LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-10-2003, 08:24 AM   #1
juanb
Member
 
Registered: May 2002
Posts: 401

Rep: Reputation: 30
testing my site for exploits


Hi !!
I want to check my sites security so what I did is I ran nmap and saw some open ports now how can I check what vulnerability and exploits I can run against those open ports and see how my site or computer behaves?

thanks
 
Old 08-10-2003, 10:16 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596
LQ ain't the place to ask for exploits or URI's to exploits. We're not that kind of board.

Besides that, if it's a live site, then I would advice against testing security that way. If runnin Nessus ain't enough, and you think it necessary to run exploits, please set up a box on your private and secured LAN to toy with, or run something like UML to curb risks wrt to unpredictable behaviour. Also, what tools have you loaded/put into place to "see how your site or computer behaves"? Are you sure you'll be capturing all changes made with those? And how are those possibly vulnerable daemons configured? Running as root? Chrooted?

If you want to check if a particular version of an application is vulnerable, consult the docs (like syslog-ng mentions a few angles of attack for instance), your vendors security reports and/or ask on their mailinglists/boards/NG's, look in the CVE database, or any respectable security site.

If you're willing to post a list in the form of name+version+release I'm sure we could help find out if these are vulnerable.
 
Old 08-10-2003, 01:10 PM   #3
juanb
Member
 
Registered: May 2002
Posts: 401

Original Poster
Rep: Reputation: 30
can u please explain to me some words that u used ? what is:

uml ,curb,chrooted cve databases.

so where can I find exploits?

I just want to test the real thing...
I will copy and beckup my site before.

thanks
 
Old 08-10-2003, 01:41 PM   #4
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
You should rather look for information on howto SECURE your machine than exploiting it. Exploiting is lame ...
 
Old 08-10-2003, 07:02 PM   #5
smeyer
LQ Newbie
 
Registered: Jul 2003
Posts: 4

Rep: Reputation: 0
You want exploits go to http://packetstormsecurity.com .
 
Old 08-10-2003, 07:21 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596Reputation: 3596
can u please explain to me some words that u used ?
uml,curb,chrooted cve.

so where can I find exploits?
LQ is not the place to ask for exploits or URI's to exploits. We're not that kind of board.
(This also means members shouldn't post URI's here.)
 
Old 08-24-2003, 09:16 PM   #7
h1tman
Member
 
Registered: Jul 2003
Distribution: Slackware 11
Posts: 439

Rep: Reputation: 30
Quote:
Originally posted by markus1982
You should rather look for information on howto SECURE your machine than exploiting it. Exploiting is lame ...
cant secure it if your not testing it against exploits.
 
Old 08-24-2003, 09:41 PM   #8
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 262Reputation: 262Reputation: 262
Quote:
Originally posted by h1tman
cant secure it if your not testing it against exploits.
Apparently your not understanding what unSpawn and markus1982 are trying to make aware here on this thread and question.

Do not encourage exploiting on this site please, like we mentioned before, we don't do that here. There are better and more helpful ways to educate others on securing their Linux machines other than exploiting.

Regards.
 
Old 09-01-2003, 08:22 AM   #9
FikseGTS
LQ Newbie
 
Registered: Aug 2003
Posts: 2

Rep: Reputation: 0
Juanb, try www.networkscanning.com or similar service if you don't have time to setup a scanner and test everything yourself.....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Testing Site Bandwidth belorion General 1 11-29-2004 02:15 PM
Setup as getting debian testing files from ftp - will it stay with testing BrianHenderson Debian 2 09-02-2004 07:06 PM
php site testing on my local LAN duffboygrim Linux - General 2 05-16-2004 03:54 AM
Exploits sopiaz57 Linux - Security 1 11-05-2003 09:41 PM
Web Site Security Testing g_goblin Linux - Security 2 12-03-2002 05:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration