Another thing to do is to go to Bugtraq
(http://online.securityfocus.com/archive/1) and check what known
vulnerabilities there are for your OS, server and network software and your
firewall. It will give you an idea of what needs to be patched.
The other reason to check bugtraq is to check for known input validation and
buffer over flow vulnerabilities, since the chances are you won't find these
yourself. If you have any servers available through the firewall make sure
that any scripts running on that accept user input are secure. This means if
they are meant to accept text, that characters like nulls or others, are
dealt with properly, and that no data type is aloud to be fed information as
another (i.e. make sure a user can't feed a string to an int, and so on).
There is more you have to do, but it should be a good starting place.
----- Original Message -----
From: "Conor Daly" <conor.daly at oceanfree.net>
To: "ILUG" <ilug at linux.ie>
Sent: Wednesday, December 11, 2002 12:39 AM
Subject: [ILUG] Network cracking toolkit?
> In the interests of securing a network server, I'm planning to attack it
> from the outside. I have a (debian) laptop available and I want to set
> this up as a cracker's toolkit. Alas, honest bloke that I am, I don't
> know my cracking tools from my elbow. Can anyone advise on useful tools
> to have on hand?
> Conor Daly <conor.daly at oceanfree.net>
>> Domestic Sysadmin :-)
> 12:38am up 35 days, 9:22, 0 users, load average: 0.00, 0.00, 0.00
> 12:34am up 35 days, 9:12, 1 user, load average: 0.09, 0.05, 0.01
> Irish Linux Users' Group: ilug at linux.ie>http://www.linux.ie/mailman/listinfo/ilug for (un)subscription
> List maintainer: listmaster at linux.ie
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!