-
May 5th, 2003, 02:46 PM
#1
There is no magic pixy dust....
Well I have read a *ton* of threads, mostly started by AO newbies, and all of them seem to have the same general misconception about *nix vulnerabilities. They all seem to think that some mystical powers are used to compromise *nix systems. Seeing that misinformation is one of my biggest peaves, I've decided to clear up the issue regarding the several major ways that *nix systems can be comprimised.
1) Listening Service - If a service isn't listening, you can't exploit it. Be mindful of each and every listening port. Take the time to educate yourself and others who are responsible for the server.
2) Source routing - If you have compiled routing support in your kernel and then wonder how your firewall was cirumvented, start by looking here. All someone has done is source route using your *nix box. I've seen this a bunch of times.
3) User initiated remote exploit - This is the typical trojan horse, virus, malicous web site, etc. This one is my favorite. If you are running a web browser as root and hit a page that has some fine crafted code, guess what will happen to your *nix box? Yep. Blammo. Again, take the time to understand how your browser interacts with the system. This alone will save you a lot of grief and it will help you to quickly indentify future issues. Try your best *not* to run programs as root. This too, will save you a lot of grief.
There are some good books that cover this. I believe that one of the Hacking Exposed books goes over this topic in great detail (version 2 I think?). Anyway, as I said, there is no magic pixy dust. These are the three major ways that *nix systems are exploited. I left out physical access because anyone with a sledge hammer can initiate a DoS attack
--Dismount soap box--
Hope this helps out.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
May 5th, 2003, 03:19 PM
#2
Anyway, as I said, there is no magic pixy dust.
Wait a second now!
You mean to tell me that the white "magic dust" that I bought last week downtown off the guy in the alley isn't magic pixie dust after all?
Damn... that stuff was pretty expensive. I wonder if he'll accept a return without a reciept?
Sorry... couldn't resist.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
May 5th, 2003, 03:44 PM
#3
Bwahahahahahah!
Well rumor has it that a certain AO member (Tiger Shark) has some *REAL* magic pixy dust for sale. His asking price is $1,000 US dollars. Sounds like a steal to me. I guess I will send him the money instead of Carlton Sheets or Don Lapre....
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
May 5th, 2003, 04:27 PM
#4
Junior Member
pixie dust
well, pixie dust is blue
white dust is for another type of magic
-
May 5th, 2003, 09:26 PM
#5
Not an image or image does not exist!
Not an image or image does not exist!
-
May 5th, 2003, 09:33 PM
#6
Pixy dust is in short supply since you have to capture a pixy and extract the dust using a centerfuge. Pixy sticks are plentful but their effects on *nix systems is undocumented. http://www.discountcandy.com/prodorder.asp?CatNo=231
Its not software piracy. I’m just making multiple off site backups.
-
May 6th, 2003, 11:01 PM
#7
Going back over some books me'ah I also found the subject of ports/services covered quite well in the "Hack Attacks" Series:
For those who don't have these - I and a few others in the pit recommend them:
Hack Attacks Denied. Chirillo. ISBN: 0-471-41625-8.
Hack Attacks Revealed. Chirillo. IBSN: 0-471-41624-X.
Plus they make great pillows.
Now back to my dust. Good stuff except for the tiny Cartmans' that come out of my ears.
\"Quis custodiet ipsos custodes?\"
-Juvenal
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|