Using OS Identification with Nmap

Nmap can be used to fingerprint operating systems. Here is a typical session: [root@srv-1 usr-1]# nmap -O –min_rtt_timeout=6000 Starting nmap 3.70 ( ) at 2006-05-05 12:49 PDT Interesting ports on (The 1656 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind 6000/tcp […]

Changing the IP Address on a Cisco Router With an IP Conflict

If you wish to bring up a Cisco router that has an IP address that conflicts with existing hosts on your network, there are a variety of ways to change it. We just happened to have a crossover network cable sitting on our work bench, and a GNU/Linux host on the LAN with an extra […]

Adding an IP Address to an Interface With Red Hat and CentOS

There is some apparent voodoo on what, exactly, is needed to add an IP address to an interface using Red Hat style scripts. We have tested this on Red Hat Enterprise 3 and CentOS 4, and it appears that the convention is quite forgiving. This makes sense, really, since if you hose up these interfaces, […]

TCP and UDP Service Listing

Here is a text version of /etc/services that might be useful for determining whether a port is being used by a trojan, etc: TCP and UDP Service Listing

Running KeePass Password Management on GNU/Linux with Wine

Managing all of the passwords one needs to know for both personal and job-related security is quite a challenge. KeePass is a password management program for Windows. It is open-source and released under the GPL, which means it is highly likely that this project will stay around in some form. It also appears to use […]

WinSCP Freeware SFTP and SCP client for Windows

WinSCP is a full featured GUI SCP client. This means that communication between the server and the client is encrypted well, unlike FTP or Explorer. WinSCP also includes synchronization options that will help minimize the amount of traffic needed to mirror filesystems. We installed all of the options: Here you can see the array of […]

Customizing the AFICK File Integrity Checker

In this article, we set up AFICK. Let’s adapt AFICK to use a particular directory tree and a different database. This way, we can fingerprint the OS on one run, and fingerprint more dynamic content with a different job. Here is our configuration file: [root@ids afick]# cat /etc/afickweb.conf database:=/var/lib/afickweb/afick history := /var/lib/afickweb/history archive := /var/lib/afickweb/archive […]

Using the AFICK File Integrity Checker

One important component of securing a system is to use a file integrity checker.There are multiple tools out there that can do this, including AIDE, and Tripwire. One project that does what we need, has few installation requirements, is fairly easy to install, and is multi platform is AFICK. In this article we will install […]

Spike in Port 12345 Traffic

We have noticed a surge in traffic on port 12345. This could be NetBus, or a variant. We suspect that some trojan backdoor is in the wild tacked on to a new worm. The worm is looking for other friendly hosts listening on port 12345. To see a historical chart of activity on this port, […]

Setting Up a Windows Server 2003 Host Based Firewall

There is a false sense of security when you envision your network as inside and outside, with a firewall protecting you from hostile users on the outside. One particularly nasty problem is when users bring their laptops home, surf, read email, and then plug it right back in to the corporate LAN on Monday morning. […]