Request for help with a hacker project, or simple question answer sought

Hi all,

I have two computers, one Windows and one linux; the linux one I want
to setup Samba on, and also have it as a secure server. In other
words, I want to be able to run security tools on the "network"
(crossover cable needed?) - which terminates at a router.

Here is the question: Using SATAN or equivalent tools, how do you
prevent it from going outside the "LAN", so it doesnt start trying to
scan the ISP connected to the router?

Picture:
Spare crossover cable (CAT5)
Computer 1 (one ethernet jack) Computer two (one ethernet jack)
\\ //

\\ //
CAT5/6 CAT5/6
\\ //

|
|-------------------------|
Router (five ports plus one port for feed to
internet)
|
|
ISP < ------------------ > Internet

Tools I want to run on my home "LAN":
SATAN
SAINT
NMap
etc.

Additional question: There is also a unix for windows application
installed on the Windows PC, can this be scanned as well as if it were
an actual unix machine (i.e. it runs init and similar processes, and
can also view ALL windows processes as well)?

Hope that slight question makes sense and TIA.

Me - Just Me

Re: Request for help with a hacker project, or simple question answer sought

James wrote:
> Hi all,
>
> I have two computers, one Windows and one linux; the linux one I want
> to setup Samba on, and also have it as a secure server. In other
> words, I want to be able to run security tools on the "network"
> (crossover cable needed?) - which terminates at a router.
>
> Here is the question: Using SATAN or equivalent tools, how do you
> prevent it from going outside the "LAN", so it doesnt start trying to
> scan the ISP connected to the router?
>
> Picture:
> Spare crossover cable (CAT5)
> Computer 1 (one ethernet jack) Computer two (one ethernet jack)
> \\ //
>
> \\ //
> CAT5/6 CAT5/6
> \\ //
>
> |
> |-------------------------|
> Router (five ports plus one port for feed to
> internet)
> |
> |
> ISP < ------------------ > Internet
>
> Tools I want to run on my home "LAN":
> SATAN
> SAINT
> NMap
> etc.
>
> Additional question: There is also a unix for windows application
> installed on the Windows PC, can this be scanned as well as if it were
> an actual unix machine (i.e. it runs init and similar processes, and
> can also view ALL windows processes as well)?
>
> Hope that slight question makes sense and TIA.
>
> Me - Just Me

Another question: Does the Linux computer have to be connected to the
other directly, or can they all be plugged into the router and
see/connect to each other?

A few other details --
I want to have a static IP on the linux box, while the others are using
dhcp,
and the linux version is the 7.1 RedHat (Security Enhanced). It will
have all current updates/kernel revisions and patches installed before
it is connected to anything at all other than a power strip.

It would be nice to have the linux computer function not only as a
network security scanner, but a samba server and a firewall as well. I
know this is a horrid idea and generally not recommended, but I'd like
to try to set this up.

The package and tool installation and geral configuration I can do, I
would just like to solicit ideas and suggestions/advice on the
questions.

Re: Request for help with a hacker project, or simple question answer sought

James wrote:
> James wrote:
> > Hi all,
> >
> > I have two computers, one Windows and one linux; the linux one I want
> > to setup Samba on, and also have it as a secure server. In other
> > words, I want to be able to run security tools on the "network"
> > (crossover cable needed?) - which terminates at a router.
> >
> > Here is the question: Using SATAN or equivalent tools, how do you
> > prevent it from going outside the "LAN", so it doesnt start trying to
> > scan the ISP connected to the router?
> >
> > Picture:
> > Spare crossover cable (CAT5)
> > Computer 1 (one ethernet jack) Computer two (one ethernet jack)
> > \\ //
> >
> > \\ //
> > CAT5/6 CAT5/6
> > \\ //
> >
> > |
> > |-------------------------|
> > Router (five ports plus one port for feed to
> > internet)
> > |
> > |
> > ISP < ------------------ > Internet
> >
> > Tools I want to run on my home "LAN":
> > SATAN
> > SAINT
> > NMap
> > etc.
> >
> > Additional question: There is also a unix for windows application
> > installed on the Windows PC, can this be scanned as well as if it were
> > an actual unix machine (i.e. it runs init and similar processes, and
> > can also view ALL windows processes as well)?
> >
> > Hope that slight question makes sense and TIA.
> >
> > Me - Just Me
>
> Another question: Does the Linux computer have to be connected to the
> other directly, or can they all be plugged into the router and
> see/connect to each other?
>
> A few other details --
> I want to have a static IP on the linux box, while the others are using
> dhcp,
> and the linux version is the 7.1 RedHat (Security Enhanced). It will
> have all current updates/kernel revisions and patches installed before
> it is connected to anything at all other than a power strip.
>
> It would be nice to have the linux computer function not only as a
> network security scanner, but a samba server and a firewall as well. I
> know this is a horrid idea and generally not recommended, but I'd like
> to try to set this up.
>
> The package and tool installation and geral configuration I can do, I
> would just like to solicit ideas and suggestions/advice on the
> questions.

Sorry about multiple messages, just wanted to add to linux group as
well.

TIA

Me, Just Me

Re: Request for help with a hacker project, or simple question answersought

Doesn't your router have IPSEC security table?
Put local IP or MAC of server in the "Block WAN Access" list
on the router.

James wrote:
> James wrote:
>> Hi all,
>>
>> I have two computers, one Windows and one linux; the linux one I want
>> to setup Samba on, and also have it as a secure server. In other
>> words, I want to be able to run security tools on the "network"
>> (crossover cable needed?) - which terminates at a router.
>>
>> Here is the question: Using SATAN or equivalent tools, how do you
>> prevent it from going outside the "LAN", so it doesnt start trying to
>> scan the ISP connected to the router?
>>
>> Picture:
>> Spare crossover cable (CAT5)
>> Computer 1 (one ethernet jack) Computer two (one ethernet jack)
>> \\ //
>>
>> \\ //
>> CAT5/6 CAT5/6
>> \\ //
>>
>> |
>> |-------------------------|
>> Router (five ports plus one port for feed to
>> internet)
>> |
>> |
>> ISP < ------------------ > Internet
>>
>> Tools I want to run on my home "LAN":
>> SATAN
>> SAINT
>> NMap
>> etc.
>>
>> Additional question: There is also a unix for windows application
>> installed on the Windows PC, can this be scanned as well as if it were
>> an actual unix machine (i.e. it runs init and similar processes, and
>> can also view ALL windows processes as well)?
>>
>> Hope that slight question makes sense and TIA.
>>
>> Me - Just Me
>
> Another question: Does the Linux computer have to be connected to the
> other directly, or can they all be plugged into the router and
> see/connect to each other?
>
> A few other details --
> I want to have a static IP on the linux box, while the others are using
> dhcp,
> and the linux version is the 7.1 RedHat (Security Enhanced). It will
> have all current updates/kernel revisions and patches installed before
> it is connected to anything at all other than a power strip.
>
> It would be nice to have the linux computer function not only as a
> network security scanner, but a samba server and a firewall as well. I
> know this is a horrid idea and generally not recommended, but I'd like
> to try to set this up.
>
> The package and tool installation and geral configuration I can do, I
> would just like to solicit ideas and suggestions/advice on the
> questions.
>

Re: Request for help with a hacker project, or simple question answer sought

Post removed (X-No-Archive: yes)

Re: Request for help with a hacker project, or simple question answer sought

On 5 Aug 2006, in the Usenet newsgroup comp.unix.misc, in article
<1154822595.945291.80780@p79g2000cwp.googlegroups.com>, James wrote:

>James wrote:
>
>> I have two computers, one Windows and one linux; the linux one I want
>> to setup Samba on, and also have it as a secure server. In other
>> words, I want to be able to run security tools on the "network"
>> (crossover cable needed?) - which terminates at a router.

Crossover cable is needed when you are connecting to NICs _directly_ without
a router, switch, or hub. If using one of those, it's a normal "straight
through" type cable.

>> Here is the question: Using SATAN or equivalent tools, how do you
>> prevent it from going outside the "LAN", so it doesnt start trying to
>> scan the ISP connected to the router?

Most tools want you to specify the IP address of the victim computer.
Don't specify the IP address of any computer you haven't been requested to
probe, and you'll be fine.

>> Picture:

I suppose.

>> Tools I want to run on my home "LAN":
>> SATAN
>> SAINT
>> NMap
>> etc.

satan and saint are rather elderly and may not be as much use as you hope.
Also remember that *nix is a case sensitive operating system:

[compton ~]$ which nmap
/usr/local/bin/nmap
[compton ~]$ which NMap
[compton ~]$ which NMAP
[compton ~]$

>> Additional question: There is also a unix for windows application
>> installed on the Windows PC, can this be scanned as well as if it were
>> an actual unix machine (i.e. it runs init and similar processes, and
>> can also view ALL windows processes as well)?

Wouldn't know - I got rid of windoze before microsoft invented networking,
or the telephone, or what-ever it was they claim to have done.

>Another question: Does the Linux computer have to be connected to the
>other directly, or can they all be plugged into the router and
>see/connect to each other?

Should work either way. Obviously will depend on how you configure the two
and the router.

>I want to have a static IP on the linux box, while the others are using
>dhcp,

What-ever. You may have to kick your router (which is likely the DHCP
server) to allow static addresses.

>and the linux version is the 7.1 RedHat (Security Enhanced). It will
>have all current updates/kernel revisions and patches installed before
>it is connected to anything at all other than a power strip.

That will be an interesting trick. RH7.1 came out in mid-April 2001, and
was declared obsolete at the end of 2003. There have been _NO_ updates
available from Red Hat, or download.fedoralegacy.org since that date. It
came out of the box with a 2.4.2 kernel, and was updated over it's life
ending with a 2.4.20 kernel. While work continues at a very low priority
on the 2.4.x kernels (2.4.32 came out last November, 2.4.33-rc2 is the
latest release candidate), most modern Linux distributions are using the
2.6.x kernel family - 2.6.17 being current. At the end of 2003, there were
437 packages for RH7.1 on the updates server, totalling about 674 Megabytes.
I've no idea where you might find them any more - perhaps
http://sunsite.mff.cuni.cz/MIRRORS/archive.download.redhat.c om/redhat/linux/
You may not need all of them, but you also may be screwed because prior to
7.2, Red Hat assumed you were keeping up to date, and only carried the
latest updates. If a later update depended on an earlier update (came with
foo-1.0, now only foo-1.7.3 is available, but that depended on a feature
that was added in foo-1.5.0 to update), you'd have to find that earlier
update and install that first. That's why you want to toss RH7.1 and get
a _current_ distribution.

>It would be nice to have the linux computer function not only as a
>network security scanner, but a samba server and a firewall as well. I
>know this is a horrid idea and generally not recommended, but I'd like
>to try to set this up.

Combining the scanner and Samba server is trivial, although most people
do not allow user applications (much less users) on a server. From a
security angle, that concept sucks black holes through cocktail straws. The
firewall - that's a whole different ball of tar. Firewalls work by having
two different sides - the "safe" side, and the nasty outside. Thus, the
firewall on the Linux box would protect the Linux box, and do nothing for
the windoze toy. If you wanted it to protect the windoze box, you'd have
to install a second NIC on the Linux box, and connect that to the windoze
box (and disconnect the windoze box from the router). It's a common enough
configuration - virtually any linux distribution can handle. Do a google
search for

85507 Aug 20 2001 Firewall-HOWTO
708351 Nov 14 2005 IP-Masquerade-HOWTO
17605 Jul 21 2004 Masquerading-Simple-HOWTO
155096 Jan 23 2004 Security-HOWTO
278012 Jul 23 2002 Security-Quickstart-HOWTO
287057 Jul 23 2002 Security-Quickstart-Redhat-HOWTO

You might notice that all those HOWTOs are newer than your RH7.1. So another
good place to visit is http://www.distrowatch.com/

Old guy

Re: Request for help with a hacker project, or simple question answer sought

Lamer-Newbie wrote:
> Doesn't your router have IPSEC security table?
> Put local IP or MAC of server in the "Block WAN Access" list
> on the router.
>

Hey Newbie,

Thanks -- checked the setup on the router and it looks okay (not a
security genius, so it probably has issues anyway).

The WAN-blocking idea is in fact set.


Thanks --


> James wrote:
> > James wrote:
> >> Hi all,
> >>
> >> I have two computers, one Windows and one linux; the linux one I want
> >> to setup Samba on, and also have it as a secure server. In other
> >> words, I want to be able to run security tools on the "network"
> >> (crossover cable needed?) - which terminates at a router.
> >>
> >> Here is the question: Using SATAN or equivalent tools, how do you
> >> prevent it from going outside the "LAN", so it doesnt start trying to
> >> scan the ISP connected to the router?
> >>
> >> Picture:
> >> Spare crossover cable (CAT5)
> >> Computer 1 (one ethernet jack) Computer two (one ethernet jack)
> >> \\ //
> >>
> >> \\ //
> >> CAT5/6 CAT5/6
> >> \\ //
> >>
> >> |
> >> |-------------------------|
> >> Router (five ports plus one port for feed to
> >> internet)
> >> |
> >> |
> >> ISP < ------------------ > Internet
> >>
> >> Tools I want to run on my home "LAN":
> >> SATAN
> >> SAINT
> >> NMap
> >> etc.
> >>
> >> Additional question: There is also a unix for windows application
> >> installed on the Windows PC, can this be scanned as well as if it were
> >> an actual unix machine (i.e. it runs init and similar processes, and
> >> can also view ALL windows processes as well)?
> >>
> >> Hope that slight question makes sense and TIA.
> >>
> >> Me - Just Me
> >
> > Another question: Does the Linux computer have to be connected to the
> > other directly, or can they all be plugged into the router and
> > see/connect to each other?
> >
> > A few other details --
> > I want to have a static IP on the linux box, while the others are using
> > dhcp,
> > and the linux version is the 7.1 RedHat (Security Enhanced). It will
> > have all current updates/kernel revisions and patches installed before
> > it is connected to anything at all other than a power strip.
> >
> > It would be nice to have the linux computer function not only as a
> > network security scanner, but a samba server and a firewall as well. I
> > know this is a horrid idea and generally not recommended, but I'd like
> > to try to set this up.
> >
> > The package and tool installation and geral configuration I can do, I
> > would just like to solicit ideas and suggestions/advice on the
> > questions.
> >

Re: Request for help with a hacker project, or simple question answer sought

Moe Trin wrote:
> On 5 Aug 2006, in the Usenet newsgroup comp.unix.misc, in article
> <1154822595.945291.80780@p79g2000cwp.googlegroups.com>, James wrote:
>
> >James wrote:
> >
> >> I have two computers, one Windows and one linux; the linux one I want
> >> to setup Samba on, and also have it as a secure server. In other
> >> words, I want to be able to run security tools on the "network"
> >> (crossover cable needed?) - which terminates at a router.

Hey Moe,


>
> Crossover cable is needed when you are connecting to NICs _directly_ without
> a router, switch, or hub. If using one of those, it's a normal "straight
> through" type cable.

Got it. Using it until the server itself is secure and then to
periodically access the windows machine for updates.

>
> >> Here is the question: Using SATAN or equivalent tools, how do you
> >> prevent it from going outside the "LAN", so it doesnt start trying to
> >> scan the ISP connected to the router?
>
> Most tools want you to specify the IP address of the victim computer.
> Don't specify the IP address of any computer you haven't been requested to
> probe, and you'll be fine.


Cool, I thought that was how SATAN and company worked, but I remembered
something about number of hops to use it with, so it doesnt start
scanning companies or other people's computers.

>
> >> Picture:
>
> I suppose.
>
> >> Tools I want to run on my home "LAN":
> >> SATAN
> >> SAINT
> >> NMap
> >> etc.
>
> satan and saint are rather elderly and may not be as much use as you hope.
> Also remember that *nix is a case sensitive operating system:

So what are the best security scanning tools to use? I know CERT had a
bunch at one point, but they've redone their site to the point of it
being a pain in the *$$ to find anything.



>
> [compton ~]$ which nmap
> /usr/local/bin/nmap
> [compton ~]$ which NMap
> [compton ~]$ which NMAP
> [compton ~]$
>
> >> Additional question: There is also a unix for windows application
> >> installed on the Windows PC, can this be scanned as well as if it were
> >> an actual unix machine (i.e. it runs init and similar processes, and
> >> can also view ALL windows processes as well)?
>
> Wouldn't know - I got rid of windoze before microsoft invented networking,
> or the telephone, or what-ever it was they claim to have done.
>
> >Another question: Does the Linux computer have to be connected to the
> >other directly, or can they all be plugged into the router and
> >see/connect to each other?
>
> Should work either way. Obviously will depend on how you configure the two
> and the router.
>
> >I want to have a static IP on the linux box, while the others are using
> >dhcp,
>
> What-ever. You may have to kick your router (which is likely the DHCP
> server) to allow static addresses.
>
> >and the linux version is the 7.1 RedHat (Security Enhanced). It will
> >have all current updates/kernel revisions and patches installed before
> >it is connected to anything at all other than a power strip.
>
> That will be an interesting trick. RH7.1 came out in mid-April 2001, and
> was declared obsolete at the end of 2003. There have been _NO_ updates
> available from Red Hat, or download.fedoralegacy.org since that date. It
> came out of the box with a 2.4.2 kernel, and was updated over it's life
> ending with a 2.4.20 kernel. While work continues at a very low priority
> on the 2.4.x kernels (2.4.32 came out last November, 2.4.33-rc2 is the
> latest release candidate), most modern Linux distributions are using the
> 2.6.x kernel family - 2.6.17 being current. At the end of 2003, there were
> 437 packages for RH7.1 on the updates server, totalling about 674 Megabytes.
> I've no idea where you might find them any more - perhaps
> http://sunsite.mff.cuni.cz/MIRRORS/archive.download.redhat.c om/redhat/linux/
> You may not need all of them, but you also may be screwed because prior to
> 7.2, Red Hat assumed you were keeping up to date, and only carried the
> latest updates. If a later update depended on an earlier update (came with
> foo-1.0, now only foo-1.7.3 is available, but that depended on a feature
> that was added in foo-1.5.0 to update), you'd have to find that earlier
> update and install that first. That's why you want to toss RH7.1 and get
> a _current_ distribution.
>


Hmm. That presnts another issue then, I guess I should look for
current "Security Enhanced" distros out there then.

> >It would be nice to have the linux computer function not only as a
> >network security scanner, but a samba server and a firewall as well. I
> >know this is a horrid idea and generally not recommended, but I'd like
> >to try to set this up.
>
> Combining the scanner and Samba server is trivial, although most people
> do not allow user applications (much less users) on a server. From a
> security angle, that concept sucks black holes through cocktail straws. The
> firewall - that's a whole different ball of tar. Firewalls work by having
> two different sides - the "safe" side, and the nasty outside. Thus, the
> firewall on the Linux box would protect the Linux box, and do nothing for
> the windoze toy. If you wanted it to protect the windoze box, you'd have
> to install a second NIC on the Linux box, and connect that to the windoze
> box (and disconnect the windoze box from the router). It's a common enough
> configuration - virtually any linux distribution can handle. Do a google
> search for
>
> 85507 Aug 20 2001 Firewall-HOWTO
> 708351 Nov 14 2005 IP-Masquerade-HOWTO
> 17605 Jul 21 2004 Masquerading-Simple-HOWTO
> 155096 Jan 23 2004 Security-HOWTO
> 278012 Jul 23 2002 Security-Quickstart-HOWTO
> 287057 Jul 23 2002 Security-Quickstart-Redhat-HOWTO
>
> You might notice that all those HOWTOs are newer than your RH7.1. So another
> good place to visit is http://www.distrowatch.com/
>
> Old guy

Thanks --

Re: Request for help with a hacker project, or simple question answer sought

Moe Trin wrote:
> On 5 Aug 2006, in the Usenet newsgroup comp.unix.misc, in article
> <1154822595.945291.80780@p79g2000cwp.googlegroups.com>, James wrote:
>
> >James wrote:
> >
> >> I have two computers, one Windows and one linux; the linux one I want
> >> to setup Samba on, and also have it as a secure server. In other
> >> words, I want to be able to run security tools on the "network"
> >> (crossover cable needed?) - which terminates at a router.

Hey Moe,


>
> Crossover cable is needed when you are connecting to NICs _directly_ without
> a router, switch, or hub. If using one of those, it's a normal "straight
> through" type cable.

Got it. Using it until the server itself is secure and then to
periodically access the windows machine for updates.

>
> >> Here is the question: Using SATAN or equivalent tools, how do you
> >> prevent it from going outside the "LAN", so it doesnt start trying to
> >> scan the ISP connected to the router?
>
> Most tools want you to specify the IP address of the victim computer.
> Don't specify the IP address of any computer you haven't been requested to
> probe, and you'll be fine.


Cool, I thought that was how SATAN and company worked, but I remembered
something about number of hops to use it with, so it doesnt start
scanning companies or other people's computers.

>
> >> Picture:
>
> I suppose.
>
> >> Tools I want to run on my home "LAN":
> >> SATAN
> >> SAINT
> >> NMap
> >> etc.
>
> satan and saint are rather elderly and may not be as much use as you hope.
> Also remember that *nix is a case sensitive operating system:

So what are the best security scanning tools to use? I know CERT had a
bunch at one point, but they've redone their site to the point of it
being a pain in the *$$ to find anything.



>
> [compton ~]$ which nmap
> /usr/local/bin/nmap
> [compton ~]$ which NMap
> [compton ~]$ which NMAP
> [compton ~]$
>
> >> Additional question: There is also a unix for windows application
> >> installed on the Windows PC, can this be scanned as well as if it were
> >> an actual unix machine (i.e. it runs init and similar processes, and
> >> can also view ALL windows processes as well)?
>
> Wouldn't know - I got rid of windoze before microsoft invented networking,
> or the telephone, or what-ever it was they claim to have done.
>
> >Another question: Does the Linux computer have to be connected to the
> >other directly, or can they all be plugged into the router and
> >see/connect to each other?
>
> Should work either way. Obviously will depend on how you configure the two
> and the router.
>
> >I want to have a static IP on the linux box, while the others are using
> >dhcp,
>
> What-ever. You may have to kick your router (which is likely the DHCP
> server) to allow static addresses.
>
> >and the linux version is the 7.1 RedHat (Security Enhanced). It will
> >have all current updates/kernel revisions and patches installed before
> >it is connected to anything at all other than a power strip.
>
> That will be an interesting trick. RH7.1 came out in mid-April 2001, and
> was declared obsolete at the end of 2003. There have been _NO_ updates
> available from Red Hat, or download.fedoralegacy.org since that date. It
> came out of the box with a 2.4.2 kernel, and was updated over it's life
> ending with a 2.4.20 kernel. While work continues at a very low priority
> on the 2.4.x kernels (2.4.32 came out last November, 2.4.33-rc2 is the
> latest release candidate), most modern Linux distributions are using the
> 2.6.x kernel family - 2.6.17 being current. At the end of 2003, there were
> 437 packages for RH7.1 on the updates server, totalling about 674 Megabytes.
> I've no idea where you might find them any more - perhaps
> http://sunsite.mff.cuni.cz/MIRRORS/archive.download.redhat.c om/redhat/linux/
> You may not need all of them, but you also may be screwed because prior to
> 7.2, Red Hat assumed you were keeping up to date, and only carried the
> latest updates. If a later update depended on an earlier update (came with
> foo-1.0, now only foo-1.7.3 is available, but that depended on a feature
> that was added in foo-1.5.0 to update), you'd have to find that earlier
> update and install that first. That's why you want to toss RH7.1 and get
> a _current_ distribution.
>


Hmm. That presnts another issue then, I guess I should look for
current "Security Enhanced" distros out there then.

> >It would be nice to have the linux computer function not only as a
> >network security scanner, but a samba server and a firewall as well. I
> >know this is a horrid idea and generally not recommended, but I'd like
> >to try to set this up.
>
> Combining the scanner and Samba server is trivial, although most people
> do not allow user applications (much less users) on a server. From a
> security angle, that concept sucks black holes through cocktail straws. The
> firewall - that's a whole different ball of tar. Firewalls work by having
> two different sides - the "safe" side, and the nasty outside. Thus, the
> firewall on the Linux box would protect the Linux box, and do nothing for
> the windoze toy. If you wanted it to protect the windoze box, you'd have
> to install a second NIC on the Linux box, and connect that to the windoze
> box (and disconnect the windoze box from the router). It's a common enough
> configuration - virtually any linux distribution can handle. Do a google
> search for
>
> 85507 Aug 20 2001 Firewall-HOWTO
> 708351 Nov 14 2005 IP-Masquerade-HOWTO
> 17605 Jul 21 2004 Masquerading-Simple-HOWTO
> 155096 Jan 23 2004 Security-HOWTO
> 278012 Jul 23 2002 Security-Quickstart-HOWTO
> 287057 Jul 23 2002 Security-Quickstart-Redhat-HOWTO
>
> You might notice that all those HOWTOs are newer than your RH7.1. So another
> good place to visit is http://www.distrowatch.com/
>
> Old guy

Thanks --

Re: Request for help with a hacker project, or simple question answer sought

James wrote:

> Hi all,
>
> I have two computers, one Windows and one linux; the linux one I want
> to setup Samba on, and also have it as a secure server. In other
> words, I want to be able to run security tools on the "network"
> (crossover cable needed?) - which terminates at a router.
>
> Here is the question: Using SATAN or equivalent tools, how do you
> prevent it from going outside the "LAN", so it doesnt start trying to
> scan the ISP connected to the router?
>
> Picture:
> Spare crossover cable (CAT5)
> Computer 1 (one ethernet jack) Computer two (one ethernet jack)
> \\ //
>
> \\ //
> CAT5/6 CAT5/6
> \\ //
>
> |
> |-------------------------|
> Router (five ports plus one port for feed to
> internet)
> |
> |
> ISP < ------------------ > Internet
>
> Tools I want to run on my home "LAN":
> SATAN
> SAINT
> NMap
> etc.
>
> Additional question: There is also a unix for windows application
> installed on the Windows PC, can this be scanned as well as if it were
> an actual unix machine (i.e. it runs init and similar processes, and
> can also view ALL windows processes as well)?
>
> Hope that slight question makes sense and TIA.
>
> Me - Just Me

The 'Old Guy' has given you some really good advice - Moe, you've got my
respect as a giver of good advice, well-written.

Now, let me give you a windoze luser's perspective. Keep the
router/two-computer setup you've got. But use regular cat/5 cables, you
don't need to muck around with crossovers - that's what the router does
automagically.

My setup: I'm running two boxen, one under Fedora Core 5, the other under XP
Home edition, connected thru a router.

Your windoze and Linux boxen can talk all day long with no one the wiser or
less secure if you set things up correctly.

On the Windoze side of the house, I recommend antivirus, spybot, and
firewall software. I'm not trying to start a religious war, but I've had
good experience with Spybot Search and Destroy, AVG antivirus, and
ZoneAlarm. They're all available in a no-cost version, the all update quite
frequently, and they all do a reasonably good job with little or no
installation/setup/configuration headaches.

On the Linux side, I would recommend an upgrade to a newer version in the
interest of service life, interoperability, and whatnot. FC5 I *know* comes
with intrusion detection software, so SATAN/SANTA, Saint, etc. are not
needed.

Samba can be set to accept connections from one and only host. In your case,
it has to be the IP address of your router. And it can be set to accept
connections from a limited number (one, ideally) of users. Done this way,
you have to be the right person, coming from the right place to get Samba
to talk to you.

If you do that, and shut down all your other server daemons, you're secure,
so you don't need to worry overly much about intrusion.

HTH.

Re: Request for help with a hacker project, or simple question answer sought

On 6 Aug 2006, in the Usenet newsgroup comp.unix.misc, in article
<1154907999.203733.95360@m79g2000cwm.googlegroups.com>, James wrote:

>Moe Trin wrote:

>> Crossover cable is needed when you are connecting to NICs _directly_ without
>> a router, switch, or hub. If using one of those, it's a normal "straight
>> through" type cable.
>
>Got it. Using it until the server itself is secure and then to
>periodically access the windows machine for updates.

The crossover cable is used when the entire network consists of those two
NICs and the cable. The other alternative is two or more NICs, standard
cables, and something to tie them together, such as a hub, switch, or
multi-port router/modem. Thus, I don't understand your need to use it
once the box is secured.

>Cool, I thought that was how SATAN and company worked, but I remembered
>something about number of hops to use it with, so it doesnt start
>scanning companies or other people's computers.

I've never used it that way. Bandwidth efficiency. You'd gain a lot more
information about the problems with a system by sitting down at the console
and looking at configuration files. If 'netstat -antu' shows that the only
port open is 22, there's no need to waste time/effort trying to connect to
non-existent servers on other ports. Another example - this box has port 22
open, but only to several specific IP addresses.

>So what are the best security scanning tools to use? I know CERT had a
>bunch at one point, but they've redone their site to the point of it
>being a pain in the *$$ to find anything.

I normally use a search function to find tools. Even google will help.

>Hmm. That presnts another issue then, I guess I should look for
>current "Security Enhanced" distros out there then.

Why do you feel you need a "Security Enhanced" distribution? This doesn't
supply additional investigation tools, but relates to the compartmenting
tools that puts additional controls on what root and users can do. The
SELinux web site http://www.nsa.gov/selinux would probably be a good read.
A number of distributions have the SELinux additions - Fedora Core being
just one example.

[compton ~]$ zgrep sel rpms.fc5.i386.gz | sed s'/-r.*ftp//'
85041 Mar 06 22:33 libselinux-1.29.7-1.2.i386.rpm
123226 Mar 06 22:33 libselinux-devel-1.29.7-1.2.i386.rpm
45191 Mar 06 22:33 libselinux-python-1.29.7-1.2.i386.rpm
789515 Mar 06 22:33 selinux-doc-1.25.2-1.noarch.rpm
391029 Mar 09 22:10 selinux-policy-2.2.23-15.noarch.rpm
621937 Mar 09 22:10 selinux-policy-mls-2.2.23-15.noarch.rpm
1241079 Mar 09 22:10 selinux-policy-strict-2.2.23-15.noarch.rpm
492663 Mar 09 22:10 selinux-policy-targeted-2.2.23-15.noarch.rpm
[compton ~]$

As mentioned, www.distrowatch.com is a good place to visit.

Old guy