Appendix 2: Useful Programs

  • hunt ( lin.fsid.cvut.cz/~kra/index.html ) This is one of the popular sniffer programs. It also has built-in functions to send fake ARP packets to fake MAC addresses and to intercept connections.

  • dsniff ( monkey .org/~dugsong/dsniff/ ) This is a utility package for traffic monitoring and related tasks . It comprises the following utilities:

    • dsniff Intercepts passwords (the main utility). The utility monitors the network for authorization packets. When it detects such a packet, the utility extracts and displays the password. Authorization packets for all of the main protocols Telnet, FTP, POP, etc. are supported.

    • arpspoof Sends ARP reply packets to fake IP addresses.

    • dnsspoof Sends fake DNS packets. If the target machine requests that a host name be resolved to its IP address, you can switch the reply from the DNS server to make the target connect to your computer instead of the requested host.

    • filesnaf Monitors traffic, waiting for NFS file transfers.

    • mailsnaf Monitors traffic, waiting for POP and SMTP mail messages.

    • msgsnaf Monitors Internet pager and chat messages, such as ICQ and IRC.

    • macof Floods a switch with packets with generated MAC addresses. If the switch fails to handle the route-resolution workload, it starts functioning as a simple hub, replicating the incoming traffic to all outgoing ports.

    • tcpkill Terminates a third-party connection by sending an RST packet.

    • webspy Monitors Web connections and creates a list of sites visited by a specific user .

    • webmint Emulates a Web server to carry out a man-in-the-middle attack (see Section 7.9 ).

  • ettercap ( ettercap. sourceforge .net ) In my opinion, this is the most convenient traffic-monitoring program. Its main function is to look for passwords in packets of all popular protocols. Administrators will also appreciate the function to detect other sniffing programs.

  • LSAT ( usat.sourceforge.net/ ) This utility is used to check the system configuration ( considered in Section 12.3 ). It analyzes the server's configuration, displaying potential faults, and in some cases can give recommendations on how to fix them.

  • Bastille ( bastille-linux.sourceforge.net/ ) This utility detects potential server-configuration errors. It can automatically correct configuration errors and faults.

  • Klaxon ( www.eng.auburn.edu/users/doug/second.html ) This is an attack-detection utility (see Section 12.4 ).

  • PortSentry ( sourceforge.net/projects/sentrytools ) This utility monitors ports for port-scanning activities (see Section 12.4 ). It can automatically configure the firewall to prohibit connections with the computer, from which port scanning was detected .

  • Swatch ( sourceforge.net/projects/swatch ) This is a handy program for analyzing system logs on a schedule (see Section 12.6 ).

  • Logsurfer ( sourceforge.net/projects/logsurfer ) This is one of the few utilities that can analyze security logs dynamically (see Section 12.6 ).

  • John the Ripper ( www.openwall.com/john/ ) This is the most famous password-cracking program.

  • POP-before-SMTP ( popbsmtp.sourceforge.net/ ) This service allows email to be sent only if the user first checks the POP3 mailbox.

  • nmap ( www. insecure .org/nmap/ ) This is a port scanner with numerous features.



Hacker Linux Uncovered
Hacker Linux Uncovered
ISBN: 1931769508
EAN: 2147483647
Year: 2004
Pages: 141

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net