1. Trang chủ
  2. » Công Nghệ Thông Tin

HACK PROOFING YOUR NETWORK INTERNET TRADECRAFT phần 1 pptx

50 391 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 50
Dung lượng 856,25 KB

Nội dung

“Ryan Russell has an important message for us all: ‘What you don’t know will hurt you…’“ — Kevin Mitnick NETWORK HACK PROOFING YOUR INTERNET TRADECRAFT Ryan Russell, SecurityFocus.com Stace Cunningham, CLSE, COS/2E, CLSI, COS/2I, CLSA Foreword by Mudge, Security Advisor to the White House and Congress “This book provides a bold, unsparing tour of information security that never swerves from the practical.” —Kevin L. Poulsen Editorial Director SecurityFocus.com THE ONLY WAY TO STOP A HACKER IS TO THINK LIKE ONE: Rain Forest Puppy Elias Levy, Bugtraq Blue Boar, Vuln-dev Dan “Effugas” Kaminsky, Cisco Systems Oliver Friedrichs, SecurityFocus.com Riley “Caesar” Eller, Internet Security Advisors Greg Hoglund, Click To Secure Jeremy Rauch Georgi Guninski 95_pgwFP.qx 11/22/00 12:45 PM Page 1 With over 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco study guides in print, we have come to know many of you personally. By listening, we've learned what you like and dislike about typical computer books. The most requested item has been for a web-based service that keeps you current on the topic of the book and related technologies. In response, we have created solutions@syngress.com, a service that includes the following features: ■ A one-year warranty against content obsolescence that occurs as the result of vendor product upgrades. We will provide regular web updates for affected chapters. ■ Monthly mailings that respond to customer FAQs and provide detailed explanations of the most difficult topics, written by content experts exclusively for solutions@syngress.com. ■ Regularly updated links to sites that our editors have determined offer valuable additional information on key topics. ■ Access to “Ask the Author”™ customer query forms that allow readers to post questions to be addressed by our authors and editors. Once you've purchased this book, browse to www.syngress.com/solutions. To register, you will need to have the book handy to verify your purchase. Thank you for giving us the opportunity to serve you. solutions@syngress.com 95_hack_prod_00FM.qx 7/13/00 3:41 PM Page i 95_hack_prod_00FM.qx 7/13/00 3:41 PM Page ii HACK PROOFING NETWORK: INTERNET TRADECRAFT YOUR 95_hack_prod_00FM.qx 7/13/00 3:41 PM Page iii Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or pro- duction (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents. The Work is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limi- tation may not apply to you. You should always use reasonable case, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media® and Syngress® are registered trademarks of Syngress Media, Inc. “Career Advancement Through Skill Enhancement™,” “Ask the Author™,” “Ask the Author UPDATE™,” and “Mission Critical™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 AB7153MGC6 002 KTY864GHPL 003 SRS587EPHN 004 TYP244KBGK 005 468ZJRHGM9 006 1LBVBC7466 007 6724ED1M84 008 CCVX153SCC 009 MKM719ACK 010 NJGMB98445 PUBLISHED BY Syngress Media, Inc. 800 Hingham Street Rockland, MA 02370 Hack Proofing Your Network: Internet Tradecraft Copyright © 2000 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publica- tion. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN: 1-928994-15-6 Product Line Manager: Kate Glennon Index by: Robert Saigh Technical Edit by: Stace Cunningham Copy Edit by: Beth Roberts and Ryan Russell Proofreading by: Adrienne Rebello and Ben Chadwick Co-Publisher: Richard Kristof Page Layout and Art: Reuben Kantor and Kate Glennon Distributed by Publishers Group West 95_hack_prod_00FM.qx 7/13/00 3:41 PM Page iv We would like to acknowledge the following people for their kindness and support in making this book possible. Richard Kristof, Duncan Anderson, Jennifer Gould, Robert Woodruff, Kevin Murray, Dale Leatherwood, Rhonda Harmon, and Robert Sanregret of Global Knowledge, for their generous access to the IT industry’s best courses, instructors and training facilities. Ralph Troupe and the team at Callisma for their invaluable insight into the challenges of designing, deploying and supporting world-class enterprise networks. Karen Cross, Kim Wylie, Harry Kirchner, John Hays, Bill Richter, Kevin Votel, Brittin Clark, Sarah Schaffer, Ellen Lafferty and Sarah MacLachlan of Publishers Group West for sharing their incredible marketing experience and expertise. Mary Ging, Caroline Hird, and Simon Beale of Harcourt International for making certain that our vision remains worldwide in scope. Annabel Dent, Anneka Baeten, Clare MacKenzie, and Laurie Giles of Harcourt Australia for all their help. David Buckland, Wendi Wong, David Loh, Marie Chieng, Lucy Chong, Leslie Lim, Audrey Gan, and Joseph Chan of Transquest Publishers for the enthusiasm with which they receive our books. Kwon Sung June at Acorn Publishing for his support. Ethan Atkin at Cranbury International for his help in expanding the Syngress program. Special thanks to the professionals at Osborne with whom we are proud to publish the best-selling Global Knowledge Certification Press series. v Acknowledgments 95_hack_prod_00FM.qx 7/13/00 3:41 PM Page v At Global Knowledge we strive to support the multiplicity of learning styles required by our students to achieve success as technical professionals. As the world's largest IT training company, Global Knowledge is uniquely positioned to offer these books. The expertise gained each year from pro- viding instructor-led training to hundreds of thousands of students world- wide has been captured in book form to enhance your learning experience. We hope that the quality of these books demonstrates our commitment to your lifelong learning success. Whether you choose to learn through the written word, computer based training, Web delivery, or instructor-led training, Global Knowledge is committed to providing you with the very best in each of these categories. For those of you who know Global Knowledge, or those of you who have just found us for the first time, our goal is to be your lifelong competency partner. Thank your for the opportunity to serve you. We look forward to serving your needs again in the future. Warmest regards, Duncan Anderson President and Chief Executive Officer, Global Knowledge vi From Global Knowledge 95_hack_prod_00FM.qx 7/13/00 3:41 PM Page vi vii Ryan Russell has been working in the IT field for over ten years, the last five of which have been spent primarily in information security. He has been an active participant in various security mailing lists, such as Bugtraq, for years. Ryan has served as an expert witness, and has done internal security investi- gation for a major software vendor. Ryan has contributed to three other Syngress books, on the topics of networking. He has a degree in computer sci- ence from San Francisco State University. Ryan is presently employed by SecurityFocus.com. Ryan would like to dedicate his portion of the work to his wife, Sara, for putting up with him while he finished this book. Introduction, Chapters 1, 2, 4, 5, 10, and 13 Blue Boar has been interested in computer security since he first discovered that a Northstar multiuser CP/M system he worked on as a high school freshman had no memory protection, so all the input and output from all terminals were readable by any user. Many years ago he founded the Thievco Main Office BBS, which he ran until he left home for college. Recently, Blue Boar was resurrected by his owner for the purpose of publishing security information that his owner would rather not have associated with himself or his employers. Blue Boar is best known currently as the moderator of the vuln-dev mailing list (vuln-dev@securityfocus.com) which is dedicated to the open investigation and development of security holes. Contributed to Chapter 6 Riley (caezar) Eller is a Senior Security Engineer for the Internet Security Advisors Group, where he works on penetration and security tool develop- ment. He has extensive experience in operating system analysis and design, reverse engineering, and defect correction in closed-source and proprietary operating systems, without the benefit of having access to the source code. Mr. Eller is the first to reveal ASCII-armored stack overflow exploits. Prior to his employment with ISAG, Mr. Eller spent six years developing operating systems for Internet embedded devices. His clients have included government and mili- tary contractors and agencies, as well as Fortune 500 companies, worldwide. Products on which he has worked have been deployed on systems as varied as Enterprise Desktop, Global Embedded Internet, Hard Time Real Analyses and Contributors 95_hack_prod_00FM.qx 7/13/00 3:41 PM Page vii Single Tasking Data Collection. Mr. Eller has spoken about his work at infor- mation security industry conferences such as Black Hat, both in the United States and in Asia. He is also a frequent panel member for the “Meet the Enemy” discussion groups. Contributed to Chapter 8 Georgi Guninski is a security consultant in Bulgaria. He is a frequent con- tributor to security mailing lists such as Bugtraq, where he is well-known for his discovery of numerous client-side holes, frequently in Internet Explorer. In 1997, he created the first buffer overflow exploits for AIX. Some of his most visible work has included numerous exploits that could affect subscribers of Microsoft’s Hotmail service. He is frequently quoted in news articles. Georgi holds an MA in international economic relations from the University of National and World Economy in Bulgaria. His web page can be found at www.nat.bg/~joro. Contributed to Chapter 13 Oliver Friedrichs has over ten years of experience in the information security industry, ranging from development to management. Oliver is a co-founder of the information security firm SecurityFocus.com. Previous to founding SecurityFocus.com, Oliver was a co-founder and Vice President of Engineering at Secure Networks, Inc., which was acquired by Network Associates in 1998. Post acquisition, Oliver managed the development of Network Associates’s award-winning CyberCop Scanner network auditing product, and managed Network Associates’ vulnerability research team. Oliver has delivered training on computer security issues for organizations such as the IRS, FBI, Secret Service, NASA, TRW, Canadian Department of Defense, RCMP and CSE. Chapter 9 Greg Hoglund is a software engineer and researcher. He has written several successful security products for Windows NT. Greg also operates the Windows NT Rootkit project, located at www.rootkit.com. He has written several white papers on content-based attacks, kernel patching, and forensics. Currently he works as a founder of Click To Secure, Inc., building new security and quality- assurance tools. His web site can be found at www.clicktosecure.com. He would like to thank all the Goons of DefCon, Riley (caezar) Eller, Jeff Moss, Dominique Brezinski, Mike Schiffman, Ryan Russell, and Penny Leavy. Chapter 8 viii 95_hack_prod_00FM.qx 7/13/00 3:41 PM Page viii Dan Kaminsky, also known as “Effugas”, primarily spends his time designing security infrastructure and cryptographic solutions for Cisco Systems’ Advanced Network Services division. He is also the founder of the multi- disciplinary DoxPara Research (www.doxpara.com), and has spent several years studying both the technological and psychological impacts of networked systems as deployed in imperfect but real user environments. His primary field of research at the present is known as Gateway Cryptography, which seeks ideal methodologies to securely traverse non-ideal networks. Chapter 11 Elias Levy is the moderator of Bugtraq, one of the most read security mailing lists on the Internet, and a co-founder of Security Focus. Throughout his career, Elias has served as computer security consultant and security engineer for some of the largest corporations in the United States, and outside of the computer security industry, he has worked as a UNIX software developer, a network engineer, and system administrator. Chapter 15 Mudge is the former CEO and Chief Scientist of renowned ‘hacker think-tank’ the L0pht, and is considered the nation’s leading ‘grey-hat hacker.’ He and the original members of the L0pht are now heading up @stake’s research labs, ensuring that the company is at the cutting edge of Internet security. Mudge is a widely sought-after keynote speaker in various forums, including analysis of electronic threats to national security. He has been called to testify before the Senate Committee on Governmental Affairs and to be a witness to the House and Senate joint Judiciary Oversight committee. Mudge has briefed a wide range of members of Congress and has conducted training courses for the Department of Justice, NASA, the US Air Force, and other government agencies. In February, following the wave of denial of service attacks on con- sumer web sites, Mudge participated in President Clinton’s security summit at the White House. He joined a small group of high tech executives, privacy experts, and government officials to discuss Internet security. A recognized name in crytpanalysis, Mudge has co-authored papers with Bruce Schneier that were published in the 5th ACM Conference on Computer and Communications Security, and the Secure Networking – CQRE International Exhibition and Congress. He is the original author of L0phtCrack, the award winning NT password auditing tool. In addition, Mudge co-authored AntiSniff, the world’s first com- mercial remote promiscuous mode detection program. He has written over a dozen advisories and various tools, many of which resulted in numerous CERT advisories, vendor updates, and patches. Foreword ix 95_hack_prod_00FM.qx 7/13/00 3:41 PM Page ix [...]... Used Distributed.net Deep Crack 12 1 12 2 12 2 12 3 12 6 12 6 12 8 13 2 13 6 14 0 14 0 14 1 14 2 14 2 14 3 14 5 14 6 14 6 14 6 14 7 14 9 14 9 15 1 15 3 15 4 15 7 15 9 16 3 16 4 16 6 16 6 16 7 16 7 16 9 95 _hack_ prod_toc 7 /13 /00 3:43 PM Page xvii Contents Real Cryptanalysis Differential Cryptanalysis Side-Channel Attacks Summary Additional Resources FAQs 16 9 17 0 17 2 17 3 17 3 17 4 Chapter 7: Unexpected Input 17 7 Introduction Why Unexpected... Happens When I Overflow a Buffer? Methods to Execute Payload Direct Jump (Guessing Offsets) Blind Return Pop Return 17 8 17 8 17 9 17 9 18 1 18 5 18 6 18 6 18 9 19 0 19 4 19 4 19 4 19 5 19 5 19 6 19 6 19 7 19 8 19 8 19 8 19 9 200 200 200 2 01 2 01 202 203 204 204 207 207 210 216 216 216 218 xvii 95 _hack_ prod_toc xviii 7 /13 /00 3:43 PM Page xviii Contents Call Register Push Return What Is an Offset? No Operation (NOP) Sled Off-by-One... 61 61 62 63 63 64 64 64 64 64 65 67 68 68 68 79 82 82 83 85 88 89 90 91 92 94 95 95 97 97 98 10 1 10 2 10 2 10 2 10 2 10 5 10 5 10 7 10 7 10 8 11 2 11 3 11 7 xv 95 _hack_ prod_toc xvi 7 /13 /00 3:43 PM Page xvi Contents Problems Cost/Availability of Tools Obtaining/Creating a Duplicate Environment How to Secure Against These Methodologies Limit Information Given Away Summary Additional Resources FAQs 11 7 11 7 11 8 11 8... Revenge Legal/Moral Issues What’s Illegal Reasonably Safe What’s Right? Exceptions? The Hacker Code Why This Book? Public vs Private Research Who Is Affected when an Exploit Is Released? Summary FAQs 1 2 2 2 3 5 6 6 7 8 9 9 10 11 12 13 14 15 15 16 16 17 17 19 19 21 22 23 23 24 25 26 27 28 xiii 95 _hack_ prod_toc xiv 7 /13 /00 3:43 PM Page xiv Contents Chapter 2 Laws of Security Introduction What Are the Laws... Sabotage Subtlety Will Get You Everywhere 300 3 01 302 302 302 303 304 305 307 308 308 308 308 309 309 311 312 312 312 313 313 314 314 316 317 318 320 320 3 21 324 326 328 329 329 329 330 3 31 332 332 333 95 _hack_ prod_toc 7 /13 /00 3:43 PM Page xxi Contents Selective Failure for Selecting Recovery Attacking SSL through Intermittent Failures Summary FAQs Chapter: 12 Server Holes Introduction What Are Server... 219 220 220 2 21 2 21 222 222 223 225 225 225 226 226 237 237 238 238 238 243 245 246 247 247 247 247 2 51 253 253 257 258 Part III: Remote Attacks Chapter 9: Sniffing What Is “Sniffing?” How Is Sniffing Useful to an Attacker? How Does It Work? What to Sniff? Authentication Information Telnet (Port 23) FTP (Port 21) POP (Port 11 0) IMAP (Port 14 3) NNTP (Port 11 9) rexec (Port 512 ) rlogin (Port 513 ) X 11. .. on Hack Proofing that we’ll do six and nine months after the book’s publication You can also download an electronic version of the book if you like These features are all found at: www.syngress.com/solutions www.syngress.com xxix 95 _hack_ prod_00Intro 7 /13 /00 3:46 PM Page xxx part1_prech 01 7 /13 /00 6:55 PM Page 1 Part I Theory and Ideals part1_prech 01 7 /13 /00 6:55 PM Page 2 95 _hack_ prod_ 01 7 /13 /00 7: 01. .. PM Page 2 95 _hack_ prod_ 01 7 /13 /00 7: 01 AM Page 1 Chapter 1 Politics Solutions in this chapter: s What does the word “hacker” mean? s Isn’t hacking immoral and/or illegal? s Don’t most hackers work “underground?” s Doesn’t releasing exploits help the bad guys? s Why would you teach people to do this stuff? 1 95 _hack_ prod_ 01 2 7 /13 /00 7: 01 AM Page 2 Chapter 1 • Politics Introduction Before we launch into... the director of research and development xi 95 _hack_ prod_00FM.qx 7 /13 /00 3: 41 PM Page xii 95 _hack_ prod_toc 7 /13 /00 3:43 PM Page xiii Contents Foreword xxiii Introduction xxvii Part I: Theory and Ideals Chapter 1: Politics Introduction Definitions of the Word Hacker Hacker Cracker Script Kiddie Phreak White Hat/Black Hat Grey Hat Hacktivism The Role of the Hacker Criminal Magician Security Professional... www.dictionary.com/cgi-bin/dict.pl?term=hacker www.syngress.com 95 _hack_ prod_ 01 7 /13 /00 7: 01 AM Page 3 Politics • Chapter 1 Naturally, we’re concerned with the term hacker as it relates to computers This version of the word has come into such wide popular use that it has almost entirely eliminated the use of the word hacker for all other purposes One of the most popular definitions that hackers themselves prefer . Methodologies 11 8 Limit Information Given Away 11 9 Summary 11 9 Additional Resources 12 0 FAQs 12 0 Part II: Theory and Ideals Chapter 5: Diffing 12 1 Introduction 12 2 What Is Diffing? 12 2 Files 12 3 Tools 12 6 File. 10 1 Introduction 10 2 Types of Problems 10 2 Black Box 10 2 Chips 10 2 Unknown Remote Host 10 5 Information Leakage 10 5 Translucent Box 10 7 Tools 10 7 System Monitoring Tools 10 8 Packet Sniffing 11 2 Debuggers,. Sniff? 2 61 Authentication Information 2 61 Telnet (Port 23) 2 61 FTP (Port 21) 262 POP (Port 11 0) 262 IMAP (Port 14 3) 262 NNTP (Port 11 9) 263 rexec (Port 512 ) 263 rlogin (Port 513 ) 264 X 11 (Port

Ngày đăng: 14/08/2014, 04:21