Скачиваний:
57
Добавлен:
15.03.2015
Размер:
5.14 Mб
Скачать

Hackers Beware

Eric Cole

Publisher: New Riders Publishing

First Edition August 13, 2001

ISBN: 0-7357-1009-0, 800 pages

A good defense starts with a thorough understanding of your opponent’s offense. Hackers Beware teaches you how hackers think, what tools they use, and the techniques they utilize to compromise a machine. Eric Cole, a leading expert in information security, shows you not only how to detect these attacks, but what you can do to protect yourself against them. When it comes to securing your site, knowledge is power. This book gives you the knowledge to build a proper defense against attackers.

Copyright © 2002 by New Riders Publishing

FIRST EDITION: August, 2001

All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review.

Library of Congress Catalog Card Number: 00102952

06 05 04 03 02 7 6 5 4 3 2 1

Interpretation of the printing code: The rightmost double-digit number is the year of the book’s printing; the right-most single-digit number is the number of the book’s printing. For example, the printing code 02-1 shows that the first printing of the book occurred in 2002.

Composed in Bembo and MCPdigital by New Riders Publishing

Printed in the United States of America

Trademarks

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. New Riders Publishing cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

Hackers Beware “ New Riders Publishing

1

Warning and Disclaimer

This book is designed to provide information about computer security. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied.

The information is provided on an as-is basis. The authors and New Riders Publishing shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it.

Credits

Publisher

David Dwyer

Associate Publisher

Al Valvano

Executive Editor

Stephanie Wall

Managing Editor

Kristy Knoop

Product Marketing Manager

Stephanie Layton

Publicity Manager

Susan Nixon

Acquisitions Editor

Jeff Riley

Development Editors

Katherine Pendergast

Joell Smith

Hackers Beware “ New Riders Publishing

2

Project Editor

Sean Monkhouse

Copy Editors

Kelli Brooks

Sarah Cisco

Indexer

Christine Karpeles

Manufacturing Coordinator

Jim Conway

Book Designer

Louisa Klucznik

Cover Designer

Aren Howell

Proofreaders

Katherine Shull

Mitch Stark

Composition

Amy Parker

Rebecca Harmon

I would like to dedicate this book to my wonderful son, Jackson. He is a blessing to me and brings joy and happiness to me every day.

Hackers Beware

About the Author

About the Technical Reviewers

Acknowledgments

Hackers Beware “ New Riders Publishing

3

Tell Us What You Think

Introduction

1. Introduction

The Golden Age of Hacking

How Bad Is the Problem?

What Are Companies Doing?

What Should Companies Be Doing?

Defense in Depth

Purpose of This Book

Legal Stuff

What’s Covered In This Book

Summary

2. How and Why Hackers Do It

What Is an Exploit?

The Attacker’s Process

The Types of Attacks

Categories of Exploits

Routes Attackers Use to Get In

Goals Attackers Try to Achieve

Summary

3. Information Gathering

Steps for Gathering Information

Information Gathering Summary

Red Teaming

Summary

4. Spoofing

Why Spoof?

Types of Spoofing

Summary

5. Session Hijacking Spoofing versus Hijacking Types of Session Hijacking TCP/IP Concepts

Detailed Description of Session Hijacking ACK Storms

Programs That Perform Hijacking Dangers Posed by Hijacking Protecting Against Session Hijacking Summary

6. Denial of Service Attacks

What Is a Denial of Service Attack?

What Is a Distributed Denial of Service Attack? Why Are They Difficult to Protect Against? Types of Denial of Service Attacks

Tools for Running DOS Attacks Tools for Running DDOS Attacks Preventing Denial of Service Attacks

Preventing Distributed Denial of Service Attacks Summary

Hackers Beware “ New Riders Publishing

4

7. Buffer Overflow Attacks

What Is a Buffer Overflow?

How Do Buffer Overflows Work?

Types of Buffer Overflow Attacks

Why Are So Many Programs Vulnerable?

Sample Buffer Overflow

Protecting Our Sample Application

Ten Buffer Overflow Attacks

Protection Against Buffer Overflow Attacks

Summary

8. Password Security

Typical Attack

The Current State of Passwords

History of Passwords

Future of Passwords

Password Management

Password Attacks

Summary

9. Microsoft NT Password Crackers

Where Are Passwords Stored in NT?

How Does NT Encrypt Passwords?

All Passwords Can Be Cracked (NT Just Makes It Easier)

NT Password-Cracking Programs

Comparison

Extracting Password Hashes

Protecting Against NT Password Crackers

Summary

10. UNIX Password Crackers

Where Are the Passwords Stored in UNIX?

How Does UNIX Encrypt Passwords?

UNIX Password-Cracking Programs

Comparison

Protecting Against UNIX Password Crackers

Summary

11. Fundamentals of Microsoft NT

Overview of NT Security

Availability of Source Code

NT Fundamentals

Summary

12. Specific Exploits for NT Exploits for NT Summary

13. Fundamentals of UNIX

Linux

Vulnerable Areas of UNIX

UNIX Fundamentals

Summary

14. Specific Exploits for UNIX

Hackers Beware “ New Riders Publishing

5

UNIX Exploits

Summary

15. Preserving Access

Backdoors and Trojans

Rootkits

NT Backdoors

Summary

16. Covering the Tracks

How To Cover One’s Tracks

Summary

17. Other Types of Attacks

Bind 8.2 NXT Exploit

Cookies Exploit

SNMP Community Strings

Sniffing and Dsniff

PGP ADK Exploit

Cisco IOS Password Vulnerability

Man-in-the-Middle Attack Against Key Exchange

HTTP Tunnel Exploit

Summary

18. SANS Top 10

The SANS Top 10 Exploits

Commonly Probed Ports

Determining Vulnerabilities Against the SANS Top 10

Summary

19. Putting It All Together

Attack Scenarios

Summary

20. Summary

Security Cannot Be Ignored General Tips for Protecting a Site

Things Will Get Worse Before They Get Better What Does the Future Hold?

Conclusion

A. References

Hacker/Security Related URLs

Hacker/Security Tools

General Security Related Sites

Hackers Beware “ New Riders Publishing

6

About the Author

Eric Cole (CISSP, CCNA, MCSE) is a former Central Intelligence Agency (CIA) employee who today is a highly regarded speaker for the SANS Institute. He has a BS and MS in Computer Science from New York Institute of Technology and is finishing up his Ph.D. in network security—emphasizing intrusion detection and steganography. Eric has extensive experience with all aspects of Information Security, including cryptography, steganography, intrusion detection, NT security, UNIX security, TCP/IP and network security, Internet security, router security, security assessment, penetration testing, firewalls, secure web transactions, electronic commerce, SSL, IPSEC, and information warfare. Eric is among SANS’ highest-rated instructors; he has developed several courses and speaks on a variety of topics. An adjunct professor at Georgetown University, Eric also has taught at New York Institute of Technology. He also created and led Teligent’s corporate security

About the Technical Reviewers

These reviewers contributed their considerable hands-on expertise to the entire development process for Hackers Beware. As the book was being written, these dedicated professionals reviewed all the material for technical content, organization, and flow. Their feedback was critical to ensuring that Hackers Beware fits our reader’s need for the highest quality technical information.

Scott Orr has been involved with the networking efforts of the Purdue School of Engineering and Technology at Indiana University-Purdue University at Indianapolis from the very beginning. Starting out as a 20-node Novell network, it expanded to include more the 400 Microsoft-and UNIX-based workstations within several years. Since then, he moved over to the computer science department where he manages all student and research lab PC and UNIX clusters. In addition, he teaches an undergraduate course and conducts research in the areas of system administration, networking, and computer security. Scott has also made numerous presentations to local industry on the deployment of Internet security measures and has assisted several large corporations with the configuration and testing of their firewalls.

Larry Paccone is a Senior National/Systems Security Analyst at Litton/TASC. As both a technical lead and project manager, he has worked in the Internet and network/systems security arena for more than seven years. He has been the technical lead for several network security projects supporting a government network/systems security research and development laboratory. Prior to that, Larry worked for five years at The Analytical Sciences Corporation (TASC) as a national security analyst assessing conventional military force structures. He has an MS in information systems, an M.A. in international relations, and a B.A. in political science. He also has completed eight professional certifications in network and systems security, internetworking, WANs, Cisco routing, and Windows NT.

Hackers Beware “ New Riders Publishing

7

John Furlong is an independent Network Security Consultant based in Dallas, Texas. After graduating from a university in England as a systems programmer, John immigrated to the United States. After extensive development of IDS signatures and modular software for business environments utilizing the Aggressor security suite, John opened his own consulting firm in 1998. John continues to develop and educate business professionals on the growing need for intranet and Internet security. As a freelance consultant, John has provided remote storage systems for security conscious industries, such as medical and insurance affiliations, and enhanced and strengthened operating systems for numerous Internet service providers.

Steve Smaha is an Austin-based angel investor and philanthropist. Previously he was founder and CEO of Haystack Labs, Inc., an early developer of Internet security software, until its acquisition in October 1997 by Trusted Information Systems (TIS). At TIS, Steve served as Vice President for Technology until TIS was acquired by Network Associates in April 1998. Since 1998, he has served on several computer company boards of directors and technical advisory boards and is actively involved in mentoring startup tech companies and working with non-profit organizations. He is married with a young child. His undergraduate degree is from Princeton University and graduate degrees are from the University of Pittsburgh and Rutgers University.

Patrick “Swissman” Ramseier, CCNA, GSEC, CISSP, is a Security Services Director for Exodus Communications, Inc. Exodus is a leading provider of complex Internet hosting for enterprises with mission-critical Internet operations. Patrick started as a UNIX system administrator. Over the past 13 years, he has been involved with corporate-level security architecture reviews, vulnerability assessments, VPN support, network and operating system security (UNIX-Solaris, Linux, BSD, and Windows NT/2000), training, research, and development. He has a B.A. in business and is working concurrently on his masters and doctorate in computer science

Acknowledgments

I wanted to thank New Riders for the help and support through this process. Mainly Jeff Riley, Katherine Pendergast, and Sean Monkhouse. They are a great publisher to work with.

I also wanted to thank SANS for having such a great organization. Alan Paller and Stephen Northcutt are wonderful people to work with and very helpful. They gave great advice and support through the entire process. Also, I want to thank all of the SANS GIAC students who provided excellent information via their practicals.

What always makes me nervous with acknowledgement sections is the thought that I am overlooking someone. When the book comes out I am going to remember who I forgot. So I am going to leave a blank line, so whoever I forgot can write their name into this section __________________________________________.

Now on to all of the great friends and family I have that have helped me through this process. Tony Ventimiglia, who has provided great editing support and who has been a great friend through thick and thin. Mathew Newfield, who has helped out in numerous ways—probably even in some ways that he doesn’t even know about. Jim Conley, who provided editing and guidance. Gary Jackson, who provides continual guidance, wisdom, knowledge and is a great friend. Marc Maloof, who has provided guidance and direction.

Most of all, I want to thank God for blessing me with a great life and a wonderful family: Kerry Magee Cole, a loving and supportive wife; my wonderful son Jackson, who brings joy and happiness to me everyday; Ron and Caroline Cole, and Mike and Ronnie Magee,

Hackers Beware “ New Riders Publishing

8

have been great parents to me—offering tons of love and support. I’d also like to thank my wonderful sister, brother-in-law, nieces, and nephews: Cathy, Tim, Allison, Timmy, and Brianna.

For anyone who I forget or did not mention by name, I thank all of my friends, family and co-workers who have supported me in a variety of ways through this entire process.

Tell Us What You Think

As the reader of this book, you are the most important critic and commentator. We value your opinion and want to know what we’re doing right, what we could do better, what areas you’d like to see us publish in, and any other words of wisdom you’re willing to pass our way.

As the Executive Editor for the Web Development team at New Riders Publishing, I welcome your comments. You can fax, email, or write me directly to let me know what you did or didn’t like about this book—as well as what we can do to make our books stronger.

Please note that I cannot help you with technical problems related to the topic of this book, and that due to the high volume of mail I receive, I might not be able to reply to every message.

When you write, please be sure to include this book’s title and author as well as your name and phone or fax number. I will carefully review your comments and share them with the author and editors who worked on the book.

Fax:

317-581-4663

Email:

stephanie.wall@newriders.com

Mail:

Stephanie Wall

 

Executive Editor

 

New Riders Publishing

 

201 West 103rd Street

 

Indianapolis, IN 46290 USA

 

 

Introduction

With so much going on in regard to network security (or the lack thereof), a book on this topic almost needs no introduction. Less than 10 years ago, most people didn’t even know what the Internet or email was. To take a further step back, most people did not even have computers at work or home, and some even questioned their usefulness. Things have really changed. As I am writing this, the Carousel of Progress ride at Disney World goes through my mind. Things that we considered science fiction a decade ago are not only a reality, but an engrained part of our life. Heck, if the dedicated line at my house goes down for more than 30 minutes, my wife is screaming at me to fix it. This is truly the age of computers.

From a functionality standpoint, computers are great when they are stand-alone devices. If I have a computer in my home with no network connection, do I really need any computer security? The house usually provides enough security to protect it. But now that everyone is connecting their computers together via the Internet, we are building this web of trust where everyone trusts everyone else. There is just one problem: everyone does not trust everyone else. Yet, in most cases, we are giving everyone full access to this information. At this point, let’s step back and look at how this happened.

Hackers Beware “ New Riders Publishing

9