 
        
        Hackers Beware
.pdf 
 
Hackers Beware
Eric Cole
Publisher: New Riders Publishing
First Edition August 13, 2001
ISBN: 0-7357-1009-0, 800 pages
A good defense starts with a thorough understanding of your opponent’s offense. Hackers Beware teaches you how hackers think, what tools they use, and the techniques they utilize to compromise a machine. Eric Cole, a leading expert in information security, shows you not only how to detect these attacks, but what you can do to protect yourself against them. When it comes to securing your site, knowledge is power. This book gives you the knowledge to build a proper defense against attackers.
Copyright © 2002 by New Riders Publishing
FIRST EDITION: August, 2001
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review.
Library of Congress Catalog Card Number: 00102952
06 05 04 03 02 7 6 5 4 3 2 1
Interpretation of the printing code: The rightmost double-digit number is the year of the book’s printing; the right-most single-digit number is the number of the book’s printing. For example, the printing code 02-1 shows that the first printing of the book occurred in 2002.
Composed in Bembo and MCPdigital by New Riders Publishing
Printed in the United States of America
Trademarks
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. New Riders Publishing cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
| “Hackers Beware “ New Riders Publishing | 1 | 
Warning and Disclaimer
This book is designed to provide information about computer security. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied.
The information is provided on an as-is basis. The authors and New Riders Publishing shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it.
Credits
Publisher
David Dwyer
Associate Publisher
Al Valvano
Executive Editor
Stephanie Wall
Managing Editor
Kristy Knoop
Product Marketing Manager
Stephanie Layton
Publicity Manager
Susan Nixon
Acquisitions Editor
Jeff Riley
Development Editors
Katherine Pendergast
Joell Smith
| “Hackers Beware “ New Riders Publishing | 2 | 
Project Editor
Sean Monkhouse
Copy Editors
Kelli Brooks
Sarah Cisco
Indexer
Christine Karpeles
Manufacturing Coordinator
Jim Conway
Book Designer
Louisa Klucznik
Cover Designer
Aren Howell
Proofreaders
Katherine Shull
Mitch Stark
Composition
Amy Parker
Rebecca Harmon
I would like to dedicate this book to my wonderful son, Jackson. He is a blessing to me and brings joy and happiness to me every day.
Hackers Beware
About the Author
About the Technical Reviewers
Acknowledgments
| “Hackers Beware “ New Riders Publishing | 3 | 
Tell Us What You Think
Introduction
1. Introduction
The Golden Age of Hacking
How Bad Is the Problem?
What Are Companies Doing?
What Should Companies Be Doing?
Defense in Depth
Purpose of This Book
Legal Stuff
What’s Covered In This Book
Summary
2. How and Why Hackers Do It
What Is an Exploit?
The Attacker’s Process
The Types of Attacks
Categories of Exploits
Routes Attackers Use to Get In
Goals Attackers Try to Achieve
Summary
3. Information Gathering
Steps for Gathering Information
Information Gathering Summary
Red Teaming
Summary
4. Spoofing
Why Spoof?
Types of Spoofing
Summary
5. Session Hijacking Spoofing versus Hijacking Types of Session Hijacking TCP/IP Concepts
Detailed Description of Session Hijacking ACK Storms
Programs That Perform Hijacking Dangers Posed by Hijacking Protecting Against Session Hijacking Summary
6. Denial of Service Attacks
What Is a Denial of Service Attack?
What Is a Distributed Denial of Service Attack? Why Are They Difficult to Protect Against? Types of Denial of Service Attacks
Tools for Running DOS Attacks Tools for Running DDOS Attacks Preventing Denial of Service Attacks
Preventing Distributed Denial of Service Attacks Summary
| “Hackers Beware “ New Riders Publishing | 4 | 
7. Buffer Overflow Attacks
What Is a Buffer Overflow?
How Do Buffer Overflows Work?
Types of Buffer Overflow Attacks
Why Are So Many Programs Vulnerable?
Sample Buffer Overflow
Protecting Our Sample Application
Ten Buffer Overflow Attacks
Protection Against Buffer Overflow Attacks
Summary
8. Password Security
Typical Attack
The Current State of Passwords
History of Passwords
Future of Passwords
Password Management
Password Attacks
Summary
9. Microsoft NT Password Crackers
Where Are Passwords Stored in NT?
How Does NT Encrypt Passwords?
All Passwords Can Be Cracked (NT Just Makes It Easier)
NT Password-Cracking Programs
Comparison
Extracting Password Hashes
Protecting Against NT Password Crackers
Summary
10. UNIX Password Crackers
Where Are the Passwords Stored in UNIX?
How Does UNIX Encrypt Passwords?
UNIX Password-Cracking Programs
Comparison
Protecting Against UNIX Password Crackers
Summary
11. Fundamentals of Microsoft NT
Overview of NT Security
Availability of Source Code
NT Fundamentals
Summary
12. Specific Exploits for NT Exploits for NT Summary
13. Fundamentals of UNIX
Linux
Vulnerable Areas of UNIX
UNIX Fundamentals
Summary
14. Specific Exploits for UNIX
| “Hackers Beware “ New Riders Publishing | 5 | 
UNIX Exploits
Summary
15. Preserving Access
Backdoors and Trojans
Rootkits
NT Backdoors
Summary
16. Covering the Tracks
How To Cover One’s Tracks
Summary
17. Other Types of Attacks
Bind 8.2 NXT Exploit
Cookies Exploit
SNMP Community Strings
Sniffing and Dsniff
PGP ADK Exploit
Cisco IOS Password Vulnerability
Man-in-the-Middle Attack Against Key Exchange
HTTP Tunnel Exploit
Summary
18. SANS Top 10
The SANS Top 10 Exploits
Commonly Probed Ports
Determining Vulnerabilities Against the SANS Top 10
Summary
19. Putting It All Together
Attack Scenarios
Summary
20. Summary
Security Cannot Be Ignored General Tips for Protecting a Site
Things Will Get Worse Before They Get Better What Does the Future Hold?
Conclusion
A. References
Hacker/Security Related URLs
Hacker/Security Tools
General Security Related Sites
| “Hackers Beware “ New Riders Publishing | 6 | 
 
About the Author
Eric Cole (CISSP, CCNA, MCSE) is a former Central Intelligence Agency (CIA) employee who today is a highly regarded speaker for the SANS Institute. He has a BS and MS in Computer Science from New York Institute of Technology and is finishing up his Ph.D. in network security—emphasizing intrusion detection and steganography. Eric has extensive experience with all aspects of Information Security, including cryptography, steganography, intrusion detection, NT security, UNIX security, TCP/IP and network security, Internet security, router security, security assessment, penetration testing, firewalls, secure web transactions, electronic commerce, SSL, IPSEC, and information warfare. Eric is among SANS’ highest-rated instructors; he has developed several courses and speaks on a variety of topics. An adjunct professor at Georgetown University, Eric also has taught at New York Institute of Technology. He also created and led Teligent’s corporate security
About the Technical Reviewers
These reviewers contributed their considerable hands-on expertise to the entire development process for Hackers Beware. As the book was being written, these dedicated professionals reviewed all the material for technical content, organization, and flow. Their feedback was critical to ensuring that Hackers Beware fits our reader’s need for the highest quality technical information.
Scott Orr has been involved with the networking efforts of the Purdue School of Engineering and Technology at Indiana University-Purdue University at Indianapolis from the very beginning. Starting out as a 20-node Novell network, it expanded to include more the 400 Microsoft-and UNIX-based workstations within several years. Since then, he moved over to the computer science department where he manages all student and research lab PC and UNIX clusters. In addition, he teaches an undergraduate course and conducts research in the areas of system administration, networking, and computer security. Scott has also made numerous presentations to local industry on the deployment of Internet security measures and has assisted several large corporations with the configuration and testing of their firewalls.
Larry Paccone is a Senior National/Systems Security Analyst at Litton/TASC. As both a technical lead and project manager, he has worked in the Internet and network/systems security arena for more than seven years. He has been the technical lead for several network security projects supporting a government network/systems security research and development laboratory. Prior to that, Larry worked for five years at The Analytical Sciences Corporation (TASC) as a national security analyst assessing conventional military force structures. He has an MS in information systems, an M.A. in international relations, and a B.A. in political science. He also has completed eight professional certifications in network and systems security, internetworking, WANs, Cisco routing, and Windows NT.
| “Hackers Beware “ New Riders Publishing | 7 | 
John Furlong is an independent Network Security Consultant based in Dallas, Texas. After graduating from a university in England as a systems programmer, John immigrated to the United States. After extensive development of IDS signatures and modular software for business environments utilizing the Aggressor security suite, John opened his own consulting firm in 1998. John continues to develop and educate business professionals on the growing need for intranet and Internet security. As a freelance consultant, John has provided remote storage systems for security conscious industries, such as medical and insurance affiliations, and enhanced and strengthened operating systems for numerous Internet service providers.
