From: "fooler" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: <[EMAIL PROTECTED]>
Subject: Re: [plug] common port to hackers
Date: Mon, 17 Feb 2003 19:32:03 +0800
----- Original Message -----
From: "Allen Umlas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, February 17, 2003 4:10 PM
Subject: [plug] common port to hackers
> Fellow Pluggers,
> I encountered twice been hacked by someone outside my network,
everyone gets hacked and thats normal.... but the main point here is that
you have to learn why you have been hacked and how to prevent it....
> What port usually crakers entered to system?
what is open and what are the well known vulnerabilities on that open
port...
> what are thing usually things that
> hackers do?
many.... but ill just give you an idea about the anatomy of an attack...
act 1 - the scan
the hacker starts by running a port scanner to detect what are the
open ports...
act 2 - Information Gathering
the hacker then identifies the type of server running on each port..
this enables the hacker to determine the vulnerabilities that it can take
advantage of ...
act 3 - Testing
the hacker goes through a testing process for each assume
vulnerability found to enable him to gain further access into the
application..
act 4 - Planning the attack
when the hacker has identified every bit of information that can be
gathered by passive (undetectable) means, the hacker selects and deploys
attacks...
act 5 - Launching the attack
after all of these procedures, the hacker engages in open warfare
that he identified as vulnerable during the initial review of your site...
> I used ipchains as my firewall but it useless.
firewalls are not enough... when medieval architects designed castles, they
spent more time on the gates and the moat than on any other single
feature... they knew that any defensive system is only as strong as its
weakest point.. to be useful to the people with legitimate business inside,
walls must have openings to the outside... those openings provide potential
vulnerabilties.. the challenge is to make sure that you only lower your
drawbridge to friendly forces... one of the hardest attacks to recognize and
defend against is one that uses your own programs and systems against you..
this trojan-horse type of attack manipulates the features of your own
software in order to force it to divulge information... firewalls do not
prevent this from happening
> How can i check
> my server and block those ports that are common to hackers... I hope i can
> gain more answers here.
a firewall, an IDS (intrusion detection system), cryptography and access
control are just not enough...
to successfully prevent an application attack you must first understand how
a hacker/cracker thinks :->
fooler.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
