crackers are OS agnostic [was: ssh probing]
Christos Ricudis
ricudis at itc.auth.gr
Thu Jun 11 10:18:17 EEST 2009
Nick Demou wrote:
> μάλλον πέρασαν οι καλές μέρες που α) admins με μεράκι φροντίζανε
> τους linux servers και
Nai, giati th shmeron hmera oi sysadmins exoun na kanoun kai kammia
douleia (na grapsoun kanena paradoteo, na perasoun merika timologia, na
koubalhsoun kanena kibwtio apo thn apo8hkh, ktl).
Systems security was *always* counter-productive, se pollapla epipeda.
Poso mallon shmera, pou :
1) Ta pragmata apo th mia pleyra exoun aplopoih8ei se ba8mo ahdias.
Kapote otan katalabaines oti prepei na antikatasthseis ena hackemeno
mhxanhma ebrizes 8eous kai daimones (akoma to kaneis, alla pio xalara).
Shmera apla ksanasthneis ena debian, ksanapernas to /var/www/ kai eisai
etoimos.
2) To update exei ginei eykolh ypo8esh. apt-get update ; apt-get
upgrade. Kapote ena kainourio exploit shmaine oti eprepe na ksanakaneis
compile eks'arxhs ton apache, to openSSL, thn PHP, thn libc, ton kernel,
kai ton mikrokwdika tou 80386.
3) Exoun *sxedon* eksafanistei apo proswpou ghs ta targeted attacks
(deite thn tainia tou Boulgarh, "Ola Einai Botnets").
4) Oi maintainers einai pleon arketa security conscious, me eksairesh
aytous poy grafoun random number generators sto Debian.
> β) οι crackers θεωρούσαν ότι δεν αξίζει να
> ασχολούνται με linux targets γιατί βρίσκαν ελάχιστους "ξεβράκωτους".
>
Aksiwma : Statistika kanenas den asxolietai me cracking meta th nohtikh
hlikia twn 15 etwn.
Symperasma : Gia na katalabeis ti "8ewrei" enas cracker oti aksizei,
prepei na ksanagineis 15 etwn - kai na gineis shmera, me to current
mindset, oxi me ayto poy isxye otan hsoun esy 15 etwn. To posous
"ksebrakwtous" mporei na brei to 15xrono einai (kai htan) pera apo ton
orizonta ths logikhs tou. To ka8oristiko krithrio htan (kai mallon akoma
einai) to "poso magkiths mporw na to paiksw an piasw ksebrakwto ton X".
Kapote to UNIX htan ena ligaki mysthriwdes pragma pou to xrhsimopoiousan
se kati merh poy gargalousan th fantasia tou 15xronou ("8a mpw stous
servers ths CIA"). Shmera poy UNIX xrhsimopoiei kai h "Mayropordatos
Eisagwgai Kwloxartwn Monoproswph EPE", ayto to fantasiako exei arxisei
eytyxws ligaki na f8inei, opote oi crackers to exoun riksei se alles
asxolies - kyriws prospa8oun na anebasoun level to xarakthra tous sto WoW.
>>> 1) Πως μπορώ να κάνω detect αν κάποιος μου κάνει nmap myaddress για να
>>> βρει όλες τις open ports?
>>>
>> Kaneis listen se kammia 10aria axrhsimopoihtes alla dhlwmenes sto
>> /etc/services portes. Ean kapoios xtyphsei panw apo 2-3 apo aytes, kata pasa
>> pi8anothta sou kanei scan (opote mporeis katey8eian na ton kopseis).
>>
>
> κάτι έτοιμο απλό στο στήσιμο υπάρχει (ένα full IDS με περίπλοκο
> στήσιμο ίσως να είναι overkill αν απλά έχεις την περιέργεια να δεις ΑΝ
> εκτός από πρόχειρα probes αντιμετωπίζεις και εμπεριστατωμένα probes)?
>
Den antimetwpizeis. Believe me.
To pws ta ksexwrizeis, einai megalh istoria. Synh8ws den mporeis - apla
to katalabaineis ek twn ysterwn. Systhmatikes prospa8eies prosbashs apo
to idio IP einai mia psiloendeiksh, alla den isxyei panta, oute einai
panta eykolo na ftaseis sto shmeio na tis katalabaineis/katagrafeis.
Oso gia ton portscan detector, mporeis na grapseis monos sou enan se
ligh perl me to Net::Server - pistepse me, exei perissotero endiaferon
apo to na xrhsimopoihseis thn kakogrammenh ahdia pou 8a breis sto
freshmeat. De 8a piaseis stealth scans, alla ayta sxedon kaneis den ta
pianei etsi ki alliws.
--
Christos Ricudis - 687474703a2f2f74696e7975726c2e636f6d2f7072726d336f
More information about the Linux-greek-users
mailing list