HackNote / HackNotes Linux and Unix Security Portable Reference / Dhanjani / 222786-9 / Color profile: Generic CMYK printer profile Composite Default screen blind folio i HACKNOTES™ Linux and Unix Security Portable Reference “A virtual arms cache at your fingertips. HackNotes Linux and Unix Security Portable Reference is a valuable reference for busy administrators and consultants who value the condensed and practical insight to understanding the threats they face and how to practically utilize tools to test the security of their environments.” —Patrick Heim, Vice President Enterprise Security, McKesson Corporation “HackNotes Linux and Unix Security Portable Reference is a valuable practical guide to protecting Linux and Unix systems from attack. Many books give general (and often vague) advice, whereas this book’s style provides very precise descriptions of attacks and how to protect against them.” —Mikhail J. Atallah, Professor of Computer Science, Purdue University, CERIAS “A clear concise guide to security problems faced by sysadmins today. Every sysadmin should be familiar with the material covered in HackNotes Linux and Unix Security Portable Reference. For every vulnerability presented, the author provides common-sense guidelines for securing your network. Emphasis on real world examples reinforces just how serious today’s threat is.” —Snax, The Shmoo Group, Maintainer of AirSnort P:\010Comp\HackNote\786-9\fm.vp Wednesday, June 04, 2003 1:17:43 PM HackNote / HackNotes Linux and Unix Security Portable Reference / Dhanjani / 222786-9 / Color profile: Generic CMYK printer profile Composite Default screen blind folio ii This page intentionally left blank P:\010Comp\HackNote\786-9\fm.vp Wednesday, June 04, 2003 1:17:43 PM HackNote / HackNotes Linux and Unix Security Portable Reference / Dhanjani / 222786-9 / Color profile: Generic CMYK printer profile Composite Default screen blind folio iii HACKNOTES™ Linux and Unix Security Portable Reference NITESH DHANJANI McGraw-Hill/Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto P:\010Comp\HackNote\786-9\fm.vp Wednesday, June 04, 2003 1:17:43 PM Color profile: GenericHackNote CMYK printer/ HackNotes profile Linux and Unix Security Portable Reference / Dhanjani / 222786-9 / Composite Default screen blind folio iv McGraw-Hill/Osborne 2100 Powell Street, 10th Floor Emeryville, California 94608 U.S.A. To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact McGraw-Hill/Osborne at the above address. For information on translations or book distributors outside the U.S.A., please see the International Contact Information page immediately following the index of this book. HackNotes™ Linux and Unix Security Portable Reference Copyright © 2003 by The McGraw-Hill Companies. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. 234567890 DOC DOC 019876543 ISBN 0-07-222786-9 Publisher Proofreader Brandon A. Nordin Stefany Otis Vice President & Associate Publisher Indexer Scott Rogers Valerie Perry Executive Editor Composition Jane Brownlow Carie Abrew Senior Project Editor Lucie Ericksen Betsy Manini Illustrators Executive Project Editor Melinda Moore Lytle Mark Karmendy Kathleen Fay Edwards Acquisitions Coordinator Lyssa Wald Athena Honore Cover Series Design Technical Editor Dodie Shoemaker Robert Clugston Series Design Series Editor Dick Schwartz Mike Horton Peter F. Hancik Copy Editor Robert Campbell This book was published with Corel Ventura™ Publisher. Information has been obtained by McGraw-Hill/Osborne and the author from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill/Osborne, the author, or others, McGraw-Hill/Osborne and the author do not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from use of such information. P:\010Comp\HackNote\786-9 (reprint)\786-9\fm.vp Wednesday, July 30, 2003 10:50:50 AM HackNote / HackNotes Linux and Unix Security Portable Reference / Dhanjani / 222786-9 / Color profile: Generic CMYK printer profile Composite Default screen blind folio v To my father. To my mother. And, to my grandmother. P:\010Comp\HackNote\786-9\fm.vp Wednesday, June 04, 2003 1:17:44 PM Color profile: GenericHackNote CMYK printer/ HackNotes profile Linux and Unix Security Portable Reference / Dhanjani / 222786-9 / Composite Default screen blind folio vi About the Author Nitesh Dhanjani Nitesh Dhanjani is an information security consultant for Foundstone, Inc. While at Foundstone, Nitesh has been involved in many types of proj- ects for various Fortune 500 firms, including network, application, host penetration, and security assessments, as well as security architecture de- sign services. Nitesh is a contributing author to HackNotes: Network Security Portable Reference (McGraw-Hill/Osborne, 2003) and to the latest edition of the best-selling security book Hacking Exposed: Network Security Secrets and Solutions (McGraw-Hill/Osborne, 2003). He has also has published articles for numerous technical publications such as the Linux Journal. In addition to authoring, Nitesh has both contributed to and taught Foundstone’s “Ul- timate Hacking: Expert” and “Ultimate Hacking” security courses. Prior to joining Foundstone, Nitesh worked as a consultant with the information security services division of Ernst & Young LLP, where he performed attack and penetration reviews for many significant compa- nies in the IT arena. He also developed proprietary network scanning tools for use within Ernst & Young LLP’s eSecurity Solutions department. Nitesh graduated from Purdue University with both a bachelor’s and a master’s degree in Computer Science. At Purdue, he was involved in numerous research projects with the CERIAS team (Center for Edu- cation and Research Information Assurance and Security). He was also responsible for creating content for and teaching C and C++ program- ming courses to be delivered remotely as part of a project sponsored by IBM, AT&T, and Intel. Nitesh continues to be actively involved in open source projects, systems programming, and Linux kernel development. He can be reached at [email protected]. About the Technical Reviewer Robert Clugston Robert Clugston is an information technology security consultant for Foundstone. He has over six years of experience in systems administration, network security, and web production engineering. Robert initially joined Foundstone to design and secure Foundstone’s web site and is now fo- cused on delivering those services to Foundstone’s clients. Prior to joining Foundstone, Robert worked as a systems administrator for an Internet ser- vice provider. His responsibilities included deploying, maintaining, and securing business-critical systems to include web servers, routers, DNS servers, mail servers, and additional Internet delivery devices/systems. Prior to joining Foundstone, Robert also worked briefly as an independent contractor specializing in Perl/PHP web development. Robert holds an MSCE in Windows NT. P:\010Comp\HackNote\786-9\fm.vp Wednesday, June 04, 2003 1:17:44 PM HackNote / HackNotes Linux and Unix Security Portable Reference / Dhanjani / 222786-9 / Color profile: Generic CMYK printer profile Composite Default screen CONTENTS Acknowledgments . xiii Introduction. xix Reference Center Common Commands . RC 2 Common Ports . RC 7 IP Addressing . RC 9 Dotted Decimal Notation . RC 9 Classes . RC 9 Subnet Masks . RC 11 CIDR (Classless Inter-Domain Routing) . RC 12 Loopback . RC 12 Private Addresses . RC 12 Protocol Headers . RC 12 Online Resources . RC 15 Hacking Tools . RC 15 Web Resources . RC 18 Mailing Lists . RC 19 Conferences and Events . RC 19 Useful Netcat Commands . RC 20 ASCII Table . RC 22 HTTP Codes . RC 28 Important Files . RC 30 Part I Hacking Techniques and Defenses ■ 1 Footprinting . 3 Search Engines . 4 Domain Registrars . 8 Regional Internet Registries . 12 DNS Reverse-Lookups . 14 vii P:\010Comp\HackNote\786-9\fm.vp Wednesday, June 04, 2003 1:17:44 PM HackNote / HackNotes Linux and Unix Security Portable Reference / Dhanjani / 222786-9 / FM Color profile: Generic CMYK printer profile Composite Default screen viii HackNotes Linux and Unix Security Portable Reference Mail Exchange . 15 Zone Transfers . 16 Traceroute . 18 Summary . 19 ■ 2 Scanning and Identification . 21 Pinging . 23 Ping Sweeping . 23 TCP Pinging . 24 Port Scanning . 25 TCP Connect . 25 TCP SYN/Half-Open . 26 FIN . 27 Reverse Ident . 28 XMAS . 28 NULL . 29 RPC . 29 IP Protocol . 30 ACK . 30 Window . 31 UDP . 31 Fingerprinting . 32 Summary . 34 ■ 3 Enumeration . 35 Enumerate Remote Services . 36 FTP (File Transfer Protocol): 21 (TCP) . 37 SSH (Secure Shell): 22 (TCP) . 38 Telnet: 23 (TCP) . 38 SMTP (Simple Mail Transfer Protocol): 25 (TCP) . 39 DNS (Domain Name System): 53 (TCP/UDP) . 41 Finger: 79 (TCP) . 42 HTTP (Hypertext Transfer Protocol): 80 (TCP) 43 POP3 (Post Office Protocol 3): 110 (TCP) . 45 Portmapper: 111 (TCP) . 45 NNTP (Network News Transfer Protocol): 119