Denying Hacking Programs by Name
Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Denying Hacking Programs by Name

  1. #1
    Senior Member
    Join Date
    Jan 2004
    Posts
    172

    Post Denying Hacking Programs by Name

    On my network I can write a policy that will deny the user the ability to run exe programs by name. Provided they can just rename the program msword.exe but I'm betting that most people won't be worrying about renaming it.

    So I'm asking if you all can help me out and provide me a list of hacking tools that might be used against a windows 2000 server, that also runs a web server. All I need is the program name and a breif description of what the program does. I don't need to know where to get it or anything like that cause I really don't care lol. If you all could help me out that would be great.

    Thanks

  2. #2
    I will begin constructing a list, but know that it is in the hundreds of thousands. There are quite literally that many programs out there that have been written for continual destructive use and thus you are in for a lot of name typing. On a side note, couldn't they also change the file name?

    But I am glad you are still striving to circumvent it, as program kiddies and scripties annoy us all, I'm sure.

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    On my network I can write a policy that will deny the user the ability to run exe programs by name. Provided they can just rename the program msword.exe but I'm betting that most people won't be worrying about renaming it.
    That's a pretty scary bet. I'd actually bet otherwise. It's the activity of the program that is important, not necessarily the name. I'd suggest visiting CERT, look at all the vulnerabilities for Win2K and the webserver in question (IIS or Apache?) and then visit a site like Packet Storm Security and seeing what "exploits/programs" exist.

    This method that you are proposing will really only deal with the script kiddies and won't deal with those with a lot more finesse. A better course of action would be to secure the server, have a firewall in front of the web server and an IDS behind it to detect any intrusions.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Why don't you reverse he policy and make it such that the user can only run programs on the list you define. Then only those programs will run rather than try to guess at the myriad combination of names hacktools either have or can be named.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Senior Member
    Join Date
    Jan 2004
    Posts
    172
    Thanks, just as soon as possible would be great

  6. #6
    Senior Member
    Join Date
    Jan 2004
    Posts
    172
    WEll I would just reverse the list but than I have the problem of trying to find out every exe that programs such as msword and turbo tax, and other run. That is really alot. lol

  7. #7
    This method that you are proposing will really only deal with the script kiddies and won't deal with those with a lot more finesse. A better course of action would be to secure the server, have a firewall in front of the web server and an IDS behind it to detect any intrusions.
    I agree 100%, as this not only being a faster method but a much more secure one. I've also noticed that the McAfee virus scanner when running in the background constant mode detects a majority of script kiddie applications based upon the hashes(terminology correct?) that makes up the file, rather than the name. Port scanners, crackers, etc etc... I've seen that virus scanner pick up the most amazing things, and in the process save quite a few networks while firing a few employees.

  8. #8
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    It's a lot less than the other way. Is this machine also used for regular usage (regular user with applications and games?)
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #9
    Senior Member
    Join Date
    Jan 2004
    Posts
    172
    the server is IIS

  10. #10
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    Why do you only want the ones that hack a 2000 web server, wouldnt you rather have no exploits running on your network?

    I would have to agree with tigershark and make a list of ok progs. This list will probably be a lot smaller than a list of all known exploits and it will prevent the possibilty of new 0 dayz being run
    That which does not kill me makes me stronger -- Friedrich Nietzche

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •