Security Detection and reinforcement policies based on the Solaris Xeon 5.8/5.9 System [II]

Translator: Ghost [S.S. T]
 
Install important data packets! Dsniff SMCdsniff
Dsniff is a tool set for network detection and penetration testing, such as dsniff, filesnscarf, mailsnscarf, msgsnscarf, urlsnscarf, and webspy (passively monitoring the network to collect interested data, for example, passwords, emails, