[nylug-talk] nmap checkrootkit
J. Oquendo
sil at infiltrated.net
Thu Jul 5 11:08:28 EDT 2007
Steven Lembark wrote:
>> Hi, I am reading a Ubuntu book says that chrootkit
>> and nmap tools can be used to test and probe one's
>> own system. Anyone know more about how to use these
>> tools to self-test the system?
>>
>
> nmap can be used to scan for open ports and is a big
> help in checking for holes.
>
> Assuming you have some sort of port-forwarding router,
> the trick is to find an external machine that you can
> use to probe looking into the router from outside: this
> is the collection of ports that are vulnerable from the
> outside. Probing the interior machines only tells you
> how vulnerable they are to each other, not the cloud.
>
> For example, if your gateway router is configured to
> drop all packets without an 'ack' bit set then there
> isn't much anyone can do to initite a connection. This
> may be a reasonable setting if you don't provide any
> services from your machine to the outside. In that
> case nmap from outside will show nothing open at all
> even if you have all sorts of things available inside.
>
>
>
>
If nmap is used correctly it will detect which *common*
are opened. Run off the rip ie: nmap -sS -v -v ip.address
it will solely used predefined ports. If you want to do
a true check you would use the -p switch. A more effective
method of seeing whats going on for me would be:
lsof -i|awk '/TCP|UDP/{print $1"\t"$7"\t"$8}'|sort -u
As for checkrootkit. Its primitive if you ask me. Finds
what's known to the author.
--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
echo infiltrated.net|sed 's/^/sil@/g'
"Wise men talk because they have something to say;
fools, because they have to say something." -- Plato
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
"How a man plays the game shows something of his
character - how he loses shows all" - Mr. Luckey
More information about the nylug-talk
mailing list