Network Security

These pages present a short overview of common network security holes, and what do do about them. Many of them are based on actual incidents I've seen, not some anecdote of what happened to the CIA website.

Although many of the problems and tools are specific to Unix systems, some Win95 problems are listed, and the concepts are platform-independant. As users build more services such as ICQ or webservers onto Windows, the risk increases.

Why Bother?

  1. An intruder might possibly (deliberately or inadvertently) damage your files, read private correspondance, etc.
  2. Intruders using your site to attack other sites might get you blacklisted or disconnected by your ISP.
  3. Intruders might use your site to store warez or pornography, possibly rendering you open to prosecution.

How is it Done?

Forget the old Hollywood clichés of a kid with a 300 baud modem typing
ID: guest
Password:g u e s ....
It's more like this:
Some kid with time on his/her hands hangs around IRC chat or reads some of the references given below. He hears about an exploit for some service, like bind, or imap, and then uses a scanning program to find vulnerable systems by either trying every number in a subdomain or dumping the domain name tables. If he can read an encrypted password list he can use a dictionary attack on his own machine to crack it. Then he logs into the system, trashes the system logs, and installs a packet sniffer, IRC robot or just uses the system as a springboard to cover his tracks while attacking other systems. Information such as passwords or credit card numbers may be captured and forwarded via IRC chat or an anonymous temporary mailbox.


Network Logging and Domain Restriction

It is possible to log the use of network services and to restrict certain services to certain domains or hosts.


What to do if Attacked

There are some suggestions here. Basically, unplug your Ethernet then do an audit.

Mailing Lists