hakin9_2006_02_7.pdf

~ t q w ~

~ t q w ~

~ t q w ~

hakin9

Biometry of the Net

The 2nd of November 1988 witnessed the irst attack against

the Internet, which at that time connected approximately 60

thousand computers worldwide. At that time, the worm by

Robert Morris blocked 10% of them, including systems of the

Pentagon. In the year 1992 the number of hosts on the Inter-

net has passed one million and the global network keeps

growing exponentially. One can observe continuous growth

and evolution of this artiicial, virtual organism, individual

cells of which are all devices connected to it. Nowadays

almost every city in the developed world features a network

at least comparable with the size of the Internet in 1988.

Therefore, it cannot be said that, since history likes to repeat

itself, the network system we are associated with will not one

day become a victim of aggression on similar scale; in order

for that to happen though, the system in question must pos-

sess some weak points.

Every host on the net possesses certain individual

attributes, some of which may make them susceptible to

an attack or an infection. In the virtual world, an infection of

or an attack against a system typically involves an attempt

of either seizing control over a node or host, or continuous

eavesdropping on private calls or acquiring other coniden-

tial information. One can also encounter nonsense actions,

as well as ones resulting in a paralysis of the network or just

boosting the egos of their authors.

Regardless of its aim, an attack can involve massive

losses for the users of the victim system. Therefore, admin-

istrators are faced by a dificult task of appropriately securing

network systems, which can be scanned in search for weak

spots even just over ten minutes after they have been con-

nected to the Internet.

Even scanning itself is a threat – it is the irst step towards

determining the system's weak spots and suggests the pos-

sibility of an attack against the system in question. A reac-

tion to this can be, depending on one's approach, passive or

active. Whether just a irewall is used or an advanced IPS, or

maybe a custom set of tools – it all depends on the strategy

adapted by the administrator and should be adequate to the

resources under protection.

The attackers have been using more and more sophisti-

cated tools the purpose of which is to learn as much about

the target as possible. To defend properly you should think

their categories.

In this hakin9 issue we prompt how to analyse malware,

add a device for particular enviornment using Snort_inline,

what should be done if irewall fails. As you can see all of

attacks can be found antidotes for.

Attention! It is proved that hakin9 is an effective medi-

cation. From the next issue you can take it once a month.

There’s no threat of overdosing.

In brief

A selection of news from the world of IT security:

Vista security circumvented , Microsoft ights pedo-

philia , Threat to a privacy , Commwarrior.Q

CD content

What's new in the latest hakin9.live version (3.1-aur.)

and full versions of must-have applications on our

CDs.

Tools

WS-DNS-BFX

Daniel de Oliveira Silva

The author describes how WS-DNS-BFX works

and what kind of advantages you can have thanks

to using it.

Steganos Security Suite 6

Carlos Ruiz Moreno

The author presents SSS 6, a complete security

package with different security tools for protecting

your PC combining encryption with steganogra-

phy.

What's hot

Hooking-oriented size

disassembler for malware analysis

Rubén Santamarta

How you can ight the malicious code? To achieve

this essential objective we have to analyse in detail

the inner works of malware using reverse engi-

neering. Rubén Santamarta prompts how to use

Structure Exception Handling to create a size disas-

sembler.

Programming

Snort_inline as a solution

Pierpaolo Palazzoli, Matteo Valenza

From this article you will learn how Snort_inline

works, what are the basics of Intrusion Prevention

Systems and how to tune Snort_inline coniguration.

Authors also present the ways to add a dedicated

device which is best suited for the enviornment we

want to protect.

Marta Ogonek&hakin9 team

marta.ogonek@hakin9.org

hakin9 2/2006

www.hakin9.org

~ t q w ~

is published by Software Wydawnictwo Sp. z o.o.

Techniques

Executive Director: Jarosław Szumski

Market Manager: Ewa Dudzic ewal@software.com.pl

Product Manager: Marta Ogonek marta.ogonek@software.com.pl

Editors: Krystyna Wal, Łukasz Długosz, Daniel Schleusener,

Krzysztof Konieczny,

Distribution: Monika Godlewska monikag@software.com.pl

Production: Marta Kurpiewska marta@software.com.pl

DTP: Anna Osiecka annao@software.com.pl

Cover: Agnieszka Marchocka agnes@software.com.pl

CD: Rafał Kwaśny, Paweł Brach ( Aurox Core Team ),

Mariusz Ostapowicz

Advertising department: adv@software.com.pl

Subscription: subscription@software.com.pl

Proofreaders: Nicholas Potter, Dustin F. Leer

Translators: Marek Szuba, Peter S. Rieth

Top betatesters: Rene Heinzl, Paul Bakker, Kedearian the Tilf,

David Stow, Wendel Guglielmetti Henrique, Pastor Adrian,

Peter Hüwe

Security violation and policy

enforcement with IDS and irewall

Arrigo Triulzi, Antonio Merola

In this article we discuss how to detect security vio-

lation of a irewall policy using a Network Intrusion

Detection System (NIDS) comparing in real time traf-

ic on the outside with trafic on the inside.

The Edge

IE plugins: BHOs and toolbars

Gilbert Nzeka

How the advertisers can increase the ROI by targeting

more users? The answer – by developing toolbars and

other types of Internet Explorer plugins.

Postal address: Software-Wydawnictwo Sp. z o.o.,

ul. Bokserska 1, 02-682 Warsaw, Poland

Tel: +48 22 887 10 10,

Fax: +48 22 887 10 11

www.hakin9.org/en

In Practice

Software-Wydawnictwo Sp z o.o. is looking for partners from all over

the World. If you are interested in cooperating with us,

please contact us by e-mail: cooperation@software.com.pl

Can one fool application-layer

ingerprinting

Print: 101 Studio, Firma Tęgi

Printed in Poland

Piotr Sobolewski

Numerous tools exists and allow us to determine what

service runs on some given port and what software

provides it. Is it possible to trick them?

Distributed in the USA by: Source Interlink Fulfillment Division, 27500

Riverview Centre Boulevard, Suite 400, Bonita Springs, FL 34134

Tel: 239-949-4450.

Distributed in Australia by: Europress Distributors Pty Ltd, 3/123

McEvoy St Alexandria NSW Australia 2015, Ph: +61 2 9698 4922,

Fax: +61 2 96987675

Interview

Whilst every effort has been made to ensure the high quality

of the magazine, the editors make no warranty, express or implied,

concerning the results of content usage.

All trade marks presented in the magazine were used only

for informative purposes. All rights to trade marks presented

in the magazine are reserved by the companies which own them.

We're up against

An interview with Dr. Gary McGraw

Our expert on IT security situation, careless private

users, vulnerabilities in the systems.

Books reviews

To create graphs and diagrams we used program by

company.

The editors use automatic DTP system

Krystyna Wal, Krystian Długosz

Reviews of books: 19 Deadly Sins of Software Secu-

rity , Linux server Security and more...

ATTENTION!

Selling current or past issues of this magazine for prices that

are different than printed on the cover is – without permission of

the publisher – harmful activity and will result in judicial liability.

Column

Spammers fortune

hakin9 is also available in: Spain, Argentina, Portugal, France,

Morocco, Belgium, Luxembourg, Canada, Germany, Austria, Switzer-

land, Poland, Czech, Slovakia

Konstantin Klyagin

King for a day, spammer for a lifetime... Konst column

on protection against SPAM and outsourcing role.

The hakin9 magazine is published in 7 language versions:

EN PL ES CZ

IT FR DE

Upcoming

Announcements of articles to be published

in the next issue of hakin9.

DISCLAIMER!

The techniques described in our articles may only

be used in private, local networks. The editors hold

no responsibility for misuse of the presented tech-

niques or consequent data loss.

www.hakin9.org

hakin9 Nr 2/2006

~ t q w ~

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika: