Network and development tools
Another attractive feature of UNIX and Linux for the hacker is the abundance of network tools available. Most networking tools are developed under Linux or FreeBSD first and later ported to other operating systems. Certainly the open source software and the plethora of code examples contribute to the early development of tools on UNIX.
Some examples of the free network tools that support hackers in their quest for vulnerabilities and exploits include the following:
- tcpdump-A low-level traffic capture application that sniffs traffic at the International Standards Organization (OSI) model's layers 2, 3, and 4. tcpdump comes standard on most UNIX installations and supports a wide variety of layer 2 media. Because tcpdump is so universally available, its output is often used as input into traffic analysis tools.
- Ethereal-A network traffic sniffing application. Ethereal also provides a nice interface to work with traffic captured with other low-level tools such as tcpdump.
- tcpreplay-Allows for traffic captured in tcpdump to be put back on the wire. This permits the hackers to better analyze traffic and ultimately to debug their own applications.
- nmap-A popular port-scanning tool. It will check the status of ports on a system from the network by attempting to connect to the ports. The method of connection can be varied; likewise, nmap can run more or less aggressively through the hosts and ports.
- Nessus-A vulnerability scanner that calls nmap to discover open ports, then tests the ports for possible vulnerabilities. Nessus has over 500 tests and can detect most older vulnerabilities.
- Perl, sh, and ksh-Scripting languages that, in the hands of the hacker, become a powerful tool for automating procedures.
In addition to network tools, UNIX systems come with a fully functional development environment. All the compilers and libraries needed to completely rebuild the kernel and operating system are available as open source resources. With these development tools, the hacker can produce everything from kernel module root kits to sophisticated attack tools of their own.
UNIX is an attractive platform for the exchange of tools and techniques under development by hackers. Hackers are able to exchange source code and then readily recompile the applications. The hacker community has a lot of expertise in UNIX and this expertise is shared in the form of code and advice.
In this tutorial:
- UNIX and Linux Security
- Network and development tools
- UNIX/Linux as a poor target
- Open source issues
- Detecting hardware changes
- Disk partitioning
- Prepare for the eventual attack
- Controlling the Configuration
- Kernel configurations
- Kernel modules
- proc file system
- Operating UNIX Safely
- Uncommon services
- Processes controlling processes
- The chkconfig command
- Controlling users
- Encryption and certificates
- Hardening UNIX
- Packet filtering with iptables