|
|
|
A number of groups from around the world provide information about security
vulnerabilities and methods to remove or reduce the danger of particular
vulnerabilities for different computer operating systems.
|
|
Many articles have been written about various topics in computer and network
security that have been published on the Internet.
|
|
There are some magazines, newsletters and news sites available online that provide timely information
about computer security.
|
|
A FAQ is a summary document written by knowledgeable individuals for a
particular topic and it contains commonly requested information about the
topic.
|
|
A number of computer security organizations exists that provide information
to the public or to their members.
|
|
Mailing Lists provide a dialog on areas of interest to the members of the
list.
|
|
USENET
newsgroups are a series of discussion groups that can be useful to obtain
current information of a specific topic. Some newsgroups are a better source
of information than others.
|
|
Many WWW sites provide a large amount of information about various
topics in computer security. Some of these sites are simply large indexes
but others contain a collection of information on a specific topic.
|
|
AUSCERT, Australian Computer Emergency Response Team; 1995; ASCII Text; 89k
A comprehensive checklist for securing your Unix box.
|
|
Bellovin, Steven M.; 1993; GZip'd Postscript; 32k
A very interesting paper describing the various attacks, probes, and miscellaneous packets
floating past AT&T Bell Labs' net connection.
|
|
Bellovin, Steven M.; 1989; GZip'd Postscript; 10k
A broad overview of problems within TCP/IP itself, as well as many common application
layer protocols which rely on TCP/IP.
|
|
Bellovin, Steven M.; 1992; GZip'd Postscript; 58k
Another Bellovin paper discussing the various attacks made on att.research.com.
This paper is also the source for this page's title.
|
|
Berkeley CSRG; date unknown; GZip'd Postscript; 60k
This paper describes the IPC facilities new to 4.3BSD. It was written by the CSRG as
a supplement to the manpages.
|
|
Blaze, Matt; 1992; ASCII Text
Blaze, now famous for cracking the Clipper chip while at Bell Labs, wrote this paper
while he was a PhD candidate at Princeton.
|
|
Chapman, D. Brent; 1992; GZip'd Postscript; 46k
Why packet filtering is a difficult to use and not always secure method of securing a network.
|
|
Cheswick, Bill; 1991; GZip'd Postscript; 32k
A cracker from the Netherlands is "lured, endured, and studied."
|
|
Cheswick, Bill; 1990; GZip'd Postscript; 17k
Details the history and design of AT&T's Internet gateway.
|
|
Curry, David, SRI International; 1990; GZip'd Postscript; 99k
This is the somewhat well known SRI Report on Unix Security. It's a good solid starting
place for securing a Unix box.
|
|
Eichin & Rochlis; 1989; GZip'd Postscript.gz; 99k
An analysis of the Morris Internet Worm of 1988 from MIT's perspective.
|
|
Farmer & Spafford; 1994; GZip'd Postscript; 45k
The original Usenix paper from 1990 republished by CERT in 1994.
|
|
Farmer, Dan; 1991; ASCII Text
This paper discusses a bit of general security and then goes into detail regarding
Unix system misconfigurations, specifically ones that COPS checks for.
|
|
Farmer & Venema; date unknown; HTML
An excellent text by Dan Farmer and Wietse Venema. If you haven't read this before, here's
your opportunity.
|
|
Hess, Safford, & Pooch; date unknown; GZip'd Postscipt; 20k
Outlines NIS and its design faults regarding security.
|
|
Joncheray, Laurent; 1995; GZip'd Postscript; 90k
This paper describes an active attack against TCP which allows re-direction
(hijacking) of the TCP stream.
|
|
Klein, Daniel; GZip'd Postscript; 38k
A Survey of, and Improvements to, Password Security. Basically a treatise on how to
select proper passwords.
|
|
Morris, Robert T; 1985; GZip'd Postscript; 10k
This paper describes the much ballyhooed method by which one may forge packets with
TCP/IP. Morris wrote this in 1985. It only took the media 10 years to make a stink
about it!
|
|
Phrack Vol. 4, Issue #43; GZip'd Postscript; 16k
A Phrack article describing the unix system logs and how it is possible to reduce the
footprint and visibility of unauthorized access.
|
|
Phrack Vol. 5 Issue #46 GZip'd Postscript; 19k
A Phrack article describing how to use the system call password function to bypass
the shadow password file.
|
|
Ranum, Marcus; Gzip'd Postscript; 30k
A general overview of firewalls, with tips on how to select one to meet your needs.
|
|
Wack & Carnahan for NIST; Gzip'd Postscript; 600k
This is a special publication of the National Institute of Standards and Technology
which provides a solid introduction to firewalls concepts and uses.
|
|
Venema, Wietse; Gzip'd Postscript; 13k
Wietse's paper describing his TCP Wrapper concept, the basis for the TCP Wrappers security and
logging suite.
|
|
April 27, 1997; Interceptor Unknown
Well, well, well! It seems the Feds have fallen victim to their own short-sightedness. By
restricting secure, cheap encryption in consumer grade products (like the pagers they evidently use)
the Feds forestall (but only for a time I'd bet) the tool which would have saved them this
embarrasment. My favorite line
is "DON'T FORGET TO PAGE ME TONIGHT WHEN YOU WANT ME IN YOUR ROOM". I wonder
who was going to whom's room, and what for what purpose... Hehe.
