Network hacking and security

Network hacking tools geomsaekhaeju vulnerability scanner automatically (Scanner) is called, using these tools to gather information is called scanning attacks. Initially, the network security vulnerabilities identified by the measures to enhance security for the purpose of ISS (Internet Security Scanner) and SATAN (Security
Analysis Tool for Auditing Networks) and the same tools have been developed. Ido phrase developed in the United States danpameo (Dan Farmer) by the system administrator by utilizing these tools to eliminate their network vulnerabilities are hoping that it has developed. However, these tools aim at illegal intrusion is also used by a malicious user. In particular, the recently named Jsbach mscan that hackers find a vulnerability scanning tool and a powerful public sscan using the two attacks has risen sharply. In addition, the scan can detect attacks that prevent concealment scan (Stealth Scan), only for the particular vulnerability seukaeningha attack a specific vulnerability scanning, scanning to hide the fact concealed (Stealth) scan attacks, scanning attacks, the network structure is also being introduced.


Multiple vulnerability scanning attacks

Find a known network security vulnerabilities that ISS and SATAN attack, but as a district, which was published in the early 1990s as a tool is rarely used nowadays. In recent years, mscan (98 released in June) and sscan (99 년 announced in January), the phrase also mns-v75beta is a tool commonly used by hackers, administrative purposes or scan tools 0 SAINT, SARA include: The security vulnerability scanning tools such as new or updated continuously scan tools developed are characterized.

-Mscan

By scanning the entire domain within its domain wingate, test-cgi, NFS exports, statd, named, ipopd, imapd, etc. which is widely used recent major vulnerability is a hacking tool that can be scanned at once.


-Sscan
mscan compared to a very powerful network security vulnerability assessment capabilities, and vulnerability to attack may be set to perform hacking script.


-Mns-v75beta
Used in many recent hacks, including rpc-related vulnerabilities and then geomsaekhaeju recent security vulnerabilities is a tool.

- POP vulnerability (QPOP / SCOPOP vulnerability checking)
- IMAP vulnerability (IMAP vulnerability checking)
- NLPS vulnerability (NLPS vulnerability checking)
- Web CGI vulnerabilities (CGI vulnerability checking)
- RPC vulnerability (RPC vulnerability checking)
- WU-FTPD vulnerability (WuFTPD and ProFTPD vulnerability checking)


Attack a specific vulnerability scanning
Multiple vulnerability scanning as opposed to hacking, to attack a specific vulnerability in order to find a system that scans a large network attacks that are targeted. phf_scan, impd_scan, winscan, rpcscan and these attacks are tools.

- Concealment scanning attacks
Typical scan log and packet analysis attacks can be detected, and all through the attack. Hiding scanning attacks found an intrusion detection system or a system administrator is not the goal of the site's network and system vulnerabilities to collect information based guseongsangtaena initiated by a client. To do this, 'the reverse mapping (Inverse Mapping)', 'slow scan (Slow Scans)', 'SYN / FIN scan "technique is used, such as, nmap uses tools such as.

- Network Architecture scanning attacks
Being used in a particular host operating system, or the entire network for gathering information about the structure is attacked. The information in the system, which facilitates the attack and any attack vulnerability tells to do. The typical tools of nmap can be



Vulnerability respond to attacks
Scanning method that can detect an attack and how to analyze logs to monitor network traffic, and how to use the scan attack detection tools, and more.

- Check the log file
Network scanners connected to a large number of ports for a period of time characterized by the service yoguha system log file analysis so the scan can detect attacks. Periodically check the log files as easy scan can detect all attacks.

- Network traffic monitoring

tcpdump, snoop, netlog using tools such as real-time or leave the log scan can detect attacks. In this case, a significant amount of logs should be monitored periodically ssatyimeuro week. If the logging of tcp traffic netlog tcplogger, udp traffic only consists of logging into udplogger it is convenient to have a network monitoring.

- Detection Tools

Currently on the Internet that can be detected by the scanner as well as many security tools are publicly available. SATAN, ISS, and to detect courtney, gabriel, Natas, such as a scanner that can detect the attack, as well as tools iplog, sentry scanning and detection tools, such as concealment, and, more recently, snort intrusion detection, etc. detection tools have been included even in the open and easy to automatically scan can detect attacks. Scan a way to avoid attacks by attacking the attacker, but the scan to be safe from attacks by as much as possible in order to reduce vulnerability to internal network scanning attacks by invisible from the outside can be prepared for.

- Security through a local network scanning
Most importantly, should not be the target of attacks. This is his attacker as a scanner to find vulnerabilities before an attack by the system administrator using the first scanner to try to check their network vulnerabilities can be avoided by complement. To use the security tools may be commercial products, and for public programs may be used by hackers, but in practice by using a scan tool to get a better effect will be. And the possible combination of different types of scans using the tools of the entire network shall identify all security vulnerabilities.


- Remove the hack vulnerability

Periodically for all hosts in the network security management, it shall be done. In particular, the newly discovered security vulnerabilities that you always check and respond to security patches should be installed. In addition, to complement the weaknesses found through scanning should be


- Network Security

Possible to provide only those services are absolutely necessary. The inetd.conf file and the startup file is located in the directory is available by removing unnecessary network services. Through these measures do not know a vulnerable network services provided, will be ignored. In particular, a variety of common network server functions provide information in advance to be to block, dual-zone transefer feature of DNS to limit the scan is very helpful in preventing attacks. In addition, the router's filtering feature or by using a firewall to filter traffic and scans routers and intrusion detection system logs regularly seokha over minutes to scan to detect attacks.