Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 41

Thread: New User on Anti-Online (Does ethical hacking exists through legitamate means?)

  1. #21
    Socialist Utopia Donkey Punch's Avatar
    Join Date
    Sep 2004
    Location
    In the basement
    Posts
    319
    You do not want me to reply to that ZeroCool.
    In loving memory of my step daughter 1987-2006

    Liberty In North Korea

  2. #22
    MsMittens - Interesting. I came to that conclusion aswell but I needed to hear it from someone else I suppose. You must teach an interesting class. I will look for your tutorials in the near future. As a result, I may have some questions for you.


    MrCoffee - Thanks for your input. I'm surprized at how little interest their is in this type of way of learning. Further to MsMittens comment (and yours), in addition to my own lan, I may have one of my Profs configure a hardrive on a regular basis with different lines of defense. That way I"ll simply plug it into one of my comps on my own network and try to hack into the 'unknown' hardrive. Good idea?

    h3r3tic - At the risk of rising the internal politics here, I don't understand what 'pooh' did to constitue his/her banning. He may have said some negative things however, has been a member here for almost a year and posted almost 900posts. Not all 900 posts could be negative. Perhaps, as I am new here, I am not in a position to even comprehend what constitues the banning yet feel discontent as I feel I was the source of the ban on an individual who was simply defending my position. Perhaps this individual could be given a second chance because he or she sounds like they were a contributing member to this society (Even if you don't all aggree with his or her views).

  3. #23
    h3r3tic - At the risk of rising the internal politics here, I don't understand what 'pooh' did to constitue his/her banning. He may have said some negative things however, has been a member here for almost a year and posted almost 900posts. Not all 900 posts could be negative. Perhaps, as I am new here, I am not in a position to even comprehend what constitues the banning yet feel discontent as I feel I was the source of the ban on an individual who was simply defending my position. Perhaps this individual could be given a second chance because he or she sounds like they were a contributing member to this society (Even if you don't all aggree with his or her views).
    don't worry, he is been banned at his own request, it has nothing to do with bad posts

    and although he might react pretty hard sometimes, i hope he comes back, since he already thought me a lot, and it's great having him around!

  4. #24
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    I'm surprized at how little interest their is in this type of way of learning.
    In some ways I'm not. It's a question of liability and with the knee-jerk reaction of some out there, it makes it near impossible to do this kind of stuff. One specific class I teach has a "hack box" , that we affectionately call Tank. Guess why? It takes quite a pounding but rarely is it "rooted" (although I have found in the past three vulnerabilities and those were patched after I told the admin). The school however is very nervous about this box and the potential that someone might use it for attacks elsewhere (attacks generating from the school out to other sites have happened but not related to Tank directly). This has made them rather gunshy. Tank is so locked down that it's pretty much an unrealistic box.

    So I've improvised by allowing the students to go after each other. To me that reflects more of what will be on the Net and what they will have to deal with (including their own failings). That said, there are strict rules/guidelines for them to abide by so I can continue doing this with every class.

    It's that fear of "What if.." that I think people are worried about. "What if something I said means a bad guy breaks into..", "What if I teach him about this and he kills...", "What if people realize that I only know so much...". I'm a firm believer in two main points when it comes to security and learning it: 1. Understand how the attack is done so you know what to expect and how to defend against it. 2. Mistakes are great things.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #25
    Junior Member
    Join Date
    Sep 2004
    Posts
    4
    Well I can honestly say that despite the bickering that went on through this post, I was able to extract quite a large amount of direction, and suggestion from the thread. You can bet that I will be running off to read the tutorials of ms. and probably many others as I hope to be here for a while.

    I am not here with a desire to learn how to "hack"....

    I am here to hopefully find assistance as I need it as I continue to attempt to further understand why the clock ticks... and how to better manipulate the ticks themselves, or even better yet, the very things that create and control the ticks without actually breaking anything.

    Please note the clock is nothing more than a shabby example...

    My point is I am here because there appears to be a vast majority of knowledge here, and as I broaden my horizons, I may have questions.... Yeah they may be dumb ones... and I am sure that I too will be directed to the faqs, among other things. I am also sure that I will be chastized or ridiculed from time to time.

    That is what opinions allow us to do.

    Society teaches us that any questin that we already know the answer to is a silly or dumb question. As we ridicule that person, we need to keep in mind that we too had questions at some point in time, about something.

    """*****dumps water on the soap box that someone has set on fire, and runs for the hills dodging the flaming torches that appear to be following me.*****""""""

  6. #26
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    don't worry, he is been banned at his own request, it has nothing to do with bad posts
    It's called trying to get attention.. When children do it we call it "throwing a tantrum."

    Tremor- You seem to have the right idea about how to go about learning and you seem to be pretty enthusiastic about the subject.. Which should get you far... I would suggest that you read read read, and then apply apply apply... Sometimes technical manuals can be extremely boring, but if you can get into the process of being able to read something and then apply it.. or even figure out how something works on your own, and then read other peoples work on the same subject you can really start to understand things in a new light... I am often very suprised when I think I really know something well, and then I read an article or a technical journal and I see something in a totally new light..

    Also, in terms of finding machines to hack, perhaps you could find other people who are in the same program as yourself and find some spare/old machines. Have the other person stage the machine with whatever they feel like, and then have the other person go at it.. This way if you do get stuck you always have the other person there for hints or advice. If you can get a group of more than two or three people together you can start to build even more complicated networks to test with.. I realize that this does require hardware, which can be hard to come by when you are first starting, but if you watch for internet auctions or close out sales you would be suprised at what you can pick up at good prices.

    If you want a good read about the theory of network security process check out The Theory of Network Security by Thomas Wadlow. It is recommended reading for the CISSP certification, and Wadlow really knows his stuff, along with being a great guy.. Just a shame his company was really mismanaged.

  7. #27
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Guys, I removed the last posts. Take it elsewhere please. You want to argue, go use GCC or Cosmos or PM each other. But please don't take over a decent thread and trash it.

    If you want a good read about the theory of network security process check out The Theory of Network Security by Thomas Wadlow.
    You're one of the first peopel I've seen suggest that book. It's actually a really good book. That said, it's more of the feel of security or the big-picture of security rather than the nitty gritty. While its important, IMO and especially if soma is looking at getting into this field, I don't know how critical it would be to what soma's intentions are. I'd be suggesting something like Network Intrusion Detection by Stephen Northcutt or Hacking: The Art of Exploitation by Erickson.

    Then again, the Internet has tonnes of resources. A visit to SANS Reading Room could turn up tonnes of possible papers that might be of help as can Google.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #28
    Books are definatley the source. I'll have to keep all those titles in mind the next time I take a trip to Chapters. My first networking book was Computer Networking by Wendell Odom (First step series) from the Ciscopress. Evidently Cisco is taking over the world and understandibly if I was a senior in the company then why not publish many different books on the same subjects to get their users hooked so that they may led them to their products and services (I'll save this one for another thread. In any event the book was useful and I recommend it for begginers.

    MsMittens - I'm goint to try to convince one of my techers to allow me to bring in a computer that will not be hooked up to the school network. As we progress through the chapters in the various text were studying, sometimes it calls for software to be downloaded from the net to reinforce the lesson (at the end of most chapters). Such software is all security related as it is a Cyber security defense course and includes port scanners, sniffers, etc. Secondly, will bring in another computer to hook the two together and see how some of this software works. We've been encouraged to download it at home however my motivation is that the teacher will be able to gives us more insight as to how these programs work and what we should be looking for when an attack unique to the program occurs.

    Tremor - Glad to see were starting off on the same level at the same time. I think you'll find plently of knowledgable and resourcful people here. I look forward to reading your threads as I'll be asking the same questions (sooner or later).

  9. #29
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Such software is all security related as it is a Cyber security defense course and includes port scanners, sniffers, etc. Secondly, will bring in another computer to hook the two together and see how some of this software works. We've been encouraged to download it at home however my motivation is that the teacher will be able to gives us more insight as to how these programs work and what we should be looking for when an attack unique to the program occurs.
    CDs are cheap.

    For other research, you might also want to create a cd with virus/worms on it. I had that for classroom use when students were supposed to build a secure network. They'd leave while I'd do daily checks and I would infect it (they didn't know I did this -- at least not on the first day). Then they'd try to figure out what happened and would clue into the fact that they needed AV. It might be interested to have a "insecure" network up and see if people can figure out -- without the use of an IDS but using a simple sniffer like TCPDump -- whether the attack is human or worm and if it's worm, which worm is it.

    We've been encouraged to download it at home however my motivation is that the teacher will be able to gives us more insight as to how these programs work and what we should be looking for when an attack unique to the program occurs.
    Keep in mind that your teacher may not know every product and having them tell you insights is ok but there is a lot more "learning" done from hands on experimentation. Using tools in groups of 2-3 with "victims" and attackers along with a sniffer to see the traffic is an excellent learning experience, IMO.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #30
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    You're one of the first peopel I've seen suggest that book. It's actually a really good book. That said, it's more of the feel of security or the big-picture of security rather than the nitty gritty. While its important, IMO and especially if soma is looking at getting into this field, I don't know how critical it would be to what soma's intentions are. I'd be suggesting something like Network Intrusion Detection by Stephen Northcutt or Hacking: The Art of Exploitation by Erickson.
    The book I referenced if definitely just about theory.. Even more than that it is almost completely about how to enforce computer security in a business organization. But in my opinion I think in order to really understand security you need to understand the theories behind it before you get into the nitty gritty.. Just my preference for learning... One of the problems I have found with most IT people is that all they know is IT. They don't understand business processes and in my opinion that really keeps them from being anything more than a technician.. Which is all that some people want...

    I actually had a chance to poke around on the Pilot Network Services network(Wadlow's company) before it went belly up and they had a really good product offering. The one thing that in the end caused them problems is that they were to strict in the policies that they required their customers to use.. I think their product offering was put to market to early as their was not the concern about corporate security as their is now..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •