The complete security Part - I Anti-Scanning
------------------------------------------------------.Part1.---------------------------------------------------------
Good Morning/AfterNoon/Evening to all of you out there.
Yes this is just another guide to protect your server that is fresh from the company you bought it from, already configured and just needed to be pluged in. You are not even aware that the box is insecure at all. The next day you wake up to see it scrambled without a clue on what happened. This is why we are here. To save YOU from being destroyed. Read each and every single word of this tute if you want to stay alive in this mad world. But remember through this tute you will have to use common knowledge of the real world around you.
First of all the first step of knowing about a computer is by scanning. This process gives you a detailed information of the target system. By the means of scanning, one can find out the weaknesses and loopholes in a system. But the dis-advantage of scanning is that a programme running on the remomote system can easily detect the client that is trying to access the system and we have to take advantage of this weakness. In other words the client(attacker) is like a jackal trying to steal the lions food while its still eating it. All we have to do is get some programmes to sniff the sniffers(scanners). These programs differ depending on the platform. But more such prgs/walls can be used to protect the system.
Detection:
These programs can be easily detected through understanding when and by whom the attack is made. By knowing who you're dealing with you may be able to take counter measures. For ex. if you manage to capture the ip address of a person it may be possible to track him down or block him unless he has an dynamic ip. This is can done using software like:
Unix:
1) Snort (http://www.snort.org)
2) Scanlogd (http://www.openwall.com/scanlogd/)
3) Courtney - 1.3 (http://packetstorm.securify.com/unix...tney-1.3.tar.Z)
4) Ippl - 1.4 (http://www.pltplp.net/ippl/)
5) Protolog 1.0.8 (http://packetstorm.securify.com/unix...g-1.0.8.tar.gz)
Windows:
1) Genius (http://www.indiesoft.com)
2) BlackIce (http://www.networkice.com)
3)Zone-alarm(http://www.zonelabs.com)
Also Read this article on anti port scanning http://www.impsec.org/linux/security...tarpit-4.html.
Canary, Portkepper are monitoring tools too and Microsoft Base line is a prg that scans your comp for known vulnerabilities.
Now that we learnt on how to detect scans, we should also prevent these - "Prevention is better that cure" i.e. unless you have a back up of all the up-to-date data (for non-important data). It is very difficult to prevent someone from port scanning your system but the most you can do is take the most possible measures. For ex. you can't shut down all the TCP/UDP Ports. But you can deny access. In Linux, first of all you hae to close all un-necessary services through /etc/inetd.conf and remember doing this is not enough, You HAVE TO DISABLE THEM IN THE STARTUP SERVICES. Or else it will be like using a Hand Kerchief instead of a blanket to sleep in the North Pole. Softwares like Genius, Zone-alarm etc... Just record them. But programmes from http://www.tinysoftware.com provide a packet filtering and fireewall to save your ports. And how could I forget Sygate - http://www.sygate.com. But remember these are all just firewalls. You have to configure the properly. You should be careful while doing so. If you mess up, not a soul can access even your web site.
More will be on its way.
--------------------------------------------------.End of part ONE.------------------------------------------------