LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-23-2007, 05:40 PM   #1
LinuxGeek1968
LQ Newbie
 
Registered: Apr 2007
Location: Austin,Texas
Posts: 8

Rep: Reputation: 0
Question I was wondering about ethical hacks.


Do many Admins do ethical hacking of their own network looking for potential threats?

I was wondering if it would help my Linux career to be more than familiar with hacking in all its forms?
 
Old 04-23-2007, 06:06 PM   #2
nadroj
Senior Member
 
Registered: Jan 2005
Location: Canada
Distribution: ubuntu
Posts: 2,539

Rep: Reputation: 60
if your a network administrator, it would absolutely help. there are companies devoted to just this. sorry for the short answer!
 
Old 04-23-2007, 07:26 PM   #3
phantom_cyph
Senior Member
 
Registered: Feb 2007
Location: The Tropics
Distribution: Slackware & Derivatives
Posts: 2,472
Blog Entries: 1

Rep: Reputation: 128Reputation: 128
My view of ethical hacking is this: a policeman has to know how to shoot a gun to protect the community, but the criminal can also shoot a gun. Hacking is like a gun, the knowledge in the right hands is a useful tool, in the wrong hands of a cracker or black hat is dangerous.
 
Old 04-23-2007, 10:09 PM   #4
rocket357
Member
 
Registered: Mar 2007
Location: 127.0.0.1
Distribution: OpenBSD-CURRENT
Posts: 485
Blog Entries: 187

Rep: Reputation: 74
Quote:
Originally Posted by kalabanta
My view of ethical hacking is this: a policeman has to know how to shoot a gun to protect the community, but the criminal can also shoot a gun. Hacking is like a gun, the knowledge in the right hands is a useful tool, in the wrong hands of a cracker or black hat is dangerous.
I agree completely...

And it's my opinion that good admins know how to identify break-ins, but the GREAT ones break in to their own systems (or at least know how to test for vulnerabilities with real "blackhat" tools and what to do with problems they find) so they're ahead of the game in terms of prevention. Like Kalabanta stated, the knowledge is just a tool...it's up to you to determine how you use it.
 
Old 04-24-2007, 08:12 AM   #5
nomb
Member
 
Registered: Jan 2006
Distribution: Debian Testing
Posts: 675

Rep: Reputation: 58
I don't think you will have one person who is knowledgeable about network administration tell you otherwise. I have a few servers myself and I might not be able to just go out and take over any computer (or want to for that matter) but I definately scan my own with tools looking for vulnerabilities. I would say tho, don't focus on the 'tools'. If you can learn how to do something manually you need to so you can understand what the 'tool' is doing. Obviously I'm not talking about port scanning or anything easy like that but go out and (for example) if you have ftp running, find an exploit for your version of ftp and take a look at the source code. It's probably be some sort of buffer overflow but still try to learn as much as you can about how it is done and not so much on what can do it for u. (please keep in mind that knowing the tools is important as well.) However if u take the time to learn what is going on, where u might have only been able to block the vulnerability from one program u then can fix it for all. I just had a son and haven't gotten any sleep for awhile so if this doesn't make since I apoligize.

nomb


***EDIT*** I would look into running some virtual machines for you to test agains so u don't mess up your box.
 
Old 04-24-2007, 09:09 AM   #6
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 556Reputation: 556Reputation: 556Reputation: 556Reputation: 556Reputation: 556
Google for Darknet.[org|com|net] if you want 'ethical' hacking tools designed to help you try to hack into your own server for educational purposes.
There's some very well written stuff there; just keep in mind though that as good as they are, every hack leaves behind a trail.
I helped admin a re-seller server for a while and it was very slickly hacked by some of the tools available from Darknet, and they left the tools behind as an example. Had they not, there was still the server logs and ISP records to track them down. They didn't 'destroy' anything, but were just showing us how crappy our security was..
 
Old 04-24-2007, 09:22 AM   #7
nomb
Member
 
Registered: Jan 2006
Distribution: Debian Testing
Posts: 675

Rep: Reputation: 58
Ya they were definately trying to make a statement. LoL If they had been serious they would have crond a script to remove their lines out of the logs. Thats really funny they left the tools.

***EDIT***

Few other sites:

insecure.org
securityfocus.com
neworder.box.sk

Last edited by nomb; 04-24-2007 at 09:33 AM.
 
Old 04-24-2007, 09:39 AM   #8
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
It's usually called "penetration testing" by professionnals

http://www.derkeiler.com/Mailing-Lis...ocus/pen-test/
 
Old 04-24-2007, 09:44 AM   #9
nomb
Member
 
Registered: Jan 2006
Distribution: Debian Testing
Posts: 675

Rep: Reputation: 58
Who said any of us were professionals?

ethical/penetration testing/white-hat its all the same.
 
Old 04-24-2007, 09:46 AM   #10
nx5000
Senior Member
 
Registered: Sep 2005
Location: Out
Posts: 3,307

Rep: Reputation: 57
I was answering to the person asking the question
Quote:
Do many Admins do ethical hacking of their own network looking for potential threats?

I was wondering if it would help my Linux career to be more than familiar with hacking in all its forms?
Admin
Carrer
...

Professional

"White hat" and "ethical hacking" is script-kiddies terminology.
 
Old 04-24-2007, 09:49 AM   #11
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 556Reputation: 556Reputation: 556Reputation: 556Reputation: 556Reputation: 556
Well, the tool they did leave behind was something of a self-contained shell, and was quite capable of wiping the entire server AND the MySQL databases with less than 2 or 3 clicks. It was a full GUI-based shell with replication abilities etc.. I think if they had intended to be malicious, erasing the logs would have been unnecessary, as the entire machine would have been empty
 
Old 04-24-2007, 10:00 AM   #12
nomb
Member
 
Registered: Jan 2006
Distribution: Debian Testing
Posts: 675

Rep: Reputation: 58
Sry, thought you were refering to myself.

And yup they are 'script kiddie' terminology. Considering his question I figured I'd use terms he's probably heard before.

Something I would like to know tho is with the white-hat certifications that are out there I wonder if they do show you how to write your own. I would assume they would which would in my opinion take white-hat out of the 'script kiddie' classification. I dont know if they do tho so don't quote me on that.

One more thing, most definitions tie script-kiddies to using programs to 'attack' computers. So I was originally gonna say that most everyone could be classified as a 'script-kiddie' once they use nmap to scan, but now looking at it, since technically your not 'attacking' the computer do you think that would still count?
 
Old 04-24-2007, 10:41 AM   #13
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158
Quote:
Originally Posted by nomb
One more thing, most definitions tie script-kiddies to using programs to 'attack' computers. So I was originally gonna say that most everyone could be classified as a 'script-kiddie' once they use nmap to scan, but now looking at it, since technically your not 'attacking' the computer do you think that would still count?
Port and host scans may not damage, but I don't think they're acceptable either. I think it depends on the intent. Why are they scanning? Just because its considered legal (some countries deem it illegal)? I try to avoid scanning hosts and networks that aren't mine unless absolutely necessary (ie, if I am almost certain the box that scanned me is compromised, I'll almost certainly scan it, unless it is a government system, and I'll only scan it from a non-home and non-work system). You may also want to check your ISP's policy on conducting scans, as I normally send automated reports of scan activity found in my logs to ISPs...depending on the nature of the activity, I do get responses back informing me that IPs were taken offline. Remember, compromised machines do attempt to propagate their badness...that usually involves scans of some sort (although they usually generate large scans).

In the broad sense, scanning is usually a precursor to some type of questionable activity. I do incident response for a living and normally report scans, although they are usually considered low priority since a scan usually isn't malicious. If I see a host scan against a Class B, I report it, and, one hour later, see more scans from the same source IP but looking for running services on hosts found during the first scan, the priority escalates. Granted, its nothing but scanning, but there's a definitive trend.

Why the diatribe? People use the technicality that a scan isn't an attack a good bit these days, while, behind the scenes, there ARE people out in the world wide web that consider it rude and actually watch for this type of activity...all because of a few truly bad people. If you wouldn't scan an FBI/CIA/NSA computer from your home, you probably shouldn't scan anyone else's IP(s) either. If they don't hunt you down (depends on what you're doing and how they perceive it), its almost a guarantee that your ISP will be notified. The potential trouble lessens when you scan a home account...business/govt netrange owners will probably react differently.
 
Old 04-24-2007, 10:56 AM   #14
phantom_cyph
Senior Member
 
Registered: Feb 2007
Location: The Tropics
Distribution: Slackware & Derivatives
Posts: 2,472
Blog Entries: 1

Rep: Reputation: 128Reputation: 128
Are all these tools mentioned before for windows or Linux?
 
Old 04-24-2007, 11:57 AM   #15
nomb
Member
 
Registered: Jan 2006
Distribution: Debian Testing
Posts: 675

Rep: Reputation: 58
what r u looking for i can tell u for either.

For linux I would definately recomend:

nmap
nessus
john the ripper
wireshark
netcat

For windows I would recomend:

nmap
lc5
john the ripper
cain n able
wireshark
netcat

For webbased pages I would recomend:

any structure downloader
firefox with web devel addon and agent switcher

Since none of these actually 'attack' the computer, you shouldn't be called a script kiddie for using them. Altho from a programming standpoint, why wasted the time writting your own when u can recycle someone elses.

Last edited by nomb; 04-24-2007 at 12:00 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
CEH - Certified Ethical Hacker Crito Linux - Certification 4 11-18-2006 08:33 PM
What is the best platform of Linux for ethical-hackers? maximus1u2 Linux - General 2 02-24-2005 11:09 AM
An ethical question about Mandrake Dreamcast Mandriva 5 07-15-2004 06:13 AM
Gentoo - Ethical? bkeating Linux - Distributions 17 04-15-2003 06:22 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:49 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration