Great Circle Associates Firewalls
(July 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: programs hackers use
From: "Steven C. Payne" <spayne @ stevep . dsdc . dla . mil>
Date: Wed, 17 Jul 1996 09:42:04 -0400 (EDT)
To: firewalls @ greatcircle . com 
hi,
I know this is gonna send up flags and maybe create grief, but I am working on
compiling a list of things I find suspect on systems (hackers tools)
as well as programs that setuid, administratior priveledges, and  things 
equivelent to .netrc, .rhosts.  I have quite a few already from hackers 
I have tracked in the past.  (mostly unix)

I am looking for things that show up from time to time 
like crack, etc.  I would like anyones input about
what they have found, and a brief description on what it does.
I would also like to test it if it's possible in a controlled env. 
I am not doing this on my own, I intend on getting our security folks in on
this, and document our findings.

Understand you can call one program many names, and I would
point this out, for example:

crack	program to crack passwords
kcarc   AKA crack, program to crack passwords.

I don't want this to be unix specefic, NT specific, or TCP specific.
I want it to be generic enough to be used as a "cookbook" for system security.

I am also looking into subverting these "hacker tools" like
using secure versions of net_progs like finger, stel, wrappers
like tcpd, and smap, smapd and smrsh.  Where firewalls fit in, 
turning off wide area mounts, disabling tftp, ip spoofing, etc.
Programs to edit the registry in NT, ones that do denial of service 
and others.

I would also like to cover anonymous ftp, the early apache server, 
portmapper and pcnfsd. 

I am looking for info on network programs and vulnerabilities and cures. 
I will compile the list and maybe put it somewhere we can all
get it from, or individual mail whichever might be more secure.
Or I can provide it to CERT.
Is this something everyone would be interested in?

Anyway, mail to nomore_hack @ my.site in this msg and if interest is good, 
I will let everyone know.  If it's not good, I will let everyone know.
I really just want to snapshot what to be suspicious of and why.


			NOTE:
I know this group is for firewalls but this is also a security group
and a great wealth of knowledge exists here.  I don't want the
voluminous amount of data each system admin has encountered over the years,
I can produce that.  I want something useful and to the point, and
that's why I am posting here.
I have looked on CERT's site and found nothing really that goes into
detail about what I want, for obvious reasons.

thanks
spayne
Indexed By Date Previous: Re: Ports 137 & 138
From: anonymous-remailer @ shell . portal . com
Next: BorderWare
From: Quentin Sherman <qsherman @ sii . cl>
Indexed By Thread Previous: Re: Authentication necessary when encryption ?
From: Jan-Hein van der Burg <jhb @ knmi . nl>
Next: Re: programs hackers use
From: "Alex F" <alexf @ iss . net>
Google
 
Search Internet Search www.greatcircle.com