Steve Smaha is an Austin-based angel investor and philanthropist. Previously he was founder and CEO of Haystack Labs, Inc., an early developer of Internet security software, until its acquisition in October 1997 by Trusted Information Systems (TIS). At TIS, Steve served as Vice President for Technology until TIS was acquired by Network Associates in April 1998. Since 1998, he has served on several computer company boards of directors and technical advisory boards and is actively involved in mentoring startup tech companies and working with non-profit organizations. He is married with a young child. His undergraduate degree is from Princeton University and graduate degrees are from the University of Pittsburgh and Rutgers University.
Patrick “Swissman” Ramseier, CCNA, GSEC, CISSP, is a Security Services Director for Exodus Communications, Inc. Exodus is a leading provider of complex Internet hosting for enterprises with mission-critical Internet operations. Patrick started as a UNIX system administrator. Over the past 13 years, he has been involved with corporate-level security architecture reviews, vulnerability assessments, VPN support, network and operating system security (UNIX-Solaris, Linux, BSD, and Windows NT/2000), training, research, and development. He has a B.A. in business and is working concurrently on his masters and doctorate in computer science
Acknowledgments
I wanted to thank New Riders for the help and support through this process. Mainly Jeff Riley, Katherine Pendergast, and Sean Monkhouse. They are a great publisher to work with.
I also wanted to thank SANS for having such a great organization. Alan Paller and Stephen Northcutt are wonderful people to work with and very helpful. They gave great advice and support through the entire process. Also, I want to thank all of the SANS GIAC students who provided excellent information via their practicals.
What always makes me nervous with acknowledgement sections is the thought that I am overlooking someone. When the book comes out I am going to remember who I forgot. So I am going to leave a blank line, so whoever I forgot can write their name into this section __________________________________________.
Now on to all of the great friends and family I have that have helped me through this process. Tony Ventimiglia, who has provided great editing support and who has been a great friend through thick and thin. Mathew Newfield, who has helped out in numerous ways—probably even in some ways that he doesn’t even know about. Jim Conley, who provided editing and guidance. Gary Jackson, who provides continual guidance, wisdom, knowledge and is a great friend. Marc Maloof, who has provided guidance and direction.
Most of all, I want to thank God for blessing me with a great life and a wonderful family: Kerry Magee Cole, a loving and supportive wife; my wonderful son Jackson, who brings joy and happiness to me everyday; Ron and Caroline Cole, and Mike and Ronnie Magee,
| “Hackers Beware “ New Riders Publishing | 8 | 
 
have been great parents to me—offering tons of love and support. I’d also like to thank my wonderful sister, brother-in-law, nieces, and nephews: Cathy, Tim, Allison, Timmy, and Brianna.
For anyone who I forget or did not mention by name, I thank all of my friends, family and co-workers who have supported me in a variety of ways through this entire process.
Tell Us What You Think
As the reader of this book, you are the most important critic and commentator. We value your opinion and want to know what we’re doing right, what we could do better, what areas you’d like to see us publish in, and any other words of wisdom you’re willing to pass our way.
As the Executive Editor for the Web Development team at New Riders Publishing, I welcome your comments. You can fax, email, or write me directly to let me know what you did or didn’t like about this book—as well as what we can do to make our books stronger.
Please note that I cannot help you with technical problems related to the topic of this book, and that due to the high volume of mail I receive, I might not be able to reply to every message.
When you write, please be sure to include this book’s title and author as well as your name and phone or fax number. I will carefully review your comments and share them with the author and editors who worked on the book.
| Fax: | 317-581-4663 | 
| Email: | stephanie.wall@newriders.com | 
| Mail: | Stephanie Wall | 
| 
 | Executive Editor | 
| 
 | New Riders Publishing | 
| 
 | 201 West 103rd Street | 
| 
 | Indianapolis, IN 46290 USA | 
| 
 | 
 | 
Introduction
With so much going on in regard to network security (or the lack thereof), a book on this topic almost needs no introduction. Less than 10 years ago, most people didn’t even know what the Internet or email was. To take a further step back, most people did not even have computers at work or home, and some even questioned their usefulness. Things have really changed. As I am writing this, the Carousel of Progress ride at Disney World goes through my mind. Things that we considered science fiction a decade ago are not only a reality, but an engrained part of our life. Heck, if the dedicated line at my house goes down for more than 30 minutes, my wife is screaming at me to fix it. This is truly the age of computers.
From a functionality standpoint, computers are great when they are stand-alone devices. If I have a computer in my home with no network connection, do I really need any computer security? The house usually provides enough security to protect it. But now that everyone is connecting their computers together via the Internet, we are building this web of trust where everyone trusts everyone else. There is just one problem: everyone does not trust everyone else. Yet, in most cases, we are giving everyone full access to this information. At this point, let’s step back and look at how this happened.
| “Hackers Beware “ New Riders Publishing | 9 | 
