crackers are OS agnostic [was: ssh probing]

Christos Ricudis ricudis at itc.auth.gr
Thu Jun 11 10:18:17 EEST 2009


Nick Demou wrote:
>   μάλλον πέρασαν οι καλές μέρες που α) admins με μεράκι φροντίζανε
> τους linux servers και 

Nai, giati th shmeron hmera oi sysadmins exoun na kanoun kai kammia 
douleia (na grapsoun kanena paradoteo, na perasoun merika timologia, na 
koubalhsoun kanena kibwtio apo thn apo8hkh, ktl).

Systems security was *always* counter-productive, se pollapla epipeda. 
Poso mallon shmera,  pou :

1) Ta pragmata apo th mia pleyra exoun aplopoih8ei se ba8mo ahdias. 
Kapote otan katalabaines oti prepei na antikatasthseis ena hackemeno 
mhxanhma ebrizes 8eous kai daimones (akoma to kaneis, alla pio xalara). 
Shmera apla ksanasthneis ena debian, ksanapernas to /var/www/ kai eisai 
etoimos.

2) To update exei ginei eykolh ypo8esh. apt-get update ; apt-get 
upgrade. Kapote ena kainourio exploit shmaine oti eprepe na ksanakaneis 
compile eks'arxhs ton apache, to openSSL, thn PHP, thn libc, ton kernel, 
kai ton mikrokwdika tou 80386.

3) Exoun *sxedon* eksafanistei apo proswpou ghs ta targeted attacks 
(deite thn tainia tou Boulgarh, "Ola Einai Botnets").

4) Oi maintainers einai pleon arketa security conscious, me eksairesh 
aytous poy grafoun random number generators sto Debian.

> β) οι crackers θεωρούσαν ότι δεν αξίζει να
> ασχολούνται με linux targets γιατί βρίσκαν ελάχιστους "ξεβράκωτους".
>   

Aksiwma : Statistika kanenas den asxolietai me cracking meta th nohtikh 
hlikia twn 15 etwn.

Symperasma : Gia na katalabeis ti "8ewrei" enas cracker oti aksizei, 
prepei na ksanagineis 15 etwn - kai na gineis shmera, me to current 
mindset, oxi me ayto poy isxye otan hsoun esy 15 etwn. To posous 
"ksebrakwtous" mporei na brei to 15xrono einai (kai htan) pera apo ton 
orizonta ths logikhs tou. To ka8oristiko krithrio htan (kai mallon akoma 
einai) to "poso magkiths mporw na to paiksw an piasw ksebrakwto ton X".

Kapote to UNIX htan ena ligaki mysthriwdes pragma pou to xrhsimopoiousan 
se kati merh poy gargalousan th fantasia tou 15xronou ("8a mpw stous 
servers ths CIA"). Shmera poy UNIX xrhsimopoiei kai h "Mayropordatos 
Eisagwgai Kwloxartwn Monoproswph EPE", ayto to fantasiako exei arxisei 
eytyxws ligaki na f8inei, opote oi crackers to exoun riksei se alles 
asxolies - kyriws prospa8oun na anebasoun level to xarakthra tous sto WoW.

>>>  1) Πως μπορώ να κάνω detect αν κάποιος μου κάνει nmap myaddress για να
>>> βρει όλες τις open ports?
>>>       
>> Kaneis listen se kammia 10aria axrhsimopoihtes alla dhlwmenes sto
>> /etc/services portes. Ean kapoios xtyphsei panw apo 2-3 apo aytes, kata pasa
>> pi8anothta sou kanei scan (opote mporeis katey8eian na ton kopseis).
>>     
>
> κάτι έτοιμο απλό στο στήσιμο υπάρχει (ένα full IDS με περίπλοκο
> στήσιμο ίσως να είναι overkill αν απλά έχεις την περιέργεια να δεις ΑΝ
> εκτός από πρόχειρα probes αντιμετωπίζεις και εμπεριστατωμένα probes)?
>   

Den antimetwpizeis. Believe me.

To pws ta ksexwrizeis, einai megalh istoria. Synh8ws den mporeis - apla 
to katalabaineis ek twn ysterwn. Systhmatikes prospa8eies prosbashs apo 
to idio IP einai mia psiloendeiksh, alla den isxyei panta, oute einai 
panta eykolo na ftaseis sto shmeio na tis katalabaineis/katagrafeis.

Oso gia ton portscan detector, mporeis na grapseis monos sou enan se 
ligh perl me to Net::Server - pistepse me, exei perissotero endiaferon 
apo to na xrhsimopoihseis thn kakogrammenh ahdia pou 8a breis sto 
freshmeat. De 8a piaseis stealth scans, alla ayta sxedon kaneis den ta 
pianei etsi ki alliws.

-- 
Christos Ricudis - 687474703a2f2f74696e7975726c2e636f6d2f7072726d336f



More information about the Linux-greek-users mailing list