in order to have a better understanding of network security for some time i have been studying ther "other" side.

be it analyzing worms
newfound honeynets
reading of course

now this question please dont misinterpret. I'm not some kiddie who is just looking for scripts. I seek knowledge, preferable from the real world threat itself.


Be it from a good website or book, etc.. I dont care. As long as I can continue to learn about hacking/defense then I dont mind the source.


Does anyone have any resources they would like to share. ive read a few security books and was very dissapointed. all talk and politics of hacking with no meat and potatoes.

Well being common sense about it, I typed in this:

http://www.hackers.com/

Looks like a pretty good site. Google can really be your friends here too.

You have a good point, to understand how they break in, you have to think like them, actually, better than them.

Wonder what hackers.org does.

af_dave -- If you ask me, the best place to start learning about Linux Security is with unSpawns's Security References right here at LQ. -- J.W.

I think you have a point. And it is great you take the time to do this... Perhaps you could help everyone and write your findings... and so make it easyer for other to contribute or continue your work. You'll find that the free software community is the best place to start this kind of projects.

I started using linux for hacking. But i could hack linux machines. I so gave up that idea and started using linux as a server and for networking. He is right. But must also learn attack to defend ourselves. And protect others. Cheers

hey now, we're all hackers here

dont let the media's interpretation of the word get you thinking that it's a bad thing. A hacker is a person who loves computers or software to the extent that they either write their own code or make changes to existing code. I think that description fits most of us linux users.

There is of course, a darker side to hacking. If you are interested in that, and how to defend against it, there's one surefire way to learn all you'd need to know. This is how I did it:

Set up all of your security measures on your internet connection, and your computer
Go onto a different computer in your house, or a friend's computer, and start trying to hack into yours.
Look around on google for programs or scripts that help you with this. You would need to be familiar with the major tools that these kiddys use.
If you can break into your system. Then you are going to need better security. Go back to the original computer, make a few changes, and try it again.

It does take a while, but you learn a lot of information that you probably wouldnt find otherwise. If you need help, google is the best place to go. If you are looking for more specific information, I would try to look for some of the darker channels on IRC. irc.subseven.ws is a good start.

Good luck!

You can also watch The Screen Savers on G4/Tech TV, if you can get it. They talk about security and how to test them. There are programs that can test all the ports and report the open ones and such.

There are some in Linux too. Snort can watch traffic. There are others. You can go here to test too. https://www.grc.com/x/ne.dll?bh0bkyd2 It is helpful to see what the world sees.

Post back the changes you make. We may need to change them too.

Later

I am no hacker... I haven't written a single line of code since I use linux... except of course various bash scripts... but I haven't actually hacked the Linux Kernel or any other program... but still.

Ok, sorry for making that assumption. However, sooner or later you'll probably end up getting started. For me, it was when I was having bugs with certain programs and I got so tired of it I just decided to try and fix it myself.

There are some good books on the subject that very advanced security pros use, but they're pretty far beyond most people's skill level.

Security Warrior is probably the most gentle of them (actually it's a little too general in some places, but other areas covers very thoroughly). The Shellcoder's Handbook is another one. Hacking: The Art of Deception looks fairly promising, although I haven't ventured very far into it yet. Interestingly, books on Quality Assurance testing methods are very useful to security practitioners. Titles like How to Break Software could prove useful.

Referring back to the thread title, I would not say that the best defense is a good offense. You are not at liberty to attack the attackers and vigilante justice is just a detriment to everyone, so in that sense you should definitely stay off the offensive.

Even learning security backwards (i.e. learn the attacks first) isn't that useful, because you don't learn the principles of defense that way. What you should study first is the business needs of security, different risk models, and different ways of handling risk. Once you understand the trade-offs that security provides, and how to make judgements on those trade-offs, then you can get into learning defense and mitigation techniques. Once you understand those concepts, you're finally ready to look in depth at attacks in action and how to defend against them. Unless you understand the reasons for security, it won't do you any good to know the attacks.

Even learning .* the attacks.
Very, very well put.
Couldn't agree more.

Thats a good one. I dont want to attack any linux PCs. Thats why i stop learning it. I want linux to be powerful enough to attack other operating systems(not bsd or unix or linux) and defend it self.That will be more fun. Like world wars. If a windows box launched a attack against any linux machine. Then all linux machines attack that windows box and other windows box and trash them. LOL. I know it is so weird, but i like this idea. What do u guys think.

I think you're heading for a prison sentence. There is never a justification to attack any machine, no matter what OS it's running or if it originated traffic that attacked other machines. It's illegal--period.

Your reasoning is flawed any way, no OS is better than another for launching attacks. It all has to do with the skills of the attacker (or the skills of the programmer who wrote the tools that the attacker is using).

I don't want to end up in prison or something like that. I know that no OS is better than another for launching attacks, but different OSes have different defence skills. I don't want to start any kind of hacking campaign here. All i meant is linux should defend itself by attacking back. I dont want this happen, i know its illegal. But just hoping. You attacking a virus back using another virus is good kind of defence. I hope u have heard about destroying some pests using another creature like spiders or something like that. It will be more fun to have a computer protected by viruses from other viruses. I know that i am going off topic, sorry about that. So let me stop it here. Cheers

Is attacking really illegal? I don't know. Should it be? Definetley no. If by the means of an attack you steal something (and i mean strictly money) then yes, you should go to prision. But if you get information (i.e. some file) then you are free to do it. As the owner of that file is free to take all the mesures he or she thinks necessary to pretect that information. I believe information must be free in order to improve our society as a whole, instead of only a few guys that own the 'copyrights'. Anyway, if you don't think as I do, then you can protect your own copyright as you wish... but that does not mean that I'm going to.

And if you attack me, I will attack you back, and I will not stop until you are destroyed and crying for mercy... isn't that what human society does anyway? (for those of you that will have something to say about these last few sentences... YES! they are sarcasm)