Tuesday, November 3, 2009
Friday, October 23, 2009
Bandwidth Monitoring Tools For Linux
Bandwidth in computer networking refers to the data rate supported by a network connection or interface. One most commonly expresses bandwidth in terms of bits per second (bps). The term comes from the field of electrical engineering, where bandwidth represents the total distance or range between the highest and lowest signals on the communication channel (band). Bandwidth represents the capacity of the connection. The greater the capacity, the more likely that greater performance
Autofocus
Autofocus
AutoFocus is a traffic analysis
Current Stable Version :- 0.3.6
Project Home Page :- http://ial.ucsd.edu/AutoFocus/
Bandwidthd
BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address’s utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server
Current Stable Version :- 2.0.1
Project Home Page :- http://bandwidthd.sourceforge.net/
Bmon
bmon is a portable bandwidth monitor and rate estimator running on various operating system
Current Stable Version :- 2.1.0
Project Home Page :- http://people.suug.ch/~tgr/bmon/
Bwbar
bwbar is a small C-based program for Linux-based machines which produces bandwidth usage statistics for a network interface. It was originally written by H. Peter Anvin, and I (Brian Towne) modified it somewhat to better suit my needs. The original program was released under the GPL. A number of people have asked for the modified program and its source, so I have created this page.
Current Stable Version :- 1.2.3
Project Home Page :- http://www.mythica.org/bwbar/
bwm
This is a very tiny bandwidth monitor (not X11). Can monitor up to 16 interfaces in the in the same time, and shows totals too.
Current Stable Version :- 1.1.0
bwm-ng
small and simple console-based bandwidth monitor.Bandwidth Monitor NG is a small and simple console-based live bandwidth monitor.
Current Stable Version :- 0.5
Cacti
Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.
Current Stable Version :- 0.8.6j
Project Home Page :- http://cacti.net/
cbm
cbm — the color bandwidth meter — is a small program to display the traffic currently flowing through your network devices.
Current Stable Version :- 0.1
Project Home Page :- http://www.isotton.com/utils/cbm/
dstat
Dstat is a versatile replacement for vmstat, iostat, netstat, nfsstat and ifstat. Dstat overcomes some of their limitations and adds some extra features, more counters and flexibility. Dstat is handy for monitoring systems during performance tuning tests, benchmarks or troubleshooting.
Current Stable Version :- 0.6.4
Project Home Page :- http://dag.wieers.com/home-made/dstat/
EtherApe
EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display.
Current Stable Version :- 0.9.7
Project Home Page :- http://etherape.sourceforge.net/
gdesklets
gDesklets is a system for bringing mini programs (desklets), such as weather forecasts, news tickers, system information displays, or music player controls, onto your desktop, where they are sitting there in a symbiotic relationship of eye candy and usefulness. The possibilities are really endless and they are always there to serve you whenever you need them, just one key-press away. The system is not restricted to one desktop environment, but currently works on most of the modern Unix desktops (including GNOME, KDE, Xfce).
Project Home Page :- http://www.gdesklets.de/
GKrellM
GKrellM is a single process stack of system monitors which supports applying themes to match its appearance to your window manager, Gtk, or any other theme.
Current Stable Version :- 2.2.10
Project Home Page :- http://members.dslextreme.com/users/billw/gkrellm/gkrellm.html
ipband
ipband is a pcap based IP traffic monitor. It tallies per-subnet traffic and bandwidth usage and starts detailed logging if specified threshold for the specific subnet is exceeded. If traffic has been high for a certain period of time, the report for that subnet is generated which can be appended to a file or e-mailed. When bandwidth usage drops below the threshold, detailed logging for the subnet is stopped and memory is freed.
Current Stable Version :- 0.8
Project Home Page :- http://ipband.sourceforge.net/
iftop
iftop does for network usage what top does for CPU usage. It listens to network traffic on a named interface and displays a table of current bandwidth usage by pairs of hosts. Handy for answering the question “why is our ADSL link so slow”.
Current Stable Version :- 0.17
Project Home Page :- http://www.ex-parrot.com/pdw/iftop/
iperf
Iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, datagram loss.
Current Stable Version :- 2.0.2
Project Home Page :- http://dast.nlanr.net/Projects/Iperf/
ipfm
IP Flow Meter (IPFM) is a bandwidth analysis tool, that measures how much bandwidth specified hosts use on their Internet link.
Current Stable Version :- 0.11.5
Project Home Page :- http://robert.cheramy.net/ipfm/
ifstat
ifstat is a tool to report network interfaces bandwith just like vmstat/iostat do for other system counters.
Current Stable Version :- 1.1
Project Home Page :- http://gael.roualland.free.fr/ifstat/
ibmonitor
ibmonitor is an interactive linux console application which shows bandwidth consumed and total data transferred on all
interfaces.
Current Stable Version :- 1.4
Project Home Page :- http://ibmonitor.sourceforge.net/
ipaudit
IPAudit monitors network activity on a network by host, protocol and port.IPAudit listens to a network device in promiscuous mode, and records every connection between two ip addresses. A unique connection is determined by the ip
addresses of the two machines, the protocol used between them, and the port numbers (if they are communicating via udp or tcp).
Current Stable Version :- 3.0.0
Project Home Page :- http://ipaudit.sourceforge.net/
IPTraf
IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.
Current Stable Version :- 0.95
Project Home Page :- http://iptraf.seul.org/
IFStatus
IFStatus was developed for Linux users that are usually in console mode. It is a simple, easy to use program for displaying commonly needed / wanted statistics in real time about ingoing and outgoing traffic of multiple network interfaces that is usually hard to find, with a simple and effecient view. It is the substitute for PPPStatus and EthStatus projects.
Current Stable Version :- 1.1.0
Project Home Page :- http://ifstatus.sourceforge.net/graphic/index.html
jnettop
Jnettop is a traffic visualiser, which captures traffic going through the host it is running from and displays streams sorted by bandwidth they use.
Current Stable Version :- 0.13.0
Project Home Page :- http://jnettop.kubs.info/wiki/
MRTG
The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic load on network links. MRTG generates HTML pages containing PNG images which provide a LIVE visual representation of this traffic.
Current Stable Version :- 2.15.1
Project Home Page :- http://oss.oetiker.ch/mrtg/
moodss
moodss is a graphical monitoring application. It is modular so that the code accessing the monitored objects is completely separate from the application core. The core takes care of managing modules (loading and unloading),displaying modules data through sortable tables and diverse graphical viewers, handling user set threshold conditions with email alerts, recording and browsing data history from a database.moodss can even predict the future, using sophisticated statistical methods and artificial neural networks, and therefore be used for capacity planning.
Current Stable Version :- 21.5
Project Home Page :- http://moodss.sourceforge.net/
monitord
A lightweight (distributed?) network security monitor for TCP/IP+Ethernet LANs. It will capture certain network events and record them in a relational database. The recorded data will be available for analysis through a CGI based interface.
Current Stable Version :- 4.0
Project Home Page :- http://sourceforge.net/projects/monitord/
Netmrg
NetMRG is a tool for network monitoring, reporting, and graphing. Based on RRDTOOL, the best of open source graphing
systems, NetMRG is capable of creating graphs of any parameter of your network.
Current Stable Version :- 0.18.2
Project Home Page :- http://www.netmrg.net
nload
nload is a console application which monitors network traffic and bandwidth usage in real time. It visualizes the in-and outgoing traffic using two graphs and provides additional info like total amount of transfered data and min/max network usage.
Current Stable Version :- 0.6.0
Project Home Page :- http://www.roland-riegel.de/nload/index.html
ntop
ntop shows the current network usage. It displays a list of hosts that are currently using the network and reports information concerning the IP (Internet Protocol) and Fibre Channel (FC) traffic generated by each host. The traffic is sorted according to host and protocol. Default protocol list (this is user configurable).
Current Stable Version :- 3.2
Project Home Page :- http://www.ntop.org
netspeed
Netspeed is just a little GNOME-applet that shows how much traffic occurs on a specified network device (for example eth0). You get the best impression of it, if you look at the screenshots below.
Current Stable Version :- 0.14
Project Home Page :- http://www.wh-hms.uni-ulm.de/~mfcn/netspeed/
Netwatch
Netwatch is a Linux program created to aid in monitoring Network Connections. It is based on a program called “statnet” but has been substantially modified for its Ethernet emphasis. It is a dynamic program which displays the Ethernet status based each the connection’s activity. It has the capability of monitoring hundreds of site statistics simultaneously. The connection’s port number (Well Known Service) and destination address are available as well. There are options which allow router statistics to be measured on simple networks (with one router). External network communication is counted and transfer rates are displayed.
Current Stable Version :- 1.0c
Project Home Page :- http://www.slctech.org/~mackay/netwatch.html
NOCOL
NOCOL is a popular system and network monitoring (network management) software that runs on Unix systems and can
monitor network and system devices. It uses a very simple architecture and is very flexible for adding new network management modules
Current Stable Version :- 4.3.1
Project Home Page :- http://www.netplex-tech.com/nocol/
NeTraMet
NeTraMet is an open-source (GPL) implementation of the RTFM architecture for Network Traffic Flow Measurement,
developed and supported by Nevil Brownlee at the University of Auckland. Nevil also developed a version of NeTraMet
which uses the CoralReef library to read packet headers. This ‘CoralReef NeTraMet meter’ can work with any CoralReef
data source; it has been tested on both CAIDA and NLANR trace files, and on DAG and Apptel ATM interface cards.
Current Stable Version :- 43
Project Home Page :- http://freshmeat.net/projects/netramet/
NetPIPE
NetPIPE is a protocol independent performance tool that visually represents the network performance under a variety of
conditions. It performs simple ping-pong tests, bouncing messages of increasing size between two processes, whether
across a network or within an SMP system. Message sizes are chosen at regular intervals, and with slight perturbations, to provide a complete test of the communication system. Each data point involves many ping-pong tests to provide an accurate timing. Latencies are calculated by dividing the round trip time in half for small messages ( <64>
Current Stable Version :- 3.6.2
Project Home Page :- http://www.scl.ameslab.gov/netpipe/
netperf
Netperf is a benchmark that can be use to measure various aspect of networking performance. The primary foci are bulk
(aka unidirectional) data transfer and request/response performance using either TCP or UDP and the Berkeley Sockets interface. As of this writing, the tests available either unconditionally or conditionally
Current Stable Version :- 2.4.3
Project Home Page :- http://www.netperf.org/netperf/
potion
This is a console utility which will listen on an interface using libpcap, aggregate the traffic into flows and display the top (as many as can fit on your screen) flows with their average throughput. A flow is identified ip protocol, source ip, source port, destination ip, destination port, and type of service flag.
Current Stable Version :- 0.0.4
pktstat
Display a real-time list of active connections seen on a network interface, and how much bandwidth is being used by what. Partially decodes HTTP and FTP protocols to show what filename is being transferred. X11 application names are also shown. Entries hang around on the screen for a few seconds so you can see what just happened. Also accepts filter expressions รก la tcpdump.
Current Stable Version :- 1.8.3
Project Home Page :- http://www.adaptive-enterprises.com.au/~d/software/pktstat/
RTG
RTG is a flexible, scalable, high-performance SNMP statistics monitoring system. It is designed for enterprises and service providers who need to collect time-series SNMP data from a large number of targets quickly. All collected data is inserted into a relational database that provides a common interface for applications to generate complex queries and reports. RTG includes utilities that generate configuration and target files, traffic reports, 95th percentile reports and graphical data plots. These utilities may be used to produce a web-based interface to the data.
Current Stable Version :- 0.7.4
Project Home Page :- http://rtg.sourceforge.net/
speedometer
Monitor network traffic or speed/progress of a file transfer. The program can be used for cases like: how long it will take for my 38MB transfer to finish, how quickly is another transfer going, How fast is the upstream on this ADSL line and how fast can I write data to my filesystem.
Current Stable Version :- 2.4
Project Home Page :- http://excess.org/speedometer/
Spong
Spong is a simple system-monitoring package written in Perl. It features client based monitoring, monitoring of network services, results displayed via the Web or console, history of problems, and flexible messaging when problems occur.
Current Stable Version :- 2.7.6
Project Home Page :- http://spong.sourceforge.net/
slurm
slurm started as a pppstatus port to FreeBSD. As I ripped off several functions
Current Stable Version :- 0.3.3
Project Home Page :- http://www.wormulon.net/projects/slurm
SNIPS
SNIPS (System & Network Integrated Polling Software) is a system and network monitoring software that runs on Unix systems and can monitor network and system devices. It is capable of monitoring DNS, NTP, TCP or web ports, host performance, syslogs, radius servers, BGP peers, etc. New monitors can be added easily (via a C or Perl API).
Current Stable Version :- 1.1
Project Home Page :- http://www.navya.com/software/snips/
tcpflow
tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way
that is convenient for protocol analysis or debugging. A program like tcpdump shows a summary of packets seen on the
wire, but usually doesn’t store the data that’s actually being transmitted. In contrast, tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis. tcpflow understands TCP sequence numbers and will correctly reconstruct data streams regardless of retransmissions or out-of-order delivery.
Current Stable Version :- 0.21
Project Home Page :- http://www.circlemud.org/~jelson/software/tcpflow/
vnstat
vnStat is a network traffic monitor for Linux that keeps a log of daily network traffic for the selected interface(s).vnStat isn’t a packet sniffer. The traffic information is analyzed from the /proc -filesystem, so vnStat can be used without root permissions. However at least a 2.2.x kernel is required.
Current Stable Version :- 1.4
Project Home Page :- http://humdi.net/vnstat/
WMND
Shows a graph of incoming/outgoing traffic, activity indicators for rx/tx and current/maximum rate for rx/tx in bytes or packets.Tailored for use with WindowMaker, it will as well work with any other window manager though.
Current Stable Version :- 0.4.6
Project Home Page :- http://dockapps.org/file.php/id/178
Thanks UBUNTU TEAM
Tuesday, October 20, 2009
Sniffing VOIP with WiresharK
“VOIP is pretty secure.” How many of us have heard this before?
Let’s fire up wireshark (found here on Linux and windows, it is a network protocol analyzer that does some cool stuff, really easy!)
First, a little background into VOIP; we use essentially three types of protocols for VOIP: Management, Media, and Auxiliary. Essentially, when netwrkspider picks up his voip phone to call yurirat on his voip phone, netwrkspider first connects to a central management server which contacts yurirat’s management server, and they work out the connection details. (Protocols, etc.) H.323 and SIP are the protocols most used in this phase.
After negotiating the details of the connection, netwrkspider’s and yurirat’s phones connect directly–This is the second group of protocols–Usually using RIP, or something like it. The third groups of protocols are the auxiliary protocols: transport, etc Usually UDP is used, but TCP could be used if you really wanted it too. (Yes, it has error correction built in, but if it has to re-send a packet, a couple milli-seconds later, think about what that will do to a latency-sensitive application like VOIP–This is why the stateless protocol UDP is usually used)
So after our background into VOIP, let’s take a look at sniffing it. Wireshark can analyze the majority of the most-used VOIP protocols, and is very useful for troubleshooting issues with your VOIP implementation. Once we have captured a VOIP stream or two, we can have Wireshark search for VOIP Calls.
We can then select one of the streams and graph it, to get a better picture of how the call was actually made.
Next, we can exit out of that, and look for any RTP frames (remember, Real Time Protocol is the media protocol for the actual conversation itself) and do an analysis on it. Once the analysis comes up, we can select “Save Payload”, and have it extract the audio from the RTP stream and save it as an .au, to listen in the media player of your choice.
Wireshark is a very good tool to use for troubleshooting your VOIP network, as well as listening in to the occasional call; of course, this could be mitigated very easy by using something like IPsec in your lan.
"Netwrkspider"
ABHISEK KUMAR
( NETWORK ADMINISTRATOR/Programmer )
Tuesday, October 6, 2009
How to restore Grub from a live Ubuntu cd.
This will restore grub if you already had grub installed but lost it to a windows install or some other occurence that erased/changed your MBR so that grub no longer appears at start up or it returns an error.
(This how to is written for Ubuntu but should work on other systems. The only thing to take note of, when you see "sudo" that will mean to you that the following command should be entered at a root terminal.)
Boot into the live Ubuntu cd. This can be the live installer cd or the older live session Ubuntu cds.
When you get to the desktop open a terminal and enter. (I am going to give you the commands and then I will explain them later)
Code:
sudo grub
Code:
find /boot/grub/stage1
Next, THIS IS IMPORTANT, whatever was returned for the find command use it in the next line (you are still at grub>. when you enter the next 3 commands)
Code:
root (hd?,?)
Next enter the command to install grub to the mbr
Code:
setup (hd0)
Code:
quit
When you reboot, you will have the grub menu at startup.
Now the explanation.
Sudo grub gets you the grub shell.
Find /boot/grub/stage1 has grub locate the file stage1. What this does is tell us where grub's files are. Only a small part of grub is located on the mbr, the rest of grub is in your boot folder. Grub needs those files to run the setup. So you find the files and then you tell grub where to locate the files it will need for setup.
So root (hd?,?) tells grub it's files are on that partition.
Finally setup (hd0) tells grub to setup on hd0. When you give grub the parameter hd0 with no following value for a partition, grub will use the mbr. hd0 is the grub label for the first drive's mbr.
Quit will exit you from the grub shell.
Friday, September 18, 2009
Install GUI in Ubuntu Server
Install desktop Environment
First you nee to make sure you have enabled Universe and multiverse repositories in /etc/apt/sources.list file once you have enable you need to use the following command to install GUI
The above command will install GNOME desktop
If you wan to install a graphical desktop manager without some of the desktop addons like Evolution and OpenOffice, but continue to use the server flavor kernel use the following command
If you want to install light weight desktop install xfce using the following command
If you want to install KDE desktop use the following command
First you nee to make sure you have enabled Universe and multiverse repositories in /etc/apt/sources.list file once you have enable you need to use the following command to install GUI
sudo apt-get update
sudo apt-get install ubuntu-desktop
sudo apt-get install ubuntu-desktop
The above command will install GNOME desktop
If you wan to install a graphical desktop manager without some of the desktop addons like Evolution and OpenOffice, but continue to use the server flavor kernel use the following command
sudo aptitude install --no-install-recommends ubuntu-desktop
If you want to install light weight desktop install xfce using the following command
sudo apt-get install xubuntu-desktop
If you want to install KDE desktop use the following command
sudo apt-get install kubuntu-desktop
Monday, September 14, 2009
Man In The Middle Attack
One of the most successful vectors for gaining control of customer information and resources is through man-in-the-middle attacks. In this class of attack, the attacker situates himself between the customer and the real web-based application, and proxies all communications between the systems. From this vantage point, the attacker can observe and record all transactions. This form of attack is successful for both HTTP and HTTPS communications. For man-in-the-middle attacks to be successful, the attacker must be able to direct the customer to their proxy server instead of the real server. Lets look at what kind of MITM attacks can be used and under what scenario.
Here is a list of Different type of MITM attacks
LOCAL AREA NETWORK: -
* ARP poisoning -
* DNS spoofing
* STP mangling
* Port stealing
FROM LOCAL TO REMOTE (through a gateway):
* ARP poisoning
* DNS spoofing
* DHCP spoofing
* ICMP redirection
* IRDP spoofing - route mangling
REMOTE:
* DNS poisoning
* Traffic tunneling
* Route mangling
However with respect to Identity Theft 'Transparent proxy attack' and 'DNS poisoning attack' are the most popular amongst Hacking community. Here is an articulate explanation of both these attacks:
* Transparent proxy attack
In order to execute this attack the hackers try to trick the victim through below mentioned Four easy steps. Step four explains analogy of MITM in case of Https. Learn more on what is https.
STEP1
URL rewriting: Prepend all URL's with the attacker's host so that requests are routed through it. http://home.netscape.com/ becomes http://www.attacker.org/http://www.server.com/
STEP2
Pages are then requested through www.attacker.org, which functions as a proxy to fetch the true page (in this case, http://www.server.com/ ), applying any of the attacker's desired transformations in the process.
STEP3
Man in the middle attack
STEP 4
After the above steps have been executed there is a secure connection between the victim and the attacker's host of which the victim is unaware as he is happy to notice that he has a secured connection hence his data is safe.
The attacker can then create a secure connection to the real host, decrypt the received data, apply transformations, re-encrypt for the victim, and send it on to him.` The Victim still remains uninformed however the Hacker has already achieved his goal.
* DNS Cache Poisoning
This is another popular MITM attack with hackers when it comes to "phishing".This attack is based on simple convention of Ip to host resolution .Here is how it works :
Every system has a host file in its systems directory in case of windows this file resides at the following location in case of windows :
C:\WINNT\system32\drivers\etc
Your computer also has a hidden system file called the Hosts file. This file can be used to hard code domain name translations and direct you to a different site. The file in you system looks like this :
Specimen of a normal Host file:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
Normally if you try to visit www.citibank.com your computer sends the request to a DNS server to find out the IP address of that domain name. After the same has been resolved the request generated from your browser is forwarded to the Citibank Webserver.
Specimen of a normal Host file under DNS poisoning attack:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
XX.XX.XX.XX Citibank.com
However for a system under such attack Hosts file supercedes DNS records by adding an entry in the Hosts file with the domain name "citybank.com" and a different IP address to which your computer can be redirected. Rather than being sent to the true Citybank server your request will go to the address specified in the Hosts file.
In the above example XX.XX.XX.XX depicts the IP address of Hackers server which is hosting a fake login screen for the legitimate domain www.citibank.com.The victim thinks that he is passing his credentials to what he types as www.citibank.com in the browser bar. However the attacker has already achieved his goal! Once again the victim remains uninformed.
Here is a list of Different type of MITM attacks
LOCAL AREA NETWORK: -
* ARP poisoning -
* DNS spoofing
* STP mangling
* Port stealing
FROM LOCAL TO REMOTE (through a gateway):
* ARP poisoning
* DNS spoofing
* DHCP spoofing
* ICMP redirection
* IRDP spoofing - route mangling
REMOTE:
* DNS poisoning
* Traffic tunneling
* Route mangling
However with respect to Identity Theft 'Transparent proxy attack' and 'DNS poisoning attack' are the most popular amongst Hacking community. Here is an articulate explanation of both these attacks:
* Transparent proxy attack
In order to execute this attack the hackers try to trick the victim through below mentioned Four easy steps. Step four explains analogy of MITM in case of Https. Learn more on what is https.
STEP1
URL rewriting: Prepend all URL's with the attacker's host so that requests are routed through it. http://home.netscape.com/ becomes http://www.attacker.org/http://www.server.com/
STEP2
Pages are then requested through www.attacker.org, which functions as a proxy to fetch the true page (in this case, http://www.server.com/ ), applying any of the attacker's desired transformations in the process.
STEP3
Man in the middle attack
STEP 4
After the above steps have been executed there is a secure connection between the victim and the attacker's host of which the victim is unaware as he is happy to notice that he has a secured connection hence his data is safe.
The attacker can then create a secure connection to the real host, decrypt the received data, apply transformations, re-encrypt for the victim, and send it on to him.` The Victim still remains uninformed however the Hacker has already achieved his goal.
* DNS Cache Poisoning
This is another popular MITM attack with hackers when it comes to "phishing".This attack is based on simple convention of Ip to host resolution .Here is how it works :
Every system has a host file in its systems directory in case of windows this file resides at the following location in case of windows :
C:\WINNT\system32\drivers\etc
Your computer also has a hidden system file called the Hosts file. This file can be used to hard code domain name translations and direct you to a different site. The file in you system looks like this :
Specimen of a normal Host file:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
Normally if you try to visit www.citibank.com your computer sends the request to a DNS server to find out the IP address of that domain name. After the same has been resolved the request generated from your browser is forwarded to the Citibank Webserver.
Specimen of a normal Host file under DNS poisoning attack:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
XX.XX.XX.XX Citibank.com
However for a system under such attack Hosts file supercedes DNS records by adding an entry in the Hosts file with the domain name "citybank.com" and a different IP address to which your computer can be redirected. Rather than being sent to the true Citybank server your request will go to the address specified in the Hosts file.
In the above example XX.XX.XX.XX depicts the IP address of Hackers server which is hosting a fake login screen for the legitimate domain www.citibank.com.The victim thinks that he is passing his credentials to what he types as www.citibank.com in the browser bar. However the attacker has already achieved his goal! Once again the victim remains uninformed.
Tuesday, September 8, 2009
Install Samba Server on Ubuntu
If you want to share files between your Ubuntu and Windows computers, your best option is to use Samba file sharing.
To install, first open a terminal window and enter the following command:
sudo apt-get install samba smbfs
We’ve got samba installed, but now we’ll need to configure it to make it accessible. Run the following command to open the configuration file, substituting your editor of choice:
sudo gedit /etc/samba/smb.conf
Find this section in the file:
####### Authentication #######
# “security = user” is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba-HOWTO-Collection/ServerType.html
# in the samba-doc package for details.
; security = user
Uncomment the security line, and add another line to make it look like this:
security = user
username map = /etc/samba/smbusers
This will set Samba to use the smbusers file for looking up the user list.
Create a Samba User
There are two steps to creating a user. First we’ll run the smbpasswd utility to create a samba password for the user.
sudo smbpasswd -a
Next, we’ll add that username to the smbusers file.
sudo gedit /etc/samba/smbusers
Add in the following line, substituting the username with the one you want to give access to. The format is = “”. You can use a different samba user name to map to an ubuntu account, but that’s not really necessary right now.
= “”
Now you can create samba shares and give access to the users that you listed here.
To install, first open a terminal window and enter the following command:
sudo apt-get install samba smbfs
We’ve got samba installed, but now we’ll need to configure it to make it accessible. Run the following command to open the configuration file, substituting your editor of choice:
sudo gedit /etc/samba/smb.conf
Find this section in the file:
####### Authentication #######
# “security = user” is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba-HOWTO-Collection/ServerType.html
# in the samba-doc package for details.
; security = user
Uncomment the security line, and add another line to make it look like this:
security = user
username map = /etc/samba/smbusers
This will set Samba to use the smbusers file for looking up the user list.
Create a Samba User
There are two steps to creating a user. First we’ll run the smbpasswd utility to create a samba password for the user.
sudo smbpasswd -a
Next, we’ll add that username to the smbusers file.
sudo gedit /etc/samba/smbusers
Add in the following line, substituting the username with the one you want to give access to. The format is
Now you can create samba shares and give access to the users that you listed here.
Subscribe to:
Posts (Atom)