Of course, the Feds know their pagers can be traced. Question is, did you?
|
|
CERT Advisory Team, 1993, ASCII
A good general commentary on Unix security, with specific places to look for suspicious files
if you believe your machine's security may be compromised. It's a bit dated, so don't pay attention
to the version numbers (Sendmail 8.6.4 is definitely not current anymore!)
|
|
The magic incantation for booting an HP-700 series machine into single user mode.
|
|
CERT Advisory Team, 1995, ASCII
Not too exciting, but useful for the uninitiated.
|
|
CERT Advisory Team, 1995, ASCII
This CERT advisory details the access permissions and server configuration which
should be followed to prevent anonymous FTP security breaches.
|
|
An interesting discussion of TCP/IP stuff from comp.security.unix.
|
|
From Phrack Volume 7, Issue 48. Includes explanation of this denial-of-service
attack as well as Linux source implementation.
|
|
Here's the CERT advisory warning of the above article.
|
|
Source code demonstrates how to send a single UDP packet with
the source/destination address/port set to arbitrary values.
|
|
Prevents a user from logging in by monitoring utmp and closing down his
tty port as soon as it appears in the system.
|
|
COPS (Computer Oracle and Password System) checks for many common Unix system
misconfigurations. I find this tool very valuable, as it is non-trivial to break a system
which has passed a COPS check. I run it on all the systems I admin. It's getting a bit old,
but it's still an excellent way to systematically check for file permission mistakes.
|
|
Crack is a tool for insuring that your Unix system's users have not selected easily guessed
passwords which appear in standard dictionaries. (Only a very small dictionary is included so grab
the one below if you wish.)
|
|
A general 50,000 word dictionary for use with Crack.
|
|
Source for a basic ethernet sniffer. Originally came from an article in Phrack, I think.
|
|
Like Unix ping(1), but allows efficient pinging of a large list of hosts. V2.2.
|
|
Code to exploit a world-writeable /etc/utmp and allow the user to modify it interactively.
|
|
ICMPinfo is a tool for looking at the ICMP messages received on the running host.
|
|
A modified identd that tests for the queue-file bug which is present in Sendmail versions
earlier than 8.6.10 and possibly some versions of 5.x.
|
|
The Internet Security Scanner is used to automatically scan subnets and gather information
about the hosts it finds, including the guessing of YP/NIS domainnames and the extraction of passwd
maps via ypx. It also does things like check for verisons of sendmail which have known
security holes.
|
|
Requests a DNS name server to do a zone transfer and list the hosts it knows about.
|
|
List All Open Files. Displays a listing of all files open on
a Unix system. Useful for nosing around as well as trying to locate stray open files when trying
to unmount an NFS-served partition.
|
|
This program demonstrates how to exploit a security hole in the
HP-UX 9 rpc.mountd program. Essentially, it shows how to steal NFS file handles
which will allow access from clients which do not normally have privileges.
|
|
Like Unix cat(1) but this one talks network packets (TCP or UDP). Very very flexible.
Allows outbound connections with many options as well as life as a daemon, accepting
inbound connections and allowing commands to be executed. Now at version 1.1!
|
|
Demonstrates a bug in NFS which allows non-clients to access any NFS served partition. AIX & HPUX
patches included.
|
|
A shell which will access NFS disks. Very useful if you have located an insecure NFS server.
|
|
A suite of programs like ps, ls, & du which have been modified to prevent
display of certain files & processes in order to hide an intruder. Modified Berkeley source
code.
|
|
Bourne shell script to get a list of hosts from a DNS nameserver for a given domain
and return a list of hosts running rexd or ypserve.
|
|
Code to exploit the TCP Sequence Number Generator bug. An brief but clear
explanation of the bug can be found in Steve Bellovin's
|
|
Note thatthis code won't compile as-is because it is missing a library that does some of
the low-level work. This is how the source was released by Mike Neuman, the
author. See his
|
|
Daemon to sit on a specified IP port and provide passworded shell access.
|
|
A version of E-Sniff modified for Solaris 2.
|
|
Strobe uses a bandwidth-efficient algorithm to scan TCP ports on the target
machine and reveal which network server daemons are currently running. Version 1.03
is an update to 1.02.
|
|
This tarfile contains source code to the getpass() and openlog()
library routines which /bin/login can be made to link at runtime due to a feature
of telnetd's environment variable passing. Root
anyone? The fix is to make sure your /bin/login is statically linked.
|
|
Tiger attempts to exploit known bugs, holes, and misconfigurations in order to attain root.
It is similar to COPS, but has system specific extensions for SunOS, IRIX, AIX, HPUX, Linux and a few
others.
|
|
Traceroute is an indispensable tool for troubleshooting and mapping your network.
|
|
A simple program to camp out on the /dev/tty of your choice and capture
logins & passwords when users log into that tty.
|
|
Source code demonstrates how to get a pointer to an X Display Screen, allowing
access to a display
even after "xhost -" has disabled acess. Note that access must be present to read the
pointer in the first place! (Originally posted to USENET's comp.unix.security.)
|
|
Attach to any X server you have perms to and watch the user's keyboard.
|
|
If you have access permission to a host's X server, XWatchWin will connect via a network
socket and display the window on your X server.
|
|
YP/NIS is a horrible example of "security through obscurity." YPX attempts to guess NIS
domain names, which is all that's needed to extract passwd maps from the NIS server. If you
already know the domain name, ypx will extract the maps directly, without configuring a host
to live in the target NIS domain. (GZip'd Bourne Shell Archive)
|
|
Exercise security holes in YP / NIS.
|
|
DOS based Ethernet sniffer with logs readable by sniffod.c filtering tool. Requires
a packet driver at 0x60.
|
|
DOS based filter for sniff.c logs.
|
|
Etherdump is a vanilla DOS Ethernet sniffer. Dumps all frames to a
file. Filtering is not supported, unfortunately.
|
|
Etherload is a utility for measuring performance and other characteristics of Ethernets,
such as packet origination via the MAC address.
|
|
