Hatch B., Lee J., Kurtz G. — Hacking linux exposed: linux security secrets & solutions :: Электронная библиотека попечительского совета мехмата МГУ

Главная Ex Libris Книги Журналы Статьи Серии Каталог Wanted Загрузка ХудЛит Справка Поиск по индексам Поиск Форум

Авторизация

Поиск по указателям

Hatch B., Lee J., Kurtz G. — Hacking linux exposed: linux security secrets & solutions

Обсудите книгу на научном форуме

Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter

Название: Hacking linux exposed: linux security secrets & solutions

Авторы: Hatch B., Lee J., Kurtz G.

Аннотация:

If you have a vulnerable computer attached to the BIG BAD INTERNET, sooner or later your box will be compromised. Notice I prefer the term compromised to hacked. Hacking is a benign activity. You hack out of curiosity and [hopefully] with prior permission. Can this be done? Can I get into this box? How is he trying to keep me out? What stone has he left unturned? Woops: He has a bulletproof firewall but he left this one vulnerable cgi script in his httpd directory: HA! I'M IN! At that point the correct thing to do is to stop and notify the hackee. But once a hacker gets in, (especially if he is there without permission) the temptation to quietly mess around and cover his guilty tracks is usually overwhelming. Then it has gone from hacking to compromising someone else's box.

Язык:

Рубрика: Технология/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Год издания: 2001

Количество страниц: 566

Добавлена в каталог: 02.12.2005

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID

Предметный указатель

Sniffers, tcpdump program      194—195
Sniffers, URLs      227
Sniffit program      196
SNMP (Simple Network Management Protocol)      114—117
SNMP (Simple Network Management Protocol), countermeasures      102 117
SNMP (Simple Network Management Protocol), described      114
SNMP (Simple Network Management Protocol), net-snmp      115—117
SNMP (Simple Network Management Protocol), OS detection      101—102
SNMP (Simple Network Management Protocol), querying with net-snmp      115—117
SNMP (Simple Network Management Protocol), snmpwalk      115—117
SNMP (Simple Network Management Protocol), versions      114—115
SNMP ports      117
SNMP servers      115—117
snmpwalk      115—117
Snort program      196
Social engineering      129—137
Social engineering, contact names      74 75 77
Social engineering, described      131
Social engineering, domain name registration information      73—75
Social engineering, ego strategy      133—134
Social engineering, false authority      131
Social engineering, impersonation      132
Social engineering, information gathering tools for      137 157
Social engineering, invisible occupation strategy      134—135
Social engineering, OS detection      101
Social engineering, personal stake strategy      133
Social engineering, precautions      136—137
Social engineering, reward strategy      135—136
Social engineering, strategies      131—136
Social engineering, sympathy strategy      132—133
Software      See also "Programs"
Software, detecting version      113
Software, obtaining information about      113
Software, trojan potential of      113
Sonicwall product      486
Source code on FTP sites      139—140
Source code, comparing versions      140—141
Source code, Linux kernel      359
Source code, Perl      443—444 447
Source code, reviewing      140—141
Source code, trojaned      138—144
Source routing      217—218
source-routed packets      100
Spamming, blocking spam      383—384
Spamming, blocking spammer IP addresses      381
Spamming, email relaying and      381—382
Spamming, trojans and      144
spoofing attacks      216—217
Squid program      178
SSH (Secure Shell), countermeasures      327—329
SSH (Secure Shell), Dsniff program and      227
SSH (Secure Shell), encrypting POP with      390
SSH (Secure Shell), FTP passwords and      395
SSH (Secure Shell), identity files      328—329
SSH (Secure Shell), passwordless logons with      326—329
SSH (Secure Shell), TCP wrappers and      471
SSH (Secure Shell), tunneling feature      336—337
SSH (Secure Shell), X sessions      190
SSH clients      21 228—229
ssh connections      517—518
ssh daemon (sshd)      475
SSH server      228—229
SSH tool      194
Ssh1      326
Ssh2      326
sshd (ssh daemon)      475
Sshmitm program      227—229
SSHv2 protocol      229
SSIs (Server Side Includes)      437
SSL (Secure Sockets Layer) vs. TLS      424
SSL (Secure Sockets Layer), connections      232
SSL (Secure Sockets Layer), cookies and      449
SSL (Secure Sockets Layer), Dsniff program and      227
SSL (Secure Sockets Layer), encryption      256
SSL (Secure Sockets Layer), HTTP requests and      422—424
SSL (Secure Sockets Layer), web servers and      424
SSL certificates      220 230—232
StackGuard compiler      267
Stacks, nonexecutable      34
START SERVICE variable      508
STARTTLS extension      388—389
startup scripts      48
stateful firewalls      479—480
Stateful inspections      479—480
Stateful packet filters      477
Status checks      55—56
stealth scans      94 97
Stealth SYN scans      94
StegFS filesystem      174
Sticky bits      13—14 49
strings      267—268
Strobe tool      92—34
stunnel      390 422—423 472
Stunnel SSL wrapper      529—531
Sudo tool      259—265
suEXEC      433
Suidperl interpreter      265
SuiteSpot program      187
SuiteSpot server      187
Suitperl program      271
Sulogin command      168 169
Sum program      142
Superuser      8—9
Superuser, Linux kernel and      361
Superuser, privileges and      248—250
Surveillance cameras      166 167
SuSE Linux distribution      505—508
Swatch (Simple Watchdog)      42—44
swatchrc file      44
switched networks      193—194 221—223
switches      523—525
Symlinks (symbolic links)      274—279
Symlinks (symbolic links), Apache web server and      427—428
Symlinks (symbolic links), dangerous      427—428
Symlinks (symbolic links), file operations on      277—278
Symlinks (symbolic links), permissions and      277—278
SYN flag      182
SYN flood attacks      237—239
SYN I ACK flag      182
SYN packets      94 96 238 239
SYN scans      94 100
syslog facility      36—37 86
syslog messages      36—39
syslog.conf file      37—39
syslogd configuration      36—39
syslogd daemon      36 339—340
system calls      452—455
System daemons      249
System files      254—255
system hardening      32—36
System IDs      248
System programs, trojaned      338—351
System scanners      24—27
System tools      351
System users      9
System V checksum      141—143
system() function      452—455
tar command      264
TCFS filesystem      173
TCP connections      220 227
TCP detection      31 32
TCP header      180 181
TCP packets      97 103
TCP ports, IP packets and      181
TCP ports, scanning      91—100
TCP wrapper daemon (tcpd)      464—465
TCP wrapper library      469
TCP wrappers      464—469
TCP wrappers, blocking portmapper      110
TCP wrappers, described      464

TCP wrappers, forward/reverse lookups      87
TCP wrappers, host access control with      464—467
TCP wrappers, implementing      472
TCP wrappers, qmail and      382
TCP wrappers, reverse DNS entries      469—470
TCP wrappers, rules      465—467 473—475
TCP wrappers, services and      208
TCP wrappers, SSH and      471
TCP wrappers, stunnel and      390
TCP wrappers, support for      471
TCP wrappers, telnet connections      483
TCP wrappers, trojaned source code      139—140
TCP wrappers, trust relationships and      239—241
TCP wrappers, wildcards      467
TCP/IP networks      178—184 236—239
Tcpd (TCP wrapper daemon)      464—465
tcpdchk program      473—474
tcpdmatch program      473—475
tcpdump program      30 194—195
Tcpkill program      227
Tcpnice program      227
tcpserver program      372 475
tcpwrapper files      66
tcsh      8
Teardrop attack      237
Teleinit command      503
Telephone numbers, formats      451—452
Telephone numbers, JavaScript preprocessing      451—452
Telephone numbers, locating      137 157
Telephone numbers, wardialers      185—186
Telnet banner      102
telnet client      184
Telnet connections to web servers      418—419
Telnet connections, application layer protocols      184
Telnet connections, blocking      483
Telnet connections, CGI programs      443
Telnet connections, rejecting      467—468
Telnet connections, resource-exhaustion attacks      475—476
Telnet connections, TCP wrappers      483
Telnet connections, unauthorized      464—465
thttpd server      456
Tiger utility      26
tilde (~)      432
Time bombs      63—64
Time-To-Live (TTL)      88—90
Timestamps, file      46—48 62
TIS Firewall Toolkit      392
TLS (Transport Layer Security) protocol      389 424
tmpnam function      273
TOMSRTBT distribution      165
top command      293
Torvalds, Linus      6
touch command      46
Traceroutes      88—92
Trail hiding      338—343
Transmission Control Protocol      180—181
Transport Layer Security (TLS) protocol      424
Trinux distribution      164
tripwire tool      51—52
Trojan horses      138—146
Trojan horses vs. viruses      146
Trojan horses, back doors      344—351
Trojan horses, binaries      138 139 338 350—351
Trojan horses, countermeasures      139 350—351
Trojan horses, delivery methods      144—146
Trojan horses, described      138
Trojan horses, email and      139
Trojan horses, man pages      113
Trojan horses, netstat command      203—205
Trojan horses, programs      113 138—139 338—351
Trojan horses, setuserid programs      251—252 323
Trojan horses, source code      138—144
Trojan horses, system programs      338—351
Trojan horses, trail hiding      338—343
Trojan horses, trusted paths and      250—253
Trojaning      338
trust relationships      21 239—241
trusted domains      470—471
trusted hosts      111
Trusted paths      250—253
TTL (time-to-live)      88 89—90
TTL field      179
Tunneling feature      336—337
ucd-snmp      See "net-snmp"
UCE (Unsolicited Commercial Email)      See "Spamming"
UDP (User Datagram Protocol)      181—182
UDP detection      31 32
UDP floods      233—234
UDP header      181
UDP packets, denying      90 481—482
UDP packets, Dnsspoof program and      216
UDP packets, traceroutes and      88
UDP port number      182
UDP ports, scanning      91—92 115 207
UDP ports, SNMP and      115
ulimit command      18—19
umask command      15
umask user      258
umask value      14—16
Unicode exploit      425
UNIX passwords      149 152 328—329
UNIX platform, IRC scripts and      153
UNIX platform, log files      36—39
UNIX platform, viruses      148
UNIX traceroute      88—89
unshadow program      296
Unsolicited Commercial Email (UCE)      See "Spamming"
Upgrading, Debian Linux      495—498
Upgrading, Red Hat      492—494
URLs, allowing double-dots in      424—425
URLs, null characters and      451
URLs, sniffing      227
Urlsnarf program      227
USE command      350
Usenet groups      512
Usenet posts as information gathering tool      137
Usenet posts for Trojan horse delivery      144
User access      316—323
user accounts      320—321
User Datagram Protocol      See "UDP"
User files      253—254
User IDs      7 9 248
useradd command      264 303
userdel command      303
usermod command      303
Usernames, HTTP authentication and      421—424
Usernames, sniffers and      193—194
users      6—22
Users, authentication rules      344—345
Users, controls on      10—20
Users, disk quotas      17—18
Users, httpd processes and      427
Users, limits on      18—19
Users, lp user      9
Users, names      7
Users, new users in password file      61
Users, nobody user      9
Users, normal users      9
Users, obtaining names      113
Users, privilege elevation      247—282
Users, privileges and      248—250
users, root user      8—9
Users, system users      9
Users, types of      8—9
utmp file      61
vertical bar (|)      450
Viper program      298
Virtual memory      21—22
Virtual private networks      185
Viruses      146—148 See

1 2 3 4 5 6 7 8

О проекте