Red Hat NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE Guida di Installazione Pagina 61
- Pagina / 82
- Indice
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
really try very hard. Just scan, look, try, move on if unsuccessful. There is always more IPs to be scanned. If
your firewall is effectively bouncing this kind of thing, it is no threat to you at all. Take comfort in that, and
don't over re−act.
It is worth noting, that these worms cannot "force" their way in. They need an open and accessible port, and a
known vulnerability. If you remember the "Iptables Weekly Log Summary" in the opening section above,
many of those may have all been the result of this type of scan. If you've followed the steps in this HOWTO,
you should be reasonably safe here. This one is easy enough to deflect.
8.4.4. Script Kiddies
A "script kiddie" is a "cracker" wanna be who doesn't know enough to come up with his/her own exploits, but
instead relies on "scripts" and exploits that have been developed by others. Like "worms", they are looking
for easy victims, and may similarly scan large address ranges looking for specific ports with known
vulnerabilities. Often, the actual scanning is done from already comprised systems so that it is difficult to
trace it back to them.
The script kiddie has a bag of ready made tricks at his disposal, including an arsenal of "rootkits" for various
Operating Systems. Finding susceptible victims is not so hard, given enough time and address space to probe.
The motives are a mixed bag as well. Simple mischief, defacement of web sites, stolen credit card numbers,
and the latest craze, "Denial of Service" attacks (see below). They collect zombies like trophies and use them
to carry out whatever their objective is.
Again, the key here is that they are following a "script", and looking for easy prey. Like the worm threat
above, a functional firewall and a few very basic precautions, should be sufficient to deflect any threat here.
By now, you should be relatively safe from this nuisance.
8.4.5. Spoofed IPs
How easy is it to spoof an IP address? With the right tools, very easy. How much of a threat is this? Not
much, for most of us, and is over−hyped as a threat.
Because of the way TCP/IP works, each packet must carry both the source and destination IP addresses. Any
return traffic is based on this information. So a spoofed IP can never return any useful information to an
attacker who is sending out spoofed packets. The traffic would go back to wherever that spoofed IP address
was pointed. The attacker gets nothing back at all.
This does have potential for "DoS" attacks (see below) where learning something about the targeted system is
not important. And may be used for some general mischief making as well.
8.4.6. Targeted Attacks
The worm and wide ranging address type scans, are impersonal. They are just looking for any vulnerable
system. It makes no difference whether it is a top secret government facility, or your mother's Window's box.
But there are "black hats" that will spend a great deal of effort to get into a system or network. We'll call
these "targeted" attacks since there has been a deliberate decision made to break in to a specific system or
Security Quick−Start HOWTO for Red Hat Linux
8.4.4. Script Kiddies 58
- Hal Burgiss 1
- Table of Contents 2
- 1. Introduction 4
- 1.2. Notes 5
- 1.3. Copyright 5
- 1.4. Credits 6
- 1.5. Disclaimer 6
- 1.7. Feedback 7
- 2. Foreword 8
- 2.2. Before We Start 9
- 3.1. System Audit 10
- 3.3. Stopping Services 12
- 3.3.1. Stopping Init Services 13
- 3.3.2. Inetd 14
- 3.3.2. Inetd 12 15
- 3.3.3. Xinetd 16
- 3.3.4. When All Else Fails 17
- 3.4. Exceptions 18
- 4. Step 2: Updating 20
- 4. Step 2: Updating 18 21
- 5.1. Strategy 22
- 5.2.1. ipchains 23
- 5.2.1. ipchains 21 24
- 5.2.2. iptables 26
- 5.2.2. iptables 24 27
- 5.3. Tcpwrappers (libwrap) 29
- 5.3.1. xinetd 31
- 5.4. PortSentry 32
- 5.5. Proxies 32
- 5.6. Individual Applications 33
- 5.7. Verifying 35
- 5.8. Logging 36
- 5.9. Where to Start 37
- 6. Intrusion Detection 39
- # chattr +i /bin/ps 40
- −−−i−−−−−−−−−− /bin/ps 40
- # chattr −i /bin/ps 40
- 7. General Tips 43
- # must exist 44
- root: hal@bigcat 44
- 8. Appendix 46
- 8.2. Common Ports 48
- 8.3. Netstat Tutorial 51
- 8.4. Attacks and Threats 59
- 8.4.2. Rootkits 60
- 8.4.3. Worms and Zombies 60
- 8.4.4. Script Kiddies 61
- 8.4.5. Spoofed IPs 61
- 8.4.6. Targeted Attacks 61
- 8.4.8. Brute Force 62
- 8.5. Links 63
- 8.6. Editing Text Files 65
- 8.7. nmap 68
- 8.8. Sysctl Options 71
- 8.8. Sysctl Options 69 72
- 8.9. Secure Alternatives 73
- 8.9. Secure Alternatives 71 74
- 8.9. Secure Alternatives 72 75
- 8.9. Secure Alternatives 73 76
- 8.10.2. iptables II 77
- 8.10.2. iptables II 75 78
- 8.10.2. iptables II 76 79
- 8.10.2. iptables II 77 80
- 8.10.3. Summary 81
- 8.10.4. iptables mini−me 82
© 2020, manymanuals.it. Tutti i diritti riservati | 0.049 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale