These pages present a short overview of common network security
holes, and what do do about them. Many of them are based on actual
incidents I've seen, not some
anecdote of what happened to the CIA website.
Although many of the problems and tools are specific to Unix systems,
some Win95 problems are listed, and the concepts are
platform-independant. As users build more services such as ICQ or webservers
onto Windows, the risk increases.
Why Bother?
An intruder might possibly (deliberately or inadvertently)
damage your files, read private correspondance, etc.
Intruders using your site to attack other sites might get you
blacklisted or disconnected by your ISP.
Intruders might use your site to store warez or pornography, possibly
rendering you open to prosecution.
How is it Done?
Forget the old Hollywood clichés of a kid with a 300 baud modem
typing
ID: guest
Password:g u e s ....
It's more like this:
Some kid with time on his/her hands hangs around IRC chat or reads some
of the references given below. He hears about an exploit for some
service, like bind, or imap, and then uses a scanning program to
find vulnerable systems by either trying every number in a subdomain
or dumping the domain name tables. If he can read an encrypted password
list he can use a dictionary attack on his own machine to crack it. Then
he logs into the system, trashes the system logs, and installs a
packet
sniffer, IRC robot or just uses the system as a springboard to cover his
tracks while attacking other systems. Information such as passwords or credit
card numbers may be captured and forwarded via IRC chat or an anonymous
temporary mailbox.
Vulnerabilities
Malware, also
here - network-aware viruses and trojans
