[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hacker's best friends

On Wed, 24 Jun 1998, Jochen Wiedmann wrote:
> I'd like to screen a foreign network for possible security problems.
> (The admin knows. :-) Can anyone recommend books, tools, sources
> or other things that help me?

Besides the standard firewall literature (Chapmann & Zwicky, Cheswick &
Belovin, Goncalves) there is one remarkable book for the uninitiated:
 Anounymous: Maximum Security, Sams, ISBN 1-57521-268-4
This is a good colection of references knowledge about the subject. See
comments about this book on amazon.com and on other places on the net.
Drawback: it's written mid '97.

> In particular I'd like to know how
> to
> 	- screen ports

what do you exactly mean with 'screen'? 

> 	- given a certain port number, find out what service it
> 	  is running (besides consulting /etc/services, of course :-)

ISS (commercial version) analyses some of the response strings.
A manual telnet to the port would give some information.
An automation of this could be done with expect.
Several services are chatty about her function (e.g. smtp, ssh, uucp,
telnet, ftp), others need some input (http).

> 	- given a certain service,  find out about possible
> 	  security holes of that service, at least by citing
> 	  a CERT document or something similar

I don't know about a free database with this information, but commercial
tools (like ISS) give these hints, they also say which patches should be

> 	- ideally try WinNuke, Teardrop, 64k-Ping or other well
> 	  known security holes

To use 'real tools' may pose you to the problem to decide if there was a
real attack or a test by one of your coleagues ;-)

> Btw, there's a german CD called "hacker's best friends". Does anyone
> know, if it's worth the money?

This CD (Edition III) has been created in 1997. It is a
collection of some 'tools' and other pieces collected from the internet.
Personaly I found nothing usable for me on this CD-ROM.


Hubert Weikert  DB1MQ  Member of DARC (www.darc.de) and FITUG (www.fitug.de)
weikert@cube.net  weikert@debian.org  weikert@compuserve.com  www.weikert.de
Key= 21978C61  fingerprint= 99 38 A5 83 C8 76 F4 E1  A7 9C B9 70 9A A7 70 10

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: