Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: The complete security Part - I Anti-Scanning

  1. #1
    Member
    Join Date
    Nov 2003
    Posts
    33

    The complete security Part - I Anti-Scanning

    ------------------------------------------------------.Part1.---------------------------------------------------------
    Good Morning/AfterNoon/Evening to all of you out there.

    Yes this is just another guide to protect your server that is fresh from the company you bought it from, already configured and just needed to be pluged in. You are not even aware that the box is insecure at all. The next day you wake up to see it scrambled without a clue on what happened. This is why we are here. To save YOU from being destroyed. Read each and every single word of this tute if you want to stay alive in this mad world. But remember through this tute you will have to use common knowledge of the real world around you.

    First of all the first step of knowing about a computer is by scanning. This process gives you a detailed information of the target system. By the means of scanning, one can find out the weaknesses and loopholes in a system. But the dis-advantage of scanning is that a programme running on the remomote system can easily detect the client that is trying to access the system and we have to take advantage of this weakness. In other words the client(attacker) is like a jackal trying to steal the lions food while its still eating it. All we have to do is get some programmes to sniff the sniffers(scanners). These programs differ depending on the platform. But more such prgs/walls can be used to protect the system.

    Detection:
    These programs can be easily detected through understanding when and by whom the attack is made. By knowing who you're dealing with you may be able to take counter measures. For ex. if you manage to capture the ip address of a person it may be possible to track him down or block him unless he has an dynamic ip. This is can done using software like:

    Unix:
    1) Snort (http://www.snort.org)
    2) Scanlogd (http://www.openwall.com/scanlogd/)
    3) Courtney - 1.3 (http://packetstorm.securify.com/unix...tney-1.3.tar.Z)
    4) Ippl - 1.4 (http://www.pltplp.net/ippl/)
    5) Protolog 1.0.8 (http://packetstorm.securify.com/unix...g-1.0.8.tar.gz)

    Windows:
    1) Genius (http://www.indiesoft.com)
    2) BlackIce (http://www.networkice.com)
    3)Zone-alarm(http://www.zonelabs.com)
    Also Read this article on anti port scanning http://www.impsec.org/linux/security...tarpit-4.html.

    Canary, Portkepper are monitoring tools too and Microsoft Base line is a prg that scans your comp for known vulnerabilities.

    Now that we learnt on how to detect scans, we should also prevent these - "Prevention is better that cure" i.e. unless you have a back up of all the up-to-date data (for non-important data). It is very difficult to prevent someone from port scanning your system but the most you can do is take the most possible measures. For ex. you can't shut down all the TCP/UDP Ports. But you can deny access. In Linux, first of all you hae to close all un-necessary services through /etc/inetd.conf and remember doing this is not enough, You HAVE TO DISABLE THEM IN THE STARTUP SERVICES. Or else it will be like using a Hand Kerchief instead of a blanket to sleep in the North Pole. Softwares like Genius, Zone-alarm etc... Just record them. But programmes from http://www.tinysoftware.com provide a packet filtering and fireewall to save your ports. And how could I forget Sygate - http://www.sygate.com. But remember these are all just firewalls. You have to configure the properly. You should be careful while doing so. If you mess up, not a soul can access even your web site.

    More will be on its way.
    --------------------------------------------------.End of part ONE.------------------------------------------------
    There are 10 kinds people on Earth.
    Those who know Binary and those who dont.

    [flip]4675636B207468652064616D6E20626C6F6F6479206861636B65642D757020776F726C6400[/flip]

  2. #2
    1) Genius (http://www.idiesoft.com)
    wont open
    When you have eliminated the impossible, whatever remains, however improbable, must be the truth. - Sherlock Holmes

    i am NOT a hacker :Þ

  3. #3
    Member
    Join Date
    Nov 2003
    Posts
    33
    Sorry, the mistake has been corrected.
    You were right its http://www.indiesoft.com not idiesoft
    There are 10 kinds people on Earth.
    Those who know Binary and those who dont.

    [flip]4675636B207468652064616D6E20626C6F6F6479206861636B65642D757020776F726C6400[/flip]

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Posts
    161
    not a good tutorial.

    first you need to explain what portscanning is, how it works, and some programs that do the scan.
    then you will need to explain that you must do scans against your self to know what are you defending.
    Then close the ports that you do not need, i do not know why you need a sniffer since all portscanning packets are the same, and you could find examples of them online, they also contain no data that is important.

  5. #5
    Member
    Join Date
    Nov 2003
    Posts
    33
    Yeah I know I thought of includein utils like nmap, icmp etc...
    But I Couldn't give a brief explanation for all of it. My terms are around the corner so I dont have time for it. But I will Include it in part - II I promise. I thought I'd show them how to protect themselves then laterwhen possible give the long discription.
    There are 10 kinds people on Earth.
    Those who know Binary and those who dont.

    [flip]4675636B207468652064616D6E20626C6F6F6479206861636B65642D757020776F726C6400[/flip]

  6. #6
    Senior Member
    Join Date
    Sep 2003
    Posts
    161
    first of all if people use this tutorial just for protecting them selves, then ow my they are doomed.

    any ways, thanks and keep up the good work

  7. #7
    Senior Member
    Join Date
    Nov 2003
    Posts
    285
    nice try mate u could have done better any way good first tut ,know haw hard it is to doa original work. u should have done a bit of research though

  8. #8
    Member
    Join Date
    Dec 2002
    Posts
    41
    Also do you have any experience with those firewall programs? I have used Zone alarm and some of the others and find them a pain in the ass to configure and get working. Also hardware firewalls detect just as well and a twice as good. Maybe disscusing portscanners in general and one that you like would also help your tutorial...

  9. #9
    Banned
    Join Date
    Sep 2001
    Posts
    2,810
    A good idea for you and I have done this myself is to have a look at all these ideas and rewrite your tutorial. A revised version if you know what I mean.

    That way you get to learn yourself whilst helping others.

  10. #10
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    The article has some good info, but it almost feels like a sales pitch - no offense.

    These firewalls are good (and that's it...just good). Problem is, most hacker's exploits (not the older ones like SubSeven and BO 1.20 or Script Kiddie stuff) will get around these lightweight firewalls. Trust me on this...I've seen it. I'm sure I sound like a broken record, because I've said in in all my posts thus far (a whopping 3 to date), but anyone that relies on a just a firewall (especially ZoneAlarm, BlackICE, or Sygate or other software only firewall) as their ONLY line of defense, especially on Win32, is just about as bad as having a naked PC.

    A firewall alone (even these convienent Firewall/IDS/Everything Else but the kitchen sink types, cannot protect you 100%. Nothing can. (Except maybe an internet connection slower than 9600 baud!!! Who'd waste their time?

    My point is that a layered defense is much better, using multiple scanners, port blockers, IDS techniques, etc. Hopefully, you intend to address this in a future installment.

    Also, I have a great collection of tools and informational resources. I'll post it in a .htm file complete with links to other sources. Its very open disclosure, so I don't want to here about any of you guys abusing your powers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •