Hackers Beware Eric Cole Publisher: New Riders Publishing First Edition August 13, 2001 ISBN: 0-7357-1009-0, 800 pages A good defense starts with a thorough understanding of your opponent’s offense Hackers Beware teaches you how hackers think, what tools they use, and the techniques they utilize to compromise a machine Eric Cole, a leading expert in information security, shows you not only how to detect these attacks, but what you can to protect yourself against them When it comes to securing your site, knowledge is power This book gives you the knowledge to build a proper defense against attackers Copyright © 2002 by New Riders Publishing FIRST EDITION: August, 2001 All rights reserved No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review Library of Congress Catalog Card Number: 00102952 06 05 04 03 02 Interpretation of the printing code: The rightmost double-digit number is the year of the book’s printing; the right-most single-digit number is the number of the book’s printing For example, the printing code 02-1 shows that the first printing of the book occurred in 2002 Composed in Bembo and MCPdigital by New Riders Publishing Printed in the United States of America Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized New Riders Publishing cannot attest to the accuracy of this information Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark “ Hackers Beware “ New Riders Publishing Warning and Disclaimer This book is designed to provide information about computer security Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied The information is provided on an as-is basis The authors and New Riders Publishing shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it Credits Publisher David Dwyer Associate Publisher Al Valvano Executive Editor Stephanie Wall Managing Editor Kristy Knoop Product Marketing Manager Stephanie Layton Publicity Manager Susan Nixon Acquisitions Editor Jeff Riley Development Editors Katherine Pendergast Joell Smith “ Hackers Beware “ New Riders Publishing Project Editor Sean Monkhouse Copy Editors Kelli Brooks Sarah Cisco Indexer Christine Karpeles Manufacturing Coordinator Jim Conway Book Designer Louisa Klucznik Cover Designer Aren Howell Proofreaders Katherine Shull Mitch Stark Composition Amy Parker Rebecca Harmon I would like to dedicate this book to my wonderful son, Jackson He is a blessing to me and brings joy and happiness to me every day Hackers Beware About the Author About the Technical Reviewers Acknowledgments “ Hackers Beware “ New Riders Publishing Tell Us What You Think Introduction Introduction The Golden Age of Hacking How Bad Is the Problem? What Are Companies Doing? What Should Companies Be Doing? Defense in Depth Purpose of This Book Legal Stuff What’s Covered In This Book Summary How and Why Hackers Do It What Is an Exploit? The Attacker’s Process The Types of Attacks Categories of Exploits Routes Attackers Use to Get In Goals Attackers Try to Achieve Summary Information Gathering Steps for Gathering Information Information Gathering Summary Red Teaming Summary Spoofing Why Spoof? Types of Spoofing Summary Session Hijacking Spoofing versus Hijacking Types of Session Hijacking TCP/IP Concepts Detailed Description of Session Hijacking ACK Storms Programs That Perform Hijacking Dangers Posed by Hijacking Protecting Against Session Hijacking Summary Denial of Service Attacks What Is a Denial of Service Attack? What Is a Distributed Denial of Service Attack? Why Are They Difficult to Protect Against? Types of Denial of Service Attacks Tools for Running DOS Attacks Tools for Running DDOS Attacks Preventing Denial of Service Attacks Preventing Distributed Denial of Service Attacks Summary “ Hackers Beware “ New Riders Publishing Buffer Overflow Attacks What Is a Buffer Overflow? How Do Buffer Overflows Work? Types of Buffer Overflow Attacks Why Are So Many Programs Vulnerable? Sample Buffer Overflow Protecting Our Sample Application Ten Buffer Overflow Attacks Protection Against Buffer Overflow Attacks Summary Password Security Typical Attack The Current State of Passwords History of Passwords Future of Passwords Password Management Password Attacks Summary Microsoft NT Password Crackers Where Are Passwords Stored in NT? How Does NT Encrypt Passwords? All Passwords Can Be Cracked (NT Just Makes It Easier) NT Password-Cracking Programs Comparison Extracting Password Hashes Protecting Against NT Password Crackers Summary 10 UNIX Password Crackers Where Are the Passwords Stored in UNIX? How Does UNIX Encrypt Passwords? UNIX Password-Cracking Programs Comparison Protecting Against UNIX Password Crackers Summary 11 Fundamentals of Microsoft NT Overview of NT Security Availability of Source Code NT Fundamentals Summary 12 Specific Exploits for NT Exploits for NT Summary 13 Fundamentals of UNIX Linux Vulnerable Areas of UNIX UNIX Fundamentals Summary 14 Specific Exploits for UNIX “ Hackers Beware “ New Riders Publishing UNIX Exploits Summary 15 Preserving Access Backdoors and Trojans Rootkits NT Backdoors Summary 16 Covering the Tracks How To Cover One’s Tracks Summary 17 Other Types of Attacks Bind 8.2 NXT Exploit Cookies Exploit SNMP Community Strings Sniffing and Dsniff PGP ADK Exploit Cisco IOS Password Vulnerability Man-in-the-Middle Attack Against Key Exchange HTTP Tunnel Exploit Summary 18 SANS Top 10 The SANS Top 10 Exploits Commonly Probed Ports Determining Vulnerabilities Against the SANS Top 10 Summary 19 Putting It All Together Attack Scenarios Summary 20 Summary Security Cannot Be Ignored General Tips for Protecting a Site Things Will Get Worse Before They Get Better What Does the Future Hold? Conclusion A References Hacker/Security Related URLs Hacker/Security Tools General Security Related Sites “ Hackers Beware “ New Riders Publishing About the Author Eric Cole (CISSP, CCNA, MCSE) is a former Central Intelligence Agency (CIA) employee who today is a highly regarded speaker for the SANS Institute He has a BS and MS in Computer Science from New York Institute of Technology and is finishing up his Ph.D in network security—emphasizing intrusion detection and steganography Eric has extensive experience with all aspects of Information Security, including cryptography, steganography, intrusion detection, NT security, UNIX security, TCP/IP and network security, Internet security, router security, security assessment, penetration testing, firewalls, secure web transactions, electronic commerce, SSL, IPSEC, and information warfare Eric is among SANS’ highest-rated instructors; he has developed several courses and speaks on a variety of topics An adjunct professor at Georgetown University, Eric also has taught at New York Institute of Technology He also created and led Teligent’s corporate security About the Technical Reviewers These reviewers contributed their considerable hands-on expertise to the entire development process for Hackers Beware As the book was being written, these dedicated professionals reviewed all the material for technical content, organization, and flow Their feedback was critical to ensuring that Hackers Beware fits our reader’s need for the highest quality technical information Scott Orr has been involved with the networking efforts of the Purdue School of Engineering and Technology at Indiana University-Purdue University at Indianapolis from the very beginning Starting out as a 20-node Novell network, it expanded to include more the 400 Microsoft-and UNIX-based workstations within several years Since then, he moved over to the computer science department where he manages all student and research lab PC and UNIX clusters In addition, he teaches an undergraduate course and conducts research in the areas of system administration, networking, and computer security Scott has also made numerous presentations to local industry on the deployment of Internet security measures and has assisted several large corporations with the configuration and testing of their firewalls Larry Paccone is a Senior National/Systems Security Analyst at Litton/TASC As both a technical lead and project manager, he has worked in the Internet and network/systems security arena for more than seven years He has been the technical lead for several network security projects supporting a government network/systems security research and development laboratory Prior to that, Larry worked for five years at The Analytical Sciences Corporation (TASC) as a national security analyst assessing conventional military force structures He has an MS in information systems, an M.A in international relations, and a B.A in political science He also has completed eight professional certifications in network and systems security, internetworking, WANs, Cisco routing, and Windows NT “ Hackers Beware “ New Riders Publishing John Furlong is an independent Network Security Consultant based in Dallas, Texas After graduating from a university in England as a systems programmer, John immigrated to the United States After extensive development of IDS signatures and modular software for business environments utilizing the Aggressor security suite, John opened his own consulting firm in 1998 John continues to develop and educate business professionals on the growing need for intranet and Internet security As a freelance consultant, John has provided remote storage systems for security conscious industries, such as medical and insurance affiliations, and enhanced and strengthened operating systems for numerous Internet service providers Steve Smaha is an Austin-based angel investor and philanthropist Previously he was founder and CEO of Haystack Labs, Inc., an early developer of Internet security software, until its acquisition in October 1997 by Trusted Information Systems (TIS) At TIS, Steve served as Vice President for Technology until TIS was acquired by Network Associates in April 1998 Since 1998, he has served on several computer company boards of directors and technical advisory boards and is actively involved in mentoring startup tech companies and working with non-profit organizations He is married with a young child His undergraduate degree is from Princeton University and graduate degrees are from the University of Pittsburgh and Rutgers University Patrick “Swissman” Ramseier, CCNA, GSEC, CISSP, is a Security Services Director for Exodus Communications, Inc Exodus is a leading provider of complex Internet hosting for enterprises with mission-critical Internet operations Patrick started as a UNIX system administrator Over the past 13 years, he has been involved with corporate-level security architecture reviews, vulnerability assessments, VPN support, network and operating system security (UNIX-Solaris, Linux, BSD, and Windows NT/2000), training, research, and development He has a B.A in business and is working concurrently on his masters and doctorate in computer science Acknowledgments I wanted to thank New Riders for the help and support through this process Mainly Jeff Riley, Katherine Pendergast, and Sean Monkhouse They are a great publisher to work with I also wanted to thank SANS for having such a great organization Alan Paller and Stephen Northcutt are wonderful people to work with and very helpful They gave great advice and support through the entire process Also, I want to thank all of the SANS GIAC students who provided excellent information via their practicals What always makes me nervous with acknowledgement sections is the thought that I am overlooking someone When the book comes out I am going to remember who I forgot So I am going to leave a blank line, so whoever I forgot can write their name into this section Now on to all of the great friends and family I have that have helped me through this process Tony Ventimiglia, who has provided great editing support and who has been a great friend through thick and thin Mathew Newfield, who has helped out in numerous ways—probably even in some ways that he doesn’t even know about Jim Conley, who provided editing and guidance Gary Jackson, who provides continual guidance, wisdom, knowledge and is a great friend Marc Maloof, who has provided guidance and direction Most of all, I want to thank God for blessing me with a great life and a wonderful family: Kerry Magee Cole, a loving and supportive wife; my wonderful son Jackson, who brings joy and happiness to me everyday; Ron and Caroline Cole, and Mike and Ronnie Magee, “ Hackers Beware “ New Riders Publishing have been great parents to me—offering tons of love and support I’d also like to thank my wonderful sister, brother-in-law, nieces, and nephews: Cathy, Tim, Allison, Timmy, and Brianna For anyone who I forget or did not mention by name, I thank all of my friends, family and co-workers who have supported me in a variety of ways through this entire process Tell Us What You Think As the reader of this book, you are the most important critic and commentator We value your opinion and want to know what we’re doing right, what we could better, what areas you’d like to see us publish in, and any other words of wisdom you’re willing to pass our way As the Executive Editor for the Web Development team at New Riders Publishing, I welcome your comments You can fax, email, or write me directly to let me know what you did or didn’t like about this book—as well as what we can to make our books stronger Please note that I cannot help you with technical problems related to the topic of this book, and that due to the high volume of mail I receive, I might not be able to reply to every message When you write, please be sure to include this book’s title and author as well as your name and phone or fax number I will carefully review your comments and share them with the author and editors who worked on the book Fax: 317-581-4663 Email: stephanie.wall@newriders.com Mail: Stephanie Wall Executive Editor New Riders Publishing 201 West 103rd Street Indianapolis, IN 46290 USA Introduction With so much going on in regard to network security (or the lack thereof), a book on this topic almost needs no introduction Less than 10 years ago, most people didn’t even know what the Internet or email was To take a further step back, most people did not even have computers at work or home, and some even questioned their usefulness Things have really changed As I am writing this, the Carousel of Progress ride at Disney World goes through my mind Things that we considered science fiction a decade ago are not only a reality, but an engrained part of our life Heck, if the dedicated line at my house goes down for more than 30 minutes, my wife is screaming at me to fix it This is truly the age of computers From a functionality standpoint, computers are great when they are stand-alone devices If I have a computer in my home with no network connection, I really need any computer security? The house usually provides enough security to protect it But now that everyone is connecting their computers together via the Internet, we are building this web of trust where everyone trusts everyone else There is just one problem: everyone does not trust everyone else Yet, in most cases, we are giving everyone full access to this information At this point, let’s step back and look at how this happened “ Hackers Beware “ New Riders Publishing deny.de Web page full of hacking utilities, texts, scripts, and programs This page has many resources and some information for beginners elitehackers.com Message board with knowledgeable hackers—very useful for finding out the latest known exploits and getting advice ENSLAVER.COM Exploits and scripts all listed on FTP site firosoft.com/security/philez Features exploits, tools, and text files, split into directories labeled as such; categories are labeled according to operating system First.org Organization of incident response teams ftp.nec.com Contains a large repository of tools in the /pub/security directory ftp.porcupine.org Lots of security tools, unlabeled and unsorted ftp.win.tue.nl The /pub/security directory contains a large repository of security tools geek-speak.net A site dedicated largely to whitepapers on different computer security topics Allows you to search the site for what you are looking for hack.co.za Tons of exploits placed under categories by operating system or exploit type Constantly updated with latest exploits “ Hackers Beware “ New Riders Publishing 802 Hackernews.com Daily news about the hacker community hackersclub.com Enormous amount of resources and text files from as far back as 1998, but still kept up-to-date File area is dedicated to operating systems and types (hacking, cracking, phreaking, and wordlists) infosyssec.net Plenty of news resources from viruses to exploits to overall security There is a search engine for virus, security, and anti-virus products Includes tons of other search engines—too many to list infowar.co.uk This Web site is dedicated to articles, advisories, and tools insecure.org News, exploits (Win, Linux, Solaris, and so on), security tools, and whitepapers, updated regularly L0pht.com Contains a great deal of useful tools and papers on network security and hacking net.tamu.edu Security tools located in http://net.tamu.edu/network/public.html neworder.box.sk A well maintained site featuring all sorts of computer hacking programs subdivided by area—phreaking, cryptography, operating system, and so on The searchable database for exploits is constantly updated ntobjectives.com Security tools oriented site with several products for free download “ Hackers Beware “ New Riders Publishing 803 packetstorm.securify.com News/exploit site with constantly updated database of exploits Comes with explanation as well as actual exploit Searchable database of papers, exploits, and so on Phrack.com An online network security magazine that contains a lot of useful information porcupine.org Tools and papers on auditing the security of a network rogenic.com Very large and frequently updated site with loads of exploits rootshell.com This site features custom made exploits on different systems The site researches and implements many different exploits There is also a searchable database and documentation SANS.ORG The SANS Institute home page contains a lot of information on security conferences and certification, and the Global Incident Analysis Center (GIAC) offers a lot of information on exploits and what can be done to prevent against them It also has an excellent security poster that it updates each year securiteam.com Web site featuring news articles regarding security-related issues Lists exploits and tools as well of all sorts of different software Tools include scanners, operating system detects, and DoS tools Securityfocus.com Home of BugTraq and other useful information on exploits Securitysearch.net Useful security portal “ Hackers Beware “ New Riders Publishing 804 Sysinternals.com Contains a large repository of tools technotronic.com Contains a large archive on security vulnerabilities and exploits torus.ndirect.co.uk Multiple resource hacking site with information on hacking, encryption, viruses, and even papers ussrback.com Self-discovering exploit site Offers p-to-date exploits, advisories, library, and cryptography warmaster.de Exploits and hacks divided by operating system Features text files and interviews This site has a large selection, some obsolete whitehats.com Contains a large repository of hacking tools Wiretrip.net/rfp Rainforest puppy’s web site that contains CGI vulnerability information and NT exploits www-arc.com System and network scanners available for download Exploit bulletin board xforce.iss.net Home of security program for ISS offers security alerts, bulletins, mailing lists, and so on Hacker/Security Tools Here are some great tools for the security professional who wants to learn how hackers it: “ Hackers Beware “ New Riders Publishing 805 • • • • • • • • • • • • • • • • • • • • • • • • • • • Achilles Used to edit http sessions: http://www.digizensecurity.com Adore Kernel level rootkit: http://packetstorm.securify.com/UNIX/penetration/rootkits Back Orifice 2000 Back-door program for Windows: http://www.bo2k.com Cheops Network mapping tool: http://www.marko.net/cheops/ Covert TCP Hides data in the TCP protocol: http://packetstorm.securify.com CPU Hog DOS attack: http://206.170.197.5/hacking/DENIALOFSERVICE/ Crack Password cracker for UNIX: ftp://cerias.cs.purdue.edu/pub/tools/unix/crack Dsniff Advanced sniffer program: http://www.monkey.org/~dugsong/dsniff Dumpsec Extracts information from NT null sessions: http://www.systemtools.com/somarsoft Enum Extracts information from NT null sessions: http://razor.bindview.com Firewalk Determines a firewall ruleset: http:// packetstorm.securify.com/UNIX/audit/firewalk Fragrouter Used to fragment packets: http://www.anzen.com/research/nidsbench Getadmin Privilege escalation for NT: http://www.infowar.co.uk/mnemonix/utils.htm Hunt Session hijacking tool: http://www.cri.cz/kra/index.html IIS Unicode Exploit Exploits an IIS server: http://www.wiretrip.net/rfp/p/doc.asp?id=57&face=2 Imap Buffer Overflow Buffer overflow for UNIX: http://packetstorm.securify.com IP Watcher Commercial session hijacking tool: http://www.engarde.com ITS4 Security reviewer: http://www.cigital.com/its4/ Jizz DNS cache poisoning tool: http://www.rootshell.com John the Ripper Password cracker: http://www.openwall.com/john Jolt2 Denial of Service tool: http://razor.bindview.com Juggernaut Session hijacking tool: http://www.rootshell.com Knark Kernel level rootkit: http://packetstorm.securify.com/UNIX/penetration/rootkits Land Denial of Service attack: http://packetstorm.securify.com/9901-exploits/eugenics.pl Loki Covert channel for creating a back door: http://www.phrack.com/Archives/phrack51.tgz L0phtcrack Password cracker: http://www.l0pht.com Lrk5 Rootkit: http://packetstorm.securify.com/UNIX/penetration/rootkits “ Hackers Beware “ New Riders Publishing 806 • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Nessus Free vulnerability scanner: http://www.nessus.org NetBus Back-door program for Windows: http://www.netbus.org Netcat Swiss army knife of security tools: http://www.l0pht.com/ NetMeeting Buffer Overflow Buffer overflow: http://packetstorm.securify.com/9905exploits/microsoft.netmeeting.txt Nmap Port scanner: http://www.insecure.org/nmap NT Rootkit Rootkit for NT: http://www.rootkit.com Ping of Death Denial of Service attack: http://packetstorm.securify.com/9901-exploits/eugenics.pl Queso Operating system fingerprinting tool: http://www.apostols.org/projectz/queso RDS Exploit IIS exploit: http://www.wiretrip.net/rfp/p/doc.asp?id=1&iface=2 RedButton NT exploit: http://packetstorm.securify.com/NT/audit/redbutton.nt.weakness.sh ower.zip Redir Packet redirector: http://oh.verio.com/~sammy/hacks Reverse WWW shell Back-door program: http://r3wt.base.org Rstatd exploit Buffer overflow: http://packetstorm.securify.com/0008-exploits/rpc.statd.x86.c Rootkits Rootkits for UNIX: http://packetstorm.securify.com/UNIX/penetration/rootkits Sam Spade General tool for Windows: http://www.samspade.org Sechole Privilege escalation exploit: http://www.ntshop.net Smurf Denial of Service exploit: http://packetstorm.securify.com/new-exploits/papasmurf.c Sniffit Sniffer: http://reptile.rug.ac.be/~coder/sniffit/sniffit.html Snort Sniffer IDS: http://www.clark.net/~roesch/security.html Solaris LKM Rootkit Back-door program: http://thc.inferno.tusculum.edu/files/thc/slkm-1.0.html SSPing Denial of Service exploit: http://packetstorm.securify.com/9901-exploits/eugenics.pl SYN Flood Denial of Service exploit: http://packetstorm.securify.com/spoof/unix-spoof-code/synk4.zip Targa Tool for running multiple Denial of Service exploits: http://packetstorm.securify.com TBA War dialer for Palm Pilots: http://www.l0pht.com/~kingpin/pilot.html THC Scan War dialer: http://thc.inferno.tusculum.edu Tini Backdoor for NT: http://ntsecurity.nu/toolbox/tini ToolTalk Buffer Overflow Buffer overflow: http://www.securityfocus.com TFN2K Distributed Denial of Service attack tool: http://packetstorm.securify.com/distributed/ Trinoo Distributed denial of service attack tool: http://packetstorm.securify.com/distributed/ “ Hackers Beware “ New Riders Publishing 807 • • • • • TTY Watcher Session hijacking tool: ftp://coast.cs.purdue.edu/pub/tools/unix/ttywatcher Whisker CGI vulnerability scanner: http://www.wiretrip.net/rfp WinDump Sniffer for Windows: http://netgroupserv.polito.it/windump/ WinNuke Denial of Service exploit: http://www.anticode.com WinZapper Log cleaner for NT: http://ntsecurity.nu/toolbox/winzapper General Security Related Sites This section will cover sites that contain general security information It's broken down by type of information like newsgroups, mailing lists, or web sites Sites and Newsgroups of Interest This section lists sites that contain security information in a particular area and also lists newsgroups on various areas of security • • • • • • • • • • • • • • • • • • • • • • • • • • • http://www.ciac.org/ciac/CIACHome.html http://home.cyberarmy.com/fuzion/index.html http://www.cynet1.com/blindsight/ http://members.aol.com/madzombie/ http://www.tower.net.au/~hellfire/RTFM/rtfm.html http://skynet.ul.ie/~flynng/security/ http://www.escape.com/~samk/ http://www.rhino9.org http://www.io.com/~ritter/NETLINKS.HTM#CryptoDesigns http://www.io.com/~ritter/NETLINKS.HTM http://www.ftech.net/~monark/crypto/ http://www.guninski.com/ http://page.to/hackzone http://icat.nist.gov/icat.taf http://www.snort.org http://www.techbroker.com/happyhacker.html http://www.rootshell.com http://www.genocide2600.com http://visigoth.isCool.net http://www.unitedcouncil.org http://www.infowar.com http://www.phrack.com http://www.cybercom.com/~bsamedi/hack.html http://www.hackers.com http://www.thtj.com http://sun.soci.niu.edu/~cudigest http://www3.l0pht.com/~oblivion/blackcrawlarch.html “ Hackers Beware “ New Riders Publishing 808 • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • http://www.2600.com http://www.mit.edu/hacker/hacker.html http://www.krew.org/H.html http://www.arts.unimelb.edu.au/Dept/Crim/Hack/pap.htm http://www.l0pht.com http://www.thecodex.com/hacking.html ftp://ds.internic.net/rfc/ http://www.sysone.demon.co.uk/ http://www.con.wesleyan.edu/~triemer/network/docservs.html http://www.jabukie.com/Hacking.html http://www.txdirect.net/users/wall/cgisec.htm http://www.antionline.com/archives/windows/passwdcrack/ ftp://ftp.ox.ac.uk/pub/wordlists/ http://www.7thsphere.com/hpvac/index.html http://www.inil.com/users/doug/hold.htm http://www2.fwi.com/~rook/ http://www.pagewerx.com.au/nitroland/ http://easyweb.easynet.co.uk/~davegraham/ukarena/ukarena.htm http://www.phreak.co.uk/datathief/home.html http://www.feist.com/~tqdb/ http://www.hfactorx.org/ http://www.lordsomer.com/ http://main.succeed.net/~kill9/hack/ http://www.xmission.com/~ryder/hack.html http://www.clark.net/pub/srokicki/linux/ http://www.hfactorx.org:80/user_pages/syntaxerror/ http://l0pht.com/~weld/index.html http://www.sonic.net/~group42/ http://loa.ml.org http://thepsyko.home.ml.org http://prozac.iscool.net http://www.legions.org http://www.cotse.com http://www.nmrc.org Mailing Lists Mailing lists are a great way to keep up on the wide range of security information that is constantly being discovered You can subscribe to a mailing list and automatically receive information when it is generated • • • http://www.ntsecurity.net/ Subscribe to the NTSecurity list with the online sign-up page Alert Send an email to mailto:request-alert@iss.net with Subscribe alert in the body of the message BugTraq Send an email to mailto:LISTERV@NETSPACE.ORG with SUBSCRIBE BUGTRAQ in the body of the message “ Hackers Beware “ New Riders Publishing 809 • • • • • • • • • • Cert Send an email to mailto:cert-advisory-request@cert.org with SUBSCRIBE in the subject line FreeBSD Hackers Digest Send an email to mailto:Majordomo@FreeBSD.ORG with subscribe FreeBSDhackers-digest in the body of the message Happy Hacker Digest Send an email message to mailto:hacker@techbroker.com with subscribehh in the body of the message Linux Security Send an email message to mailto:linuxsecurity-request@redhat.com with subscribe in the subject of the message Linux Admin Send an mail message to mailto:Majordomo@vger.rutgers.edu with subscribe linuxadmin in the body of the message NTBugTraq Send an email message to mailto:LISTSERV@LISTSERV.NTBUGTRAQ.COM with SUBSCRIBE NTBUGTRAQ firstnamelastname in the body of the message NT FAQ Send an email message to mailto:nt-faq@ed-com.com with subscribe nt-faq in the body of the message Windows 95 Send an email message to mailto:WIN95-Lrequest@PEACH.EASE.LSOFT.COM with SUB WIN95-L firstnamelastname in the body of the message Windows 98 Send an email message to mailto:WIN98-Lrequest@PEACH.EASE.LSOFT.COM with SUB WIN98-L firstnamelastname in the body of the message Visual Basic Send an email message to mailto:VISBAS-Lrequest@PEACH.EASE.LSOFT.COM with SUB VISBAS-L firstname lastname in the body of the message Operating System Specifics Because a large number of exploits are against specific operating systems, I divided this section into the major operating systems and listed specific vulnerabilities for each Linux/UNIX Related Sites This section lists a wide range of sites that list security vulnerabilities and ways to strengthen the security of Linux and UNIX operating systems • • • • • http://www.freebsd.org http://www.hawken.edu/help/linux.htm http://sunsite.unc.edu/mdw/index.html http://www.linux.org http://www.geek-girl.com/UNIXhelp/ “ Hackers Beware “ New Riders Publishing 810 • • • • • • • • • • • • • • • • • • • • • • http://www.netsys.com/ http://www.ugu.com/ http://www.clark.net/pub/srokicki/linux/ http://www2.xtdl.com/~jlorenz/allunix.html http://www.linuxhq.com http://www.linuxos.org http://www.li.org http://freshmeat.net http://slashdot.org http://lwn.net/daily http://lwn.net http://webwatcher.org http://www.linuxresources.com http://www.linuxgazette.com http://www.linuxjournal.com http://www.best.com/~aturner/RedHat-FAQ/ http://linux-list.home.ml.org http://www.labs.redhat.com http://www.redhat.com http://www.clark.net/pub/ray/ http://www.suse.de http://www.suse.com Linux Vendors Most vendors a good job of releasing patches for the various vulnerabilities that are constantly being discovered By checking a vendors web site, you can verify that you are running all of the latest patches that they have released • • • • • • http://www.cdrom.com http://www.lsl.com http://www.linuxmall.com http://www.cheapbytes.com http://www.varesearch.com http://www.linux-hw.com Windows NT Related Sites The following sites list information on securing Windows NT systems and the various exploits that have been discovered • • • • • • http://www.nmrc.org/files/nt/ http://www.webtrends.com http://www.ntsecurity.net http://www.windowsnt-plus.com/ http://www.ntshop.com http://www.ntfaq.com “ Hackers Beware “ New Riders Publishing 811 Windows 95 Related Sites The following sites list information on securing Windows 95 systems and the various exploits that have been discovered • • • • • • • • • • • • • • http://www.windows95.com http://www.geocities.com/SiliconValley/Heights/1094/ http://www.windows98.org http://www.mindspring.com/~ggking3/pages/windmill.htm http://www.annoyances.org/win95/ http://www.cobb.com/win95/index.htm http://www.winmag.com http://walden.mo.net/~rymabry/95winfaq.html#FAQ http://walden.mo.net/~rymabry/95winfaq.html http://web.mit.edu/afs/athena/org/i/is/help/win95/ http://www.halcyon.com/cerelli/ http://cuiwww.unige.ch/info/pc/remote-boot/ http://www.helmig.com/ http://www.pcguide.com Programming Related A general understanding of how programming languages work can help you better understand exploits and how to protect against them C/C++ C/C++ is one of the most popular programming languages A basic understanding of how to read C/C++ code is a good starting point for comprehending exploits • • • http://www.cm.cf.ac.uk/Dave/C/CE.html http://www.delorie.com/djgpp/ http://www.strath.ac.uk/CC/Courses/NewCcourse/ccourse.html MS-DOS MS-DOS is the operating system that Windows 3.1 ran on and forms the basis for most of Microsoft’s operating systems Using MS-DOS is a common way that attackers can bypass the security features of the newer operating systems • • • • http://www.cm.cf.ac.uk/User/P.L.Poulain/project/allcomms.htm http://log.on.ca/users/rhwatson/dos7/commandintro.html http://www4.ncsu.edu/unity/users/j/john/html/dosinfo/batch.html http://www.cit.ac.nz/smac/os100/msdos14.htm Visual Basic “ Hackers Beware “ New Riders Publishing 812 Visual basic forms the foundation of the programming that is available in most of Microsoft’s products A large number of the macro viruses that impact the Microsoft's products are based on VB or Visual Basic • • • • • • • • • • • • • • • • • • http://www.wvinter.net/~smithm/archives.htm http://www.inquiry.com/techtips/thevbpro/ http://www.cdc.net/~dmitri/utilities.html http://www.brianharper.demon.co.uk/files.htm http://www.zeode-sd.com/ccrp/ http://www.freecode.com/ ftp://ftp.microsoft.com/developr/vb/kb/index.txt http://www.planet-source-code.com/vb/ http://www.softcircuits.com/sw_vbsrc.htm http://www.karland.com/code/visualbasic/ http://www.kingsoft.com/qaid/vb/index.html http://www.cgvb.com/links/lpage.boa/FILE http://www.buffnet.net/~millard/vb/vbwfaq1.htm http://www.vb-helper.com/howto.htm http://www.goldenfamily.com/visbas/index.html#CODE http://www.goldenfamily.com/visbas/index.html http://thebestweb.com/vbfaqs/faq_prog.html http://www.pconline.com/~markp/winsock.htm Miscellaneous The following is a list of sites that cover a wide range of topics • • • • http://www.unituebingen.de/zdv/projekte/linux/books/nag/node1.html http://www.programmersheaven.comh http://www.strangecreations.com/ http://www.utexas.edu/cc/ Online Reading Materials The following sites contain some good reading material on a variety of topics • • http://www.mcp.com/personal/ http://www.developer.com Search Engines There is a lot of valuable information on the Internet, but it is sometimes difficult to find Search engines are a great way to find a specific tool or general information on a topic • http://www.yahoo.com “ Hackers Beware “ New Riders Publishing 813 • • • • • • • • • • • • http://www.altavista.com http://www.infoseek.com http://www.lycos.com http://www.excite.com http://www.webcrawler.com http://www.metacrawler.com http://www.hotbot.com http://www.dejanews.com http://www.filez.com http://www.ftpsearch.com http://www.phoaks.com http://www.astalavista.com Cracks, Wares, and so on The following sites contain some useful tools and products • • • • • • • • • • • • • • • • • http://www.compucall.com/keys.htm http://hack.box.sk/ http://www.fravia.org http://www.lordcaligo.org http://www.t50.com http://www.wwisp.com/~wsg/cbd/cracks.html http://members.tripod.com/~tnwo/ http://www.fortune500.net/super/ news://alt.cracks news://alt.binaries.cracks news://alt.binaries.cracks.phrozen-crew news://alt.2600.warez news://alt.2600.programz news://alt.warez.ibm-pc news://alt.binaries.warez.linux news://alt.binaries.warez.mac news://alt.binaries.warez.macintosh Finding People on the Net Just about anything can be found on the Internet—including information about people The following are some sites for locating individuals • • • • • • • http://www.anywho.com http://www.infospace.com http://www.whowhere.com http://www.four11.com http://www.switchboard.com http://www.cis.ohio-state.edu/hypertext/faq/usenet/finding http://www.faqs.org/hypertext/faq/usenet/findingaddresses/faq.html “ Hackers Beware “ New Riders Publishing 814 • • http://www.thecodex.com/ http://rs.internic.net/cgi-bin/whois/ Phreaking Related Phreaking is a term that is often used to describe attacks against phone systems The following sites contain information on phreaking • • • • • • • • • http://wwwpersonal.engin.umich.edu/~jgotts/underground/boxes.html http://members.tripod.com/~iang/ http://www.phonelosers.org/ http://pla.tsx.org http://boards.eesite.com/board.cgi?boardset=q7rj7dk4 http://www.geek.org.uk/phila/nd/index.html http://www.slcnet.net/personalwww/apollo/telecom/phreak.htm http://www.webcrunchers.com http://www.visual-traffic.com/hacker.html Online Scanners There are several sites available on the Internet that you can use to scan other systems and find out a variety of information • • • • • • • • • • • • • • • http://www.fse.com/support/security%20scan/areyouprotected.htm FutureSoft http://www.hackerwhacker.com/ (Hacker Whacker) http://www.dateline.epatrol.com/ (ISS Online Vulnerability Scanner) http://mycio.com/zombie/ (MyCIO Scan for TFN, Trinoo, and Stacheldraht) http://security.shavlik.com/ (Quick Inspector for the Web) http://www.secure-me.net/ (Secure Me) https://grc.com/x/ne.dll?bh0bkyd2 (Shield’s Up) http://scan.sygatetech.com/ (Sygate Online Security Scan) http://www.webtrends.net/tools/security/scan.asp (Webtrends Online Scan) http://security1.norton.com/common/1033/zd/zd_intro.asp (Zdnet Online Network, Virus, and Trojan Scan) http://privacy.net/analyze/analyzehow.asp (Privacy analysis of your Internet connection) http://webservices.cnet.com/bandwidth/ (Bandwidth Meter) http://webservices.cnet.com/bandwidth/ (Traceroute, Ping, DNS Lookup, WHOIS, DNS Records Lookup and E-mail relay) http://security1.norton.com/us/intro.asp?venid=sym&langid=us (Symantec Security Check (Risks, Virus and Trojans)) http://scan.sygatetech.com/ (Sygate Scan (Stealth, Trojan, TCP, UDP, ICMP)) “ Hackers Beware “ New Riders Publishing 815 • http://www.mycio.com/asp_subscribe/trial_cc.asp (myCIO CyberCop ASaP) “ Hackers Beware “ New Riders Publishing 816 ... to me and brings joy and happiness to me every day Hackers Beware About the Author About the Technical Reviewers Acknowledgments “ Hackers Beware “ New Riders Publishing Tell Us What You Think... think of when they hear of hackers breaking into machines This is also what the media tends to emphasize in terms of dangers posed to your system by hackers: “ Hackers Beware “ New Riders Publishing... field, ignorance is deadly and knowledge is power “ Hackers Beware “ New Riders Publishing 10 Hopefully, this book will give you insight into hackers and how you can protect against them Securing