February 23, 2007 by Stephen.

This article shows how easy a hacker could use ARP SPOOFING to get your network information and what you are doing….and how:

ARP (Address Resolution Protocol) can be ran on your network by attackers to make their systems appear to be on your network. When the MAC (media access control) address mapping - ARP tables are hijacked and being changed, the information between your computers in your network can be hijacked as well because they thought your machine was trusted. It’s called a Man-in-the-middle (MITM) attack.

Spoofed ARP replies can be sent to a switch very quickly, which can crash an Ethernet swithc or (hopefully) make it revert to broadcast mode, which is a hub. then an attacker can sniff every packet going through the switch without bothering with ARP spoofing.

Cain and Abel (www.oxid.it/cain.html) - Free, analysis, ARP poisoning, VOIP capture/replay, password cracking, and more.

Read the rest of this entry »

Posted in Tech - Network Security, Tech - System Administration, Technical Reference - All | 1 Comment »

February 17, 2007 by Stephen.

Wildpackets EtherPeek (www.wildpackets.com/products/etherpeek/overview)

TamoSoft’s CommView (www.tamos.com/products/commview) and Sunbelt Software’s LanHound ( www.sunbelt-software.com/lanhound.cfm).

Cain and Abel (www.oxid.it/cain.html) - Free, analysis, ARP poisoning, VOIP capture/replay, password cracking, and more.

Ethereal (www.ethereal.com) - free.available on Windows and UNIX. Very good considering it’s free. (or go to http://www.download.com/3120-20_4-0.html?tg=dl-20&qt=ethereal&tag=srch)
ettercap (ettercap.sourceforge.net) - available on Windows and UNIX

FIREWALL RULES

1. Netcat:(http://www.vulnwatch.org/netcat/)

example: to check if the firewall allows port 23 (telnet)

nc -l -p 23 cmd.exe

nc -v ip_address 23

2. Traffic IQ Pro by Karalon (www.karalon.com)

- With 2 NIC card between internal segment and the DMZ zone. By Generate generic and /or malicious traffic see if the firewall is doing what it syas it’s doing.

3. Firewalk (packetfactory.net/firewalk) for the UNIX platform.

COUNTERMEASURES against FIREWALL attacks:

1. limit traffic to what’s needed

2. Block ICMP to help prevent abuse from some automated tools, such as firewalk.

3. Enable stateful packet inspection on the firewall, if you can. It can block unsolicited requests.

• 
  List of TCP and UDP port numbers

Posted in Tech - Network Security, Tech - System Administration, Technical Reference - All | No Comments »

February 13, 2007 by Stephen.

Q:How to setup LAN/NETWORK Connection if I run BackTrack2 on a CD with VMWARE?

A: If you want the easiest way to fix it, change the network setting to bridged connection before boot. But this option won’t give you a seperate IP.

For the advanced solution, use NAT connection in the setting before boot. Use ifconfig -a or netstat -a to see if the ethernet card is registered. If it is, then you could use dhcpcd eth0, depending on wich network card, you use ;If you don’t know, start at 0,1,2 and so on.) Or do it manually:

ifconfig eth0 192.168.1.34/24
(Give this command twice if it tells you it can’t set an IP address)
route add default gw 192.168.1.254
echo nameserver 192.168.1.1 > /etc/resolv.conf

Where 192.168.1.34 is the IP address you want, 192.168.1.254 is the default gateway and 192.168.1.1 is your dns server

or

ifconfig ath0 down
ifconfig ath0 hw ether [new MAC adress]
ifconfig ath0 up

Our weblog is Free 1and1 Weblog provided by 1 and 1 Hosting (1and1.com):

Posted in Tech - BackTrack2, Tech - System Administration, Technical Reference - All | 1 Comment »

April 8, 2006 by admin.

Posted in Tech - System Administration, Technical Reference - All | No Comments »

April 17, 2004 by admin.

Posted in Tech - System Administration, Technical Reference - All | 1 Comment »