Meeting topic - security test
Christofer C. Bell
cbell at inetdb.com
Thu Mar 23 21:10:39 CST 2000
On Thu, 23 Mar 2000, Rocky McGaugh wrote:
>
> On Thu, 23 Mar 2000, M. Osten wrote:
>
> >
> > huh? so you saying that if you use nmap on your machine you'll get
> > diffrent results because of local ipchains rules? I don't think
> > so.
> >
> > my 2 cents on this issue, if your too dumb to figure out what services
> > your running, and how they are configured, no webpage scanner is going to
> > help you fix your problem. And broadcasting your security weakness's on a
> > public list borders on stupidity. But hey, if you want to post your ip
> > and the results of a portscan, I'd be glad to pass the info on to
> > alt.scriptkiddie.
> >
>
> so you're gonna drop lo to ensure that the packets come in on the
> correct interface when you nmap yoruself?
There is no need to drop the lo interface (and, in fact, this will break a
lot of the machine). In the Unix world, each network interface has a
separate IP address assigned to it. Additionally, you can assign aliases
that consist of other IP addresses to these same interfaces.
Traditionally, the lo interface is assigned the address 127.0.0.1, your
Ethernet interface will be assigned a different address. If you send
packets to any other address that isn't bound to lo, then nothing will be
going over the lo interface. You can verify this with 'ifconfig -a' while
running your networked software.
In order to perform this verification, run nmap or ping or whatever you
prefer against an IP address that is not bound to lo and occasionally
enter the command 'ifconfig -a' at your prompt. Note that the "RX
packets" and "TX packets" values for the interface to which your the
tested IP address is bound will increment while the lo interface will
exerpience no such incrementing. Then run the same test against the
127.0.0.1 interface and continue to monitor packet counts with 'ifconfig
-a'. Note the "RX packets" and "TX packets" accounts incrementing.
If you want further proof, Linux supports several robust and easy to use
Ethernet sniffers. One of my favorites if Ethereal. Another, ncurses
based, sniffer is sniffit. Both of these applications can be found via
search of Freshmeat at http://www.freshmeat.net/.
Of course, you knew all this already. :-)
--
Chris
More information about the Kclug
mailing list