LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > 2004 LinuxQuestions.org Members Choice Awards
User Name
Password
2004 LinuxQuestions.org Members Choice Awards This forum is for the 2004 LinuxQuestions.org Members Choice Awards.
You can now vote for your favorite products of 2004. This is your chance to be heard! Voting closes on February 3rd.

Notices

View Poll Results: Security App of the Year
nmap 195 37.14%
snort 39 7.43%
Nessus 63 12.00%
chkrootkit 43 8.19%
Tripwire 17 3.24%
tcpdump 15 2.86%
kismet 21 4.00%
fwBuilder 7 1.33%
ClamAv 82 15.62%
Firestarter 43 8.19%
Voters: 525. You may not vote on this poll

 
 
Search this Thread
Old 01-25-2005, 06:10 AM   #31
zaichik
Member
 
Registered: May 2004
Location: Iowa USA
Distribution: CentOS
Posts: 419

Rep: Reputation: 30

This was tough. I went with Nessus.
 
Old 01-26-2005, 11:10 AM   #32
LinuxLala
Senior Member
 
Registered: Aug 2003
Location: New Delhi, India
Distribution: Fedora 7
Posts: 1,305

Rep: Reputation: 45
I couldn't decide between nmap and snort. Used both, liked both

And only votes will tell if Kismet is any popular. 'Coz I always thought it was good only to detect wireless networks in my neighbourhood. That's what I used it for anyways
 
Old 01-26-2005, 11:17 AM   #33
hari_seldon99
Member
 
Registered: Jun 2003
Location: Front of PC
Distribution: Linux Mandrake
Posts: 212

Rep: Reputation: 30
Quote:
Originally posted by LinuxLala
I couldn't decide between nmap and snort. Used both, liked both

And only votes will tell if Kismet is any popular. 'Coz I always thought it was good only to detect wireless networks in my neighbourhood. That's what I used it for anyways
Hey, to detect wireless networks, just do "iwlist wlan0 scan".
U'll need kismet or airsnort to SNIFF wireless networks, not to detect them!
 
Old 01-26-2005, 11:54 AM   #34
LinuxLala
Senior Member
 
Registered: Aug 2003
Location: New Delhi, India
Distribution: Fedora 7
Posts: 1,305

Rep: Reputation: 45
Quote:
Originally posted by hari_seldon99
Hey, to detect wireless networks, just do "iwlist wlan0 scan".
U'll need kismet or airsnort to SNIFF wireless networks, not to detect them!
Oops, my bad. I did mean SNIFF. Sorry for being so off the mark
 
Old 01-31-2005, 10:47 AM   #35
mas00d
LQ Newbie
 
Registered: Jan 2005
Location: India
Distribution: Redhat9
Posts: 13

Rep: Reputation: 0
tcpdump.
 
Old 02-01-2005, 03:34 AM   #36
mishu_b
LQ Newbie
 
Registered: Feb 2004
Posts: 27

Rep: Reputation: 15
nmap
 
Old 02-01-2005, 08:05 AM   #37
catworld
Member
 
Registered: Nov 2004
Location: Horseheads, New York
Distribution: Mandriva 2010.1 / KDE 4.5.2, Slax, Knoppix, Backtrack & etc...
Posts: 198

Rep: Reputation: 36
tough choice

I've got snort toiling away on my smoothwall at the moment, really rely on it. And for entirely different purposes I fire up nmapfe almost daily. Probably only because I actually touch nmap daily it gets my vote. Poor ol' snort, doing it's job silently and efficiently... tough choice indeed.
 
Old 02-01-2005, 01:05 PM   #38
Medievalist
Member
 
Registered: Aug 2003
Distribution: Dead Rat
Posts: 175

Rep: Reputation: 37
SSH for the forseeable future

There ought to be an OpenSSH listing, regardless of what other polls it is listed in.

Nearly any insecure application can be secured by appropriate use of the OpenSSH toolset, and (regardless of what the theorists and ivor-tower scientists say) the PHBs will not throw away a mature application that cost millions of dollars to develop even if it's /trivially/ crackable.

If you ever have to retro-fit thousands of data transfers to comply with HIPAA regulations, SFTP (which is part of OpenSSH) will do the job.

OpenSSH lets you replace rsh, telnet, rlogin, and rcp, for example, without modifying the hundreds (if not thousands) of scripts your users have installed that call these programs.

If you've ever tried to install a vendor product that the PHBs absolutely *insist* must be installed, that calls rsh for installation and operation, you know how WONDERFUL OpenSSH really is!

If you've ever ripped out telnet and discovered that dozens of operator SOPs are utterly reliant on it, you know how WONDERFUL OpenSSH really is!

If you've ever found a compromised end-user machine running on your network that is doing ARP redirection and packet sniffing, you etc. etc. etc.

Real-world, OpenSSH absolutely RULES.
 
Old 02-01-2005, 01:48 PM   #39
catworld
Member
 
Registered: Nov 2004
Location: Horseheads, New York
Distribution: Mandriva 2010.1 / KDE 4.5.2, Slax, Knoppix, Backtrack & etc...
Posts: 198

Rep: Reputation: 36
Re: SSH for the forseeable future

Quote:

If you've ever found a compromised end-user machine running on your network that is doing ARP redirection and packet sniffing, you etc. etc. etc.

Real-world, OpenSSH absolutely RULES. [/B]
Medievalist,

Indeed! How could I have overlooked SSH!!! Presently I tunnel gnomemeeting through it, among many other uses. "Greatest app overall" category, perhaps? The grand prize winner in my book!

BTW I discovered a few months back that our local cable ISP was broadcasting about 40 ARP's a second. Looked like about 40% of bandwith consumption, at least on my interface. I alerted the ISP but never heard from them. It started suddenly, went on a few weeks then ended. When I traced the source I found out the given IP (an unassigned one, reserved exclusively to the ISP, BTW) was a spoof, the real source was the IANA black hole server... in one hop. Probably why I never heard back! What ever was that all about?

catworld
 
Old 02-01-2005, 03:53 PM   #40
Medievalist
Member
 
Registered: Aug 2003
Distribution: Dead Rat
Posts: 175

Rep: Reputation: 37
Probably somebody on the local leg running something like dsniff.

People who are wise to ARP redirection are generally hip to IP spoofing also.

You need strict host key checking and out-of-band key distribution to prevent man-in-the-middle attacks on SSH when tools as sophisticated as dsniff are in use. USB sticks are cheap now so you can use them for key distribution, and carry one in your pocket all the time.
 
Old 02-01-2005, 04:30 PM   #41
catworld
Member
 
Registered: Nov 2004
Location: Horseheads, New York
Distribution: Mandriva 2010.1 / KDE 4.5.2, Slax, Knoppix, Backtrack & etc...
Posts: 198

Rep: Reputation: 36
Quote:

You need strict host key checking and out-of-band key distribution to prevent man-in-the-middle attacks on SSH when tools as sophisticated as dsniff are in use. USB sticks are cheap now so you can use them for key distribution, and carry one in your pocket all the time.

Medievalist,

I must confess to being a newbie at SSH, I've gotten V2 to work exactly once. But at least that was after I distributed the keys via my trusty USB stick that is indeed in my pocket all the times! Problem I encountered thereafter was appending other keys to ~/.ssh/known_hosts. I could only get it to work with one key (each side) in there, and found zip on the net explaining how to append this file properly... so it's V1 for now. : - (

By strict host key checking do you mean use ssh2 only?

Thanks for the fire under my feet though, I'll get v2 working one way or other, post haste!

catworld
 
Old 02-02-2005, 10:55 AM   #42
Medievalist
Member
 
Registered: Aug 2003
Distribution: Dead Rat
Posts: 175

Rep: Reputation: 37
Quote:
By strict host key checking do you mean use ssh2 only?
Well, I do recommend ssh2 only, but ssh1 is far better than cleartext protocols. I don't think anyone has cracked ssh v1.6 yet... I could be wrong.

"Strict host key checking" is an option that can be enabled in SSH that will not allow connection to a host if the host key is unknown or if it changes. You can read about it (if OpenSSH is installed) with a "man ssh" command.

The format for known_hosts is documented in the (huge) sshd man page. You could make an example of one with multiple keys, though, by doing a "ssh 127.0.01" and allowing the key to be added, then doing a "ssh hostname" (using the hostname of the local machine). I think that should give you a known_hosts file with two entries to look at.
 
  


 


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Award: Security app of the year KayJay LQ Suggestions & Feedback 1 01-29-2003 10:04 PM


All times are GMT -5. The time now is 06:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration