Tag Archives: security

nemesis: Way, way out of my depth

I suppose part of the good in traipsing through an alphabetical list of console software was that I was forced — forced, I tell you — to look at software I would otherwise dismiss out of hand.

And looking at nemesis, I realize two things.

2014-02-02-lv-r1fz6-nemesis

That I am way out of my depth here. And that I am way, way out of my depth here.

I have found several introductions to nemesis elsewhere on the Internet, and of course there is a man page, but I fear I haven’t the requisite background to appreciate it fully.

I see that it transmits packets from the command line, which also suggests it can be run via script. I see that it can manage a lot of protocols, to include ARP, UDP and TCP.

The only problem is that those things are very vague to me, and I don’t know how or why I would need to do that.

So I scratch my head and try a couple of random stabs at the thing, but I feel very much like a chimpanzee staring at a Swiss army knife. It just doesn’t quite unfold for me.

And as time is a factor here, I hope you’ll forgive me if I set this aside for a later date. When a smarter, wiser K.Mandla arrives. 😕

nbtscan: So polite and helpful … and still I am clueless

Adding to the list of network tools that I’m not 100 percent sure how to use, here’s nbtscan, which is probably short for NetBIOS scanner.

2014-01-29-lv-r1fz6-nbtscan

I am not sure about that either though, because the home page for nbtscan is unresponsive. So all I have to go on is what appears on the Arch and Debian package pages.

nbtscan seems to be searching for replies from IP addresses within my network, and reporting on the information returned.

See, I’m not totally ignorant. 😐

Part of my flimflammedness might be the side effect of such a small network. Only one machine on the access point right now, which means there’s not much to report.

The Debian page suggests it can return logged-in user names, which I’d like to see. I need to fiddle with it a little more and see what I can glean.

nbtscan serves up its results in a table format, but if you want to pluck its pearls of wisdom and serve them to another application, I see there are flags to adjust its delivery.

Now if only I understood what it was telling me. 😐

nast: A feeling of incompleteness

I am reminded of kismet when I start nast.

2014-01-29-lv-r1fz6-nast

And I know very little of the finer points of networking, but I get the impression they both do similar things: probe networks and read the traffic going by.

It’s my unfamiliarity with such endeavours that suggests to me maybe I don’t fully understand them. But at the same time I get the feeling that nast isn’t quite finished.

You can see where there’s a smudge of menus at the start of the program. And nast has locked up twice when I tested it.

It may be that it’s busy doing something, but aside from the little that you saw in the gif, I can’t seem to make it do much else.

If I knew what I was doing, and if I knew what tool I needed, and if both nast and kismet could do it, and if I had to choose, right now I’d probably go with kismet.

But that’s a lot of ifs. 😕

labrea: A cunning name for a sticky trap

I’m going to include LaBrea in this little jaunt even though I have almost no clue how it works, or how to get it going.

As I understand it, LaBrea is a honeypot with a deliciously sinister twist: It ties up traffic to keep the intruding line occupied, effectively bogging down the attacker.

It’s all Greek to me of course, but it’s terrifically interesting, and the description of its history and principles is worth reading through.

My only fear is that LaBrea is about a decade old, and while it installed for me in Arch, I can’t really be sure it works as promised.

Furthermore, I have no context for using LaBrea, and more’s the pity. If I could demonstrate something with a screenshot or animation you know I would, but installing it and showing the man page would be the only thing to see. Again.

So I’ll spare you the uninitiated attempt to look over software that’s just beyond my practical use. If you like the idea and can put it into action, please share your experiences. 😉

kismet: Too cool for the average tool

Sometimes I find stuff that is so cool to watch and look at, that I don’t even notice that I have no clue what it’s doing.

Here’s kismet, which falls easily into that category.

2013-12-15-lv-r1fz6-kismet

Mentally I lump this with things like wavemon or ettercap, where I’m getting a lot of data that I just don’t understand.

But it looks really cool. Throw this up on your screen at a geek party and you will not go home alone. 😉

Actually I do have a vague idea what’s happening there, but it doesn’t behoove me to know what it is. Ignorance is the better part of valor … this time.

kismet is mostly menu-driven, and will bounce boxed messages in front of your face if it really wants your attention.

It also has a live-action display, as you can see, and takes a healthy series of command-line options too. This is a very impressive console application, people.

Of course, you have to know what you’re doing with it. Otherwise, it’s just another cool tool. I’ve got a lot of those lying around. 😉

hunt: The god of doorways

I am behind the power curve now, because of some frightening technical issues that cropped up in the past 24 hours or so.

Nothing network related (this time); instead, one of my external drives I use for a data archive (think: family photos and scanned documents) began spitting out errors.

It was suspect for at least a few days beforehand, with slow transfers and suspicious behavior. Luckily I copied everything off there — in the conventional manner, with no error messages — before some 20- to 30-hour tests.

It’s disappointing mostly because I bought that drive only a little more than a year ago, and anticipated it lasting much, much longer.

Rather than rant against the state of affairs in the hard drive industry, I’ll show you hunt.

2013-11-27-4dkln41-hunt-nosudo

That’s what hunt looks like if you don’t invoke superuser privileges. Something roguelike, multiplayer, with vi-ish movement and a text-based display.

Here’s what it looks like if you can rank yourself among those with godlike powers.

2013-11-27-4dkln41-hunt-sudo

Not a game, at all. Now we’re into specific network security functions, and as you can see from the menu options, they don’t mince words. Depending on the level of mischief you intend, hunt puts you in the driver’s seat.

I won’t pretend I know much about those things, mostly because I don’t know much about those things. All pretension aside, you’ll need to look elsewhere for a tutorial. I’m clueless.

On the other hand, I give hunt an extra point for — depending on your perspective — including a nontrivial roguelike as a time-waster … or as a distraction for the masses, keeping them ignorant and pacified.

Screenshots are Debian; the AUR version wouldn’t build for me. Plus one for the red swirly team. 😉

hping: More network novelty

Once again I clamber into vague territory with hping, a tool whose web page describes it as a packet assembler and analyzer, with the ability to send files, traceroute and handle a lot of different protocols.

2013-11-24-lv-r1fz6-hping

Most of which is Greek to me. I got a little traction with the help of a few obscure howto pages tacked up to the Internet, but network security is not my strong point.

I can see what hping is doing and I understand that in some cases, no response means the target is there and listening, but I’m not an expert by any stretch.

There are three versions of hping, as I understand it: the original, a rewrite and a third that offers some scripting support.

Which one you use will depend on your distro and your level of expertise, I imagine. This is quite a bit more complex than just the old fashioned ping tool. Be prepared.

And that’s all I’ll say for now. A person’s got to know their limitations. 😐

aircrack-ng: Opening networks, opening minds

I don’t have a screenshot today, and I don’t have much to tell you about aircrack-ng.

That doesn’t mean I don’t have much experience with it. Quite to the contrary, it has been very useful to me in the past.

What I will tell you about it is, it convinced me to run my own home wireless network without any encryption at all.

Mostly because the few times I tried to lock down my wireless router, I discovered that I could break into it, in most scenarios, in a frighteningly short amount of time.

And I will confess one time I tinkered with an encrypted office network that was in range, and had no trouble entering that either.

Which means two things to me, in the grand scheme of things.

First, that anyone who can handle aircrack-ng (or other tools like it) will probably get into my network, given enough time and determination.

That, to me, means wireless network security is really only a precaution against random people borrowing time on my network.

And since I have been a freeloader in the past (this is the second thing, by the way), and I have been ridiculously thankful for an unsecured public access spot, I leave it open as a courtesy to that one random person who really needs it, to download a driver or send an e-mail.

True, there are bad people in the world who will take advantage of it, but what’s to be done about that? There are bad people everywhere.

aircrack-ng only convinced me to give freely with license, rather than wait to have something taken without permission. 😐

P.S.: I’ll tack on a link to airsnort, without judgment. Similar, but very out of date and probably not useful except in rare situations.

aide: Security through meticulous checking

I am just a lowly home computer user, so I have almost no need for intrusion detection.

I will, however, mention aide as a security tool.

2013-04-30-solo-2150-aide

I have zero experience with aide, and I have only a passing understanding of how it works or how to use it.

Seems to me, aide keeps a tight list of files on your system and checks them occasionally for signs of tampering.

No doubt the home page can explain it better than I. If security and system integrity are a concern for you, this is probably what you want.

And given that its first incarnations were in 1999, I think its safe to say it’s an established feature in the Linux landscape.