Sinkholes in Network security: 5 easy steps to deploy a darknet
October 24, 2006
When system and network admins talk about plugging all the holes and securing their network of denial -of -service attacks, one of the least talked about but one of the most effective network security technique is sinkholing. So what exactly is this ’sinkholing’? This article is part 1 of a two series each expanding an implementing a different kind of sinkhole.
A sinkhole is defined as a method in which we redirect specific IP network traffic for different security reasons including analysis, diversion of attacks and detection of anomalous activities. It has long been deployed by Tier-1 ISP’s globally usually to protect their downstream customers. However, for the network administrators, sinkholes are generally deployed to provide valuable intelligence regarding the security threats their networks are facing. Read on below for more information on sinkholes and the two kinds of sinkhole implementation — darknets and honeynets and how you can use them to obtain valuable information regarding threats and misconfigurations in your network.
If you liked this article, click here to buy me a beer!Dear visitor, Happy New Year to you and thanks for dropping by. If you enjoyed reading this post, you may want to subscribe to my RSS feed. Thanks for visiting!
Comprehensive guide on how to secure your Wireless network
October 20, 2006
The age of wireless computing has brought unprecedented freedom and mobility for computer systems users in a variety of circumstances. These days wireless networking products are so ubiquitous and inexpensive that just about anyone can set up a WLAN in a matter of minutes with less than $100 worth of equipment. This widespread use of wireless networks means that there may be dozens of potential network intruders lurking within range of your home or college dorm or office WLAN.
The risks
Wireless networks don’t stop at the walls of your home. In fact, wireless networks often extend more than 300 feet from your wireless router. If you live in an apartment, dorm, or condominium, you may have dozens of neighbors who can access your wireless network. If you live in a house, your neighbors and even people on the street may be able to connect to your network.
It’s one thing to let a neighbor borrow your lawn mower, but you should think twice about allowing anyone to access your home network. There are several good reasons for this. People who can connect to your wireless network might be able to:
a. Slow down your Internet performance
b. View files on your computers and spread dangerous software
c. Monitor the Web sites you visit, read your e-mail and instant messages as they travel across the network, and copy your usernames and passwords
d. Send spam or perform illegal activities with your Internet connection
By setting up security features on your wireless network, you can make it very difficult for uninvited guests to connect.
| Wireless networks are becoming increasingly popular, but they introduce additional security risks. If you have a wireless network, make sure to take appropriate precautions to protect your information. |
Complete guide to Wi-Fi Security at Hot-Spots
October 20, 2006
That said, even if these public hotspots used closed networks and enabled encryption on their networks, making their customers go through hoops to get connected, there would still be no way to tell a “legitimate” client from a “malicious” one out to hack other customers’ data. Anyone with a credit card can sign up for hotspot service. So what can you do to protect yourself at a public hotspot? Plenty…
If you liked this article, click here to buy me a beer!How to setup ssh to tunnel VNC traffic throught the Internet
October 20, 2006
Installing an SSH Server on Windows
Local port forwarding requires an SSH server running on the Windows machine. OpenSSH is provided as part of Cygwin which is an environment similar to Linux for Windows. Cygwin provides an install and update utility (setup.exe) to retrieve packages from the Internet. When you install Cygwin, select the OpenSSH package (available in the Net category). Once installed, complete the Cygwin configuration as shown below…
If you liked this article, click here to buy me a beer!How to develop ShellCode, a crucial point of any exploit software
October 20, 2006
How an Exploit Works
Take any exploit downloaded from the internet that promises you an easy root shell on a remote machine, and examine its source code. Find the most unintelligible piece of the code; it will be there, for sure. Most probably, you will find a several lines of strange and unrelated symbols; something like this:
If you liked this article, click here to buy me a beer!How to detect a Rootkit on your machine
October 20, 2006
These programs will help the intruders clean up their tracks, as well as provide access back into the system.
Root kits will sometimes leave processes running so that the intruder can come back easily and without the system administrator’s knowledge.
Solution
chkrootkit V. 0.46a
Nelson Murilo [nelson@pangeia.com.br] (main author)
Klaus Steding-Jessen [jessen@cert.br] (co-author)
This program locally checks for signs of a rootkit.
chkrootkit is available at: http://www.chkrootkit.org/
This tool includes software developed by the DFN-CERT, Univ. of Hamburg (chklastlog and chkwtmp), and small portions of ifconfig developed by Fred N. van Kempen, [waltje@uwalt.nl.mugnet.org].
What’s chkrootkit?
If you liked this article, click here to buy me a beer!How to hide your email address from spammers, a thorough guide
October 20, 2006
How email spammers operate? Email addresses always contain an @ symbol. Most spambots do a pattern-search for likely combinations of letters (abc@xyz.com) like billgates@microsoft.com or larrypage@google.org in the HTML source of webpages. Often they just search for the @ character and grab all the letters on each side on the assumption that it’s a valid email address.
How to keep your email address available to humans but invisible to email spiders? There are tons of Email Address Protector software that claim to protect your email address in web pages and get rid of junk mail - Don’t waste your money, they only encode your email or generate a javascript snippet. We will discuss manual email encoding techniques here. If a visitor clicks an encryped email link on your website, it will work as normal, but spam robots will not be able to extract the address from the link. If you liked this article, click here to buy me a beer!
Recent Comments