes fertile ground for such exploits since often these aren't as well
secured as larger sites.
While this may sound ominous, a few simple precautions can effectively deter this type of attack. With so
many easy victims out there, why waste much effort breaking into your system? There is no incentive to
Security Quick−Start HOWTO for Red Hat Linux
8.4.2. Rootkits 57
- Hal Burgiss 1
- Table of Contents 2
- 1. Introduction 4
- 1.2. Notes 5
- 1.3. Copyright 5
- 1.4. Credits 6
- 1.5. Disclaimer 6
- 1.7. Feedback 7
- 2. Foreword 8
- 2.2. Before We Start 9
- 3.1. System Audit 10
- 3.3. Stopping Services 12
- 3.3.1. Stopping Init Services 13
- 3.3.2. Inetd 14
- 3.3.2. Inetd 12 15
- 3.3.3. Xinetd 16
- 3.3.4. When All Else Fails 17
- 3.4. Exceptions 18
- 4. Step 2: Updating 20
- 4. Step 2: Updating 18 21
- 5.1. Strategy 22
- 5.2.1. ipchains 23
- 5.2.1. ipchains 21 24
- 5.2.2. iptables 26
- 5.2.2. iptables 24 27
- 5.3. Tcpwrappers (libwrap) 29
- 5.3.1. xinetd 31
- 5.4. PortSentry 32
- 5.5. Proxies 32
- 5.6. Individual Applications 33
- 5.7. Verifying 35
- 5.8. Logging 36
- 5.9. Where to Start 37
- 6. Intrusion Detection 39
- # chattr +i /bin/ps 40
- −−−i−−−−−−−−−− /bin/ps 40
- # chattr −i /bin/ps 40
- 7. General Tips 43
- # must exist 44
- root: hal@bigcat 44
- 8. Appendix 46
- 8.2. Common Ports 48
- 8.3. Netstat Tutorial 51
- 8.4. Attacks and Threats 59
- 8.4.2. Rootkits 60
- 8.4.3. Worms and Zombies 60
- 8.4.4. Script Kiddies 61
- 8.4.5. Spoofed IPs 61
- 8.4.6. Targeted Attacks 61
- 8.4.8. Brute Force 62
- 8.5. Links 63
- 8.6. Editing Text Files 65
- 8.7. nmap 68
- 8.8. Sysctl Options 71
- 8.8. Sysctl Options 69 72
- 8.9. Secure Alternatives 73
- 8.9. Secure Alternatives 71 74
- 8.9. Secure Alternatives 72 75
- 8.9. Secure Alternatives 73 76
- 8.10.2. iptables II 77
- 8.10.2. iptables II 75 78
- 8.10.2. iptables II 76 79
- 8.10.2. iptables II 77 80
- 8.10.3. Summary 81
- 8.10.4. iptables mini−me 82
© 2020, manymanuals.it. Tutti i diritti riservati | 0.031 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale