Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
There are TONS of network and/or security tools on the WWW. If you're getting bored, you aren't looking hard enough.
That, and messing with ettercap and a little arp doesn't exactly sound like a lot. Maybe you should list some of the things you've done so that we have an idea of what you've tried already.
I don't keep a listing of tools such as szboardstretcher does, so you should probably be a bit more specific as to what your goals are. I do have some decent bookmarks at my delicious site, though (look at the network and security tags, or anything else that you're curious about)...maybe that will help you some?
Well with ettercap i was sniffing the network. You know, intercepting all packets and logging them so that i could go through them. Grep searching ftw haha!
I was also doing ettercap -T -q -M ARP:REMOTE // // to intercept some passwords :P
After a while of that i got bored and i have now managed to setup Nessus. Plan on setting up metasploit framework with it because upon looking around i guess you can do some...things...with these two when used together.
Well with ettercap i was sniffing the network. You know, intercepting all packets and logging them so that i could go through them. Grep searching ftw haha!
I was also doing ettercap -T -q -M ARP:REMOTE // // to intercept some passwords :P
After a while of that i got bored and i have now managed to setup Nessus. Plan on setting up metasploit framework with it because upon looking around i guess you can do some...things...with these two when used together.
Ever try becoming proficient with tcpdump (or its cousin, Snort)? It has a TON of options, probably much more than ettercap (the manpage is HUGE!). There are other tools. Try PADS (passive asset detection system). Try Samhain (a HIDS). Try Snort (a NIDS...try to learn it via commandline only). Try to get intimate (as well as you can) with a flavor of scripting language. Install a web server and run modsecurity (an application firewall) on it. Your choices are limitless.
IMO, ettercap/netcat (or any other similar tool) is cheating. Try it with tools that are usually only allowed on a corporate network. If I have to investigate a possible intrusion at my work, I won't be able to use ettercap. I might be able to get away with Wireshark or tcpdump (tcpdump, if I have proper permissions), though. I usually place limitations on what I do only because that's what would happen IRL at a job site. Most people who have an interest in network security always focus on the 'hot' tools, such as Nessus and Metasploit and distros such as Backtrack. Security is much more than that. A security expert should know a bit of every aspect of computing. I've seen people who were proficient in running Nessus not know what to do with the scan results (one should know how to secure what holes are found if one is to be considered a security expert). For instance, needlessly running services that are found will need to be turned off (you'll need to know how to do that). Suppose Nessus states that your version of Apache is vulnerable to 'attack X'...how do you patch your current version of Apache without removing your current version of Apache and it's data? In the corporate arena, you're going to have to upgrade but not negatively affect the business (ie, money) as little as possible. What about forensics? So, you're seeing what looks to be a host on your LAN that has some type of trojan. Your boss wants you to determine the who/what/when/where/why/how of the trojan affecting the host, AND if other internal hosts were also compromised. How will you do that? How do you find what services are running on a host that you don't have login access to, without using scanning tools such as nmap or nessus?
The answers to those types of questions will get you FAR! And you learn most of that by learning and applying investigative techniques and by usually using simple network tools.
Im just a senior at high school. lol. But really, thank you! I will definitely look into these tools. As of right now im not a really guru with network security and honestly don't think I will head that way for a career. But you never know, if i pick up on it pretty heavy then i just may. Like i said, definitely going to look into some of the tools that you mentioned. Thanks!
I started really young with all the security stuff and bla bla bla.... At first, I jumped the gun and straight to programs like nmap and such. Only a few years back I became proficient with tcpdump, snort, etc. Learn those tools first, as it will help you out in the long run. Read all of the man pages, and test everything on your own network. p0f is a good one too.... make sure to check that out. Tshark is another one.... I know it's the backend to wireshark, but learn about it and learn how to manipulate it and get it to do what you need it to do. Also understand the inner workings of networking, tcp packets, ack, etc... the list goes on. Become good and proficient first before you start exploring into this script kiddy age....
Thanks josh. As as easy as scripts can be i try to stay away from them. For instance i have been using ettercap via command line. Today i started using Nessus and Metasploit together. Still definitely learning the details of those two but im kinda getting things down. Kinda. Will check out some of the things you guys have listed.
I'm not saying to use scripts though; I use scripts all the time as a time saver. Just be sure you understand what is fully going on in the background. Check out wifite at the following link: http://code.google.com/p/wifite/
This is a perfect example of what I mean. It is a python script, but I do not recommend using it unless you understand the workings of the source code, and the commands and parameters being used.
Edit - To add to that, I write my own scripts. Just wanted to put that out there.
I'm just a senior at high school. lol. But really, thank you! I will definitely look into these tools. As of right now im not a really guru with network security and honestly don't think I will head that way for a career. But you never know, if i pick up on it pretty heavy then i just may. Like i said, definitely going to look into some of the tools that you mentioned. Thanks!
Being a senior in high school means that you don't have to recover from any bad habits, as you're still a budding security professional. Developing a basic understanding of the mechanics of TCP/IP will help greatly in analyzing security issues in the future, and even 20 years from now, you'll still be learning, as it is a vast field (and technology never sits and waits). Age really doesn't factor in. Sooner or later you'll be working in a corporate environment and it sounds like you aspire to become a security professional.
From my understanding, they're teaching a lot of infosec in high school now. Count yourself lucky. IT wasn't the way it is now in high schools. In my case, we strictly coded in BASIC and Pascal...and we weren't even concerned with buggy code or looking at things from a security perspective.
Being an senior in high school means that you don't have to recover from any bad habits, as you're still a budding security professional. Developing a basic understanding of the mechanics of TCP/IP will help greatly in analyzing security issues in the future, and even 20 years from now, you'll still be learning, as it is a vast field (and technology never sits and waits). Age really doesn't factor in. Sooner or later you'll be working in a corporate environment and it sounds like you aspire to become a security professional.
From my understanding, they're teaching a lot of infosec in high school now. Count yourself lucky. IT wasn't the way it is now in high schools. In my case, we strictly coded in BASIC and Pascal...and we weren't even concerned with buggy code or looking at things from a security perspective.
hehehe. Yeah it is pretty great, and i figured that since I am starting now that it would help me at least a little bit in the future!
Most workplaces have acceptable usage policies, which are designed to guide the employee on the network resource usage. Sniffers are usually frowned upon, as is any type of network or vulnerability scanners...usually anything that can either be intrusive or damaging isn't allowed, although a network admin can usually use such tools to help in his/her daily duties. He/she would have to ensure that those tools are approved by management, though. Then, there's also what's called the insider threat. It is widely known that employees have the most potential to damage/steal company assets due to the fact that they're already inside the network. A disgruntled employee can leave logic bombs on the network before he/she is fired or quits (if he/she knows its coming), steal private data and sell it later on, create backdoors so that they can sneak in after they're laid off... I could discuss elaborate more on this but this should be enough for you to understand.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.