LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-08-2011, 11:05 AM   #1
dirtydog7655
Member
 
Registered: Jan 2011
Posts: 47

Rep: Reputation: 0
Looking for some fun stuff to do


Alright so I have been messing around with ettercap and with with a little bit of arping. Running out of things to do though!

Ideas? New programs? If you list a program i can probably find some guides on how to use it and what not, but for now im in the dark.

Thanks!
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 03-08-2011, 11:19 AM   #2
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,237

Rep: Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651Reputation: 1651
https://sites.google.com/site/networkingtoolsinfosite/

I made this site. It has a list of networking tools I wanted to remember. Might be of interest to you.
 
2 members found this post helpful.
Old 03-08-2011, 12:07 PM   #3
dirtydog7655
Member
 
Registered: Jan 2011
Posts: 47

Original Poster
Rep: Reputation: 0
ohhhhh. So far am i liking some of the things i am seeing on this page. Very useful.
 
Old 03-08-2011, 12:41 PM   #4
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
There are TONS of network and/or security tools on the WWW. If you're getting bored, you aren't looking hard enough.

That, and messing with ettercap and a little arp doesn't exactly sound like a lot. Maybe you should list some of the things you've done so that we have an idea of what you've tried already.

I don't keep a listing of tools such as szboardstretcher does, so you should probably be a bit more specific as to what your goals are. I do have some decent bookmarks at my delicious site, though (look at the network and security tags, or anything else that you're curious about)...maybe that will help you some?

Last edited by unixfool; 03-08-2011 at 12:42 PM.
 
Old 03-08-2011, 01:25 PM   #5
dirtydog7655
Member
 
Registered: Jan 2011
Posts: 47

Original Poster
Rep: Reputation: 0
Well with ettercap i was sniffing the network. You know, intercepting all packets and logging them so that i could go through them. Grep searching ftw haha!

I was also doing ettercap -T -q -M ARP:REMOTE // // to intercept some passwords :P

After a while of that i got bored and i have now managed to setup Nessus. Plan on setting up metasploit framework with it because upon looking around i guess you can do some...things...with these two when used together.
 
Old 03-08-2011, 02:50 PM   #6
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by dirtydog7655 View Post
Well with ettercap i was sniffing the network. You know, intercepting all packets and logging them so that i could go through them. Grep searching ftw haha!

I was also doing ettercap -T -q -M ARP:REMOTE // // to intercept some passwords :P

After a while of that i got bored and i have now managed to setup Nessus. Plan on setting up metasploit framework with it because upon looking around i guess you can do some...things...with these two when used together.
Ever try becoming proficient with tcpdump (or its cousin, Snort)? It has a TON of options, probably much more than ettercap (the manpage is HUGE!). There are other tools. Try PADS (passive asset detection system). Try Samhain (a HIDS). Try Snort (a NIDS...try to learn it via commandline only). Try to get intimate (as well as you can) with a flavor of scripting language. Install a web server and run modsecurity (an application firewall) on it. Your choices are limitless.

IMO, ettercap/netcat (or any other similar tool) is cheating. Try it with tools that are usually only allowed on a corporate network. If I have to investigate a possible intrusion at my work, I won't be able to use ettercap. I might be able to get away with Wireshark or tcpdump (tcpdump, if I have proper permissions), though. I usually place limitations on what I do only because that's what would happen IRL at a job site. Most people who have an interest in network security always focus on the 'hot' tools, such as Nessus and Metasploit and distros such as Backtrack. Security is much more than that. A security expert should know a bit of every aspect of computing. I've seen people who were proficient in running Nessus not know what to do with the scan results (one should know how to secure what holes are found if one is to be considered a security expert). For instance, needlessly running services that are found will need to be turned off (you'll need to know how to do that). Suppose Nessus states that your version of Apache is vulnerable to 'attack X'...how do you patch your current version of Apache without removing your current version of Apache and it's data? In the corporate arena, you're going to have to upgrade but not negatively affect the business (ie, money) as little as possible. What about forensics? So, you're seeing what looks to be a host on your LAN that has some type of trojan. Your boss wants you to determine the who/what/when/where/why/how of the trojan affecting the host, AND if other internal hosts were also compromised. How will you do that? How do you find what services are running on a host that you don't have login access to, without using scanning tools such as nmap or nessus?

The answers to those types of questions will get you FAR! And you learn most of that by learning and applying investigative techniques and by usually using simple network tools.

Last edited by unixfool; 03-08-2011 at 11:18 PM.
 
1 members found this post helpful.
Old 03-09-2011, 07:30 PM   #7
dirtydog7655
Member
 
Registered: Jan 2011
Posts: 47

Original Poster
Rep: Reputation: 0
O.O

Im just a senior at high school. lol. But really, thank you! I will definitely look into these tools. As of right now im not a really guru with network security and honestly don't think I will head that way for a career. But you never know, if i pick up on it pretty heavy then i just may. Like i said, definitely going to look into some of the tools that you mentioned. Thanks!
 
Old 03-09-2011, 08:16 PM   #8
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,818

Rep: Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004
To add what unixfool said...

I started really young with all the security stuff and bla bla bla.... At first, I jumped the gun and straight to programs like nmap and such. Only a few years back I became proficient with tcpdump, snort, etc. Learn those tools first, as it will help you out in the long run. Read all of the man pages, and test everything on your own network. p0f is a good one too.... make sure to check that out. Tshark is another one.... I know it's the backend to wireshark, but learn about it and learn how to manipulate it and get it to do what you need it to do. Also understand the inner workings of networking, tcp packets, ack, etc... the list goes on. Become good and proficient first before you start exploring into this script kiddy age....

Josh
 
Old 03-09-2011, 08:34 PM   #9
dirtydog7655
Member
 
Registered: Jan 2011
Posts: 47

Original Poster
Rep: Reputation: 0
Thanks josh. As as easy as scripts can be i try to stay away from them. For instance i have been using ettercap via command line. Today i started using Nessus and Metasploit together. Still definitely learning the details of those two but im kinda getting things down. Kinda. Will check out some of the things you guys have listed.
 
Old 03-09-2011, 08:44 PM   #10
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,818

Rep: Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004Reputation: 1004
I'm not saying to use scripts though; I use scripts all the time as a time saver. Just be sure you understand what is fully going on in the background. Check out wifite at the following link:
http://code.google.com/p/wifite/
This is a perfect example of what I mean. It is a python script, but I do not recommend using it unless you understand the workings of the source code, and the commands and parameters being used.

Edit - To add to that, I write my own scripts. Just wanted to put that out there.
 
Old 03-10-2011, 07:17 AM   #11
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by dirtydog7655 View Post
O.O

I'm just a senior at high school. lol. But really, thank you! I will definitely look into these tools. As of right now im not a really guru with network security and honestly don't think I will head that way for a career. But you never know, if i pick up on it pretty heavy then i just may. Like i said, definitely going to look into some of the tools that you mentioned. Thanks!
Being a senior in high school means that you don't have to recover from any bad habits, as you're still a budding security professional. Developing a basic understanding of the mechanics of TCP/IP will help greatly in analyzing security issues in the future, and even 20 years from now, you'll still be learning, as it is a vast field (and technology never sits and waits). Age really doesn't factor in. Sooner or later you'll be working in a corporate environment and it sounds like you aspire to become a security professional.

From my understanding, they're teaching a lot of infosec in high school now. Count yourself lucky. IT wasn't the way it is now in high schools. In my case, we strictly coded in BASIC and Pascal...and we weren't even concerned with buggy code or looking at things from a security perspective.

Last edited by unixfool; 03-10-2011 at 08:16 AM.
 
1 members found this post helpful.
Old 03-10-2011, 07:57 AM   #12
dirtydog7655
Member
 
Registered: Jan 2011
Posts: 47

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unixfool View Post
Being an senior in high school means that you don't have to recover from any bad habits, as you're still a budding security professional. Developing a basic understanding of the mechanics of TCP/IP will help greatly in analyzing security issues in the future, and even 20 years from now, you'll still be learning, as it is a vast field (and technology never sits and waits). Age really doesn't factor in. Sooner or later you'll be working in a corporate environment and it sounds like you aspire to become a security professional.

From my understanding, they're teaching a lot of infosec in high school now. Count yourself lucky. IT wasn't the way it is now in high schools. In my case, we strictly coded in BASIC and Pascal...and we weren't even concerned with buggy code or looking at things from a security perspective.
hehehe. Yeah it is pretty great, and i figured that since I am starting now that it would help me at least a little bit in the future!
 
Old 03-10-2011, 12:21 PM   #13
dirtydog7655
Member
 
Registered: Jan 2011
Posts: 47

Original Poster
Rep: Reputation: 0
btw unixfool, my friend would like to know why you cant use ettercap in your workplace?
 
Old 03-10-2011, 01:28 PM   #14
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Most workplaces have acceptable usage policies, which are designed to guide the employee on the network resource usage. Sniffers are usually frowned upon, as is any type of network or vulnerability scanners...usually anything that can either be intrusive or damaging isn't allowed, although a network admin can usually use such tools to help in his/her daily duties. He/she would have to ensure that those tools are approved by management, though. Then, there's also what's called the insider threat. It is widely known that employees have the most potential to damage/steal company assets due to the fact that they're already inside the network. A disgruntled employee can leave logic bombs on the network before he/she is fired or quits (if he/she knows its coming), steal private data and sell it later on, create backdoors so that they can sneak in after they're laid off... I could discuss elaborate more on this but this should be enough for you to understand.
 
1 members found this post helpful.
Old 03-10-2011, 07:15 PM   #15
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
I've reported this thread to an admin. Apparently, someone has a history of trolling.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Fun stuff I can do with my server? Snouser Debian 3 11-01-2006 10:59 PM
fun dual network stuff FliesLikeABrick Linux - Networking 26 09-13-2005 10:53 PM
Fun stuff we've installed Kroenecker Linux From Scratch 2 10-08-2004 05:03 AM
add your fun quotes and stuff Mattentaart General 16 05-05-2004 04:24 PM
linux fun stuff punt Linux - General 14 08-30-2001 07:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration