Handy Weblog

Udp_scan is part of the old SATAN tool. It is a command-line UDP-only scanner for Unix. It can be downloaded separately from SATAN with its TCP scanning partner, tcp_scan, at ftp://ftp.porcupine.org/pub/security/port-scan.tar.gz. Udp_scan is reliable, but like another Unix TCP-only scanner called strobe, it has all but been overshadowed by newer tools. Although it is considered to be one of the ancient tools, its technique was the basis for just about all other UDP scanning tools.

Unix TCP-only scanner called strobe, it has all but been overshadowed by newer tools.Although it is considered to be one of the ancient tools, its technique was the basis for just about all other UDP scanning tools.

Installation

Like most Unix programs, udp_scan comes in source code. After you download and untar port-scan.tar.gz, you’ll need to change to the port-scan directory and run the make command.

(more…)

Nmap is by far the most popular port scanner available. You can download it from http://www.insecure.org/, and it compiles and installs in a breeze on most Windows and Unix operating systems including Mac OS X (via configure, make, make install). You can download Windows binaries (along with the required Winpcap) from http://www.insecure.org/. A graphical Windows frontend for nmap is available at http://www.nmapwin.org/. For this discussion, we’ll use the Unix nmap version 3.48.

Implementation

One reason why nmap is so useful is that it offers many different scanning techniques from which you can choose. You can scan for hosts that are up, TCP ports, UDP ports, and even other IP protocols. Because we’ll be talking in detail about how nmap performs some of its TCP scans, you’ll need to know a little bit about how TCP connections are made. Table 4-1 shows definitions for common TCP flags that are involved in TCP connections.

(more…)

If you are using Apache from the 2.x branch, the support for SSL is included with the distribution. For Apache 1, it is a separate download of one of two implementations. You can use mod_ssl (http://www.modssl.org) or Apache-SSL (http://www.apache-ssl.org). Neither of these two web sites discusses why you would choose one instead of the other. Historically, mod_ssl was created out of Apache-SSL, but that was a long time ago and the two implementations have little in common (in terms of source code) now. The mod_ssl implementation made it into Apache 2 and is more widely used, so it makes sense to make it our choice here.

Neither of these implementations is a simple Apache module. The Apache 1 programming interface does not provide enough functionality to support SSL, so mod_ssl and Apache-SSL rely on modifying the Apache source code during installation.

(more…)

Network attacks are the most popular type of attack because they are easy to execute (automated tools are available) and difficult to defend against. Since these attacks are not specific to Apache, they fall outside the scope of this book and thus they are not covered in detail in the following sections. As a rule of thumb, only your upstream provider can defend you from attacks performed on the network level. At the very least you will want your provider to cut off the attacks at their routers so you do not have to pay for the bandwidth incurred by the attacks.

1. Malformed Traffic

The simplest network attacks target weaknesses in implementations of the TCP/IP protocol. Some implementations are not good at handling error conditions and cause systems to crash or freeze. Some examples of this type of attack are:

• Sending very large Internet Control Message Protocol (ICMP) packets. This type of attack, known as the Ping of death, caused crashes on some older Windows systems.

• Setting invalid flags on TCP/IP packets.

• Setting the destination and the source IP addresses of a TCP packet to the address of the attack target (Land attack).

(more…)

Test for my first post 🙂