Reply With QuoteI read this as well. I ended up e-mailing the writer about how a switched network is actually not effective in preventing packet sniffing. He said he might change the article or remember that to use in other articles.
It's a worthwhile read!
I posted this to the news page, but I thought I would also post it here.
Quote:
A rootkit is a collection of tools an intruder brings along to a victim computer after gaining initial access. A rootkit generally contains network sniffers, log-cleaning scripts, and trojaned replacements of core system utilities such as ps, netstat, ifconfig, and killall. Although the intruders still need to break into a victim system before they can install their rootkits, the ease-of-use and the amount of destruction they cause make rootkits a big threat for system administrators.
Looks like it might be an interesting series.
Jim H
http://linux.oreillynet.com/pub/a/li...kit.html<br />
I read this as well. I ended up e-mailing the writer about how a switched network is actually not effective in preventing packet sniffing. He said he might change the article or remember that to use in other articles.
It's a worthwhile read!
Just a security guru now aren't we?I read this as well. I ended up e-mailing the writer about how a switched network is actually not effective in preventing packet sniffing. He said he might change the article or remember that to use in other articles.
It's a worthwhile read!
Aragorn
If you give a man a fire he'll be warm, if you light the man on fire he'll be warm for life.
I wish!
I seem to pick up some fancy tidbits here and there that others aren't aware of, but I'm still a newbie!
What kind of "fancy tidbits" have you picked up? ???I wish!
I seem to pick up some fancy tidbits here and there that others aren't aware of, but I'm still a newbie!
Jim H
Most of them probably aren't so fancy to someone that's been using linux for a long time or been doing security for any length of time.
Sniffing switched network seems to be something that a lot of people don't understand, nor think is possible. It involveds arp spoofing and arp cache poisoning essentially. I can explain it if anyone wants.
There is a little trick, my friend and I figured out, with netcat that can be used along with rootkits that is quite interesting. Essentially it allows you to install one tool (netcat ) on an infected computer and accomplish a connection back to your computer that doesn't require a daemon running like telnet or ssh, because you pipe a listening netcat command through a netcat connect command, that connects to a listening netcat on the attacker box. If that makes sense... I've never tested it against logging to see the results, but I plan to do it here in the next couple of days. Once I test it completely I'll explain more about it.
I'm sure you know about rooting a system if you have access to rebooting it?
I've fiddled with quite a few SetUID problems, that involved some nifty tricks, like trojaning the programs and race conditions and such.
I've written my own shellcodes/eggs for bufferoverflows before, they helped me understand some interesting concepts that some people don't understand. Sadly I forgot to back them up, so I'm going to try and get back into it as soon as I finish up my LFS box.
Most of the stuff I've done I suppose isn't fancy to someone that does security regularly, but a lot of people I meet that use linux and aren't so interested in the security side are surprised with some stuff. I tried to think of some more actual "neat" things I know, but they often just come to mind as I'm doing other stuff.
It's possible to sniff on many switched LANs (ARP Poisoning, etc.). I found this article to be of use a while back and thought I would post it here, too
http://www.sans.org/newlook/resource...ed_network.htm
Posting Permissions
Bookmarks