Closing Open Holes, System Security How to close open holes

Closing Open Holes, System Security How to close open holes...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Closing Open Holes September 27, 2000 By Ankit Fadia With the spread of Hackers and Hacking incidents, the time has come, when not only system administrators of servers of big companies, but also people who connect to the Internet by dialing up into their ISP, have to worry about securing their system. It really does not make much difference whether you have a static IP or a dynamic one, if your system is connected to the Internet, then there is every chance of it being attacked. This manual is aimed at discussing methods of system security analysis and will shed light on as to how to secure your standalone (also a system connected to a LAN) system. Open Ports: A Threat to Security? In the Netstat Tutorial we had discussed how the netstat -a command showed the list of open ports on your system. Well, anyhow, before I move on, I would like to quickly recap the important part. So here goes, straight from the netstat tutorial: Now, the ??a? option is used to display all open connections on the local machine. It also returns the remote system to which we are connected to, the port numbers of the remote system we are connected to (and the local machine) and also the type and state of connection we have with the remote system. For Example, C:\windows>netstat -a Active Connections Proto Local Address Foreign Address State TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED TCP ankit:1036 dwarf.box.sk:ftp-data TIME_WAIT TCP ankit:1043 banners.egroups.com:80 FIN_WAIT_2 TCP ankit:1045 mail2.mtnl.net.in:pop3 TIME_WAIT TCP ankit:1052 zztop.boxnetwork.net:80 ESTABLISHED TCP ankit:1053 mail2.mtnl.net.in:pop3 TIME_WAIT UDP ankit:1025 *:* UDP ankit:nbdatagram *:* Now, let us take a single line from the above output and see what it stands for: Proto Local Address Foreign Address State TCP ankit:1031 dwarf.box.sk:ftp ESTABLISHED Now, the above can be arranged as below: Protocol: TCP (This can be Transmission Control Protocol or TCP, User Datagram Protocol or UDP or sometimes even, IP or Internet Protocol.) Local System Name: ankit (This is the name of the local system that you set during the Windows setup.)
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Local Port opened and being used by this connection: 1031 Remote System: dwarf.box.sk (This is the non-numerical form of the system to which we are connected.) Remote Port: ftp (This is the port number of the remote system dwarf.box.sk to which we are connected.) State of Connection: ESTABLISHED ?Netstat? with the ??a? argument is normally used, to get a list of open ports on your own system i.e. on the local system. This can be particularly useful to check and see whether your system has a Trojan installed or not. Yes, most good Antiviral software are able to detect the presence of Trojans, but, we are hackers, and need to software to tell us, whether we are infected or not. Besides, it is more fun to do something manually than to simply click on the ?Scan? button and let some software do it. The following is a list of Trojans and the port numbers which they use, if you
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 7

Closing Open Holes, System Security How to close open holes...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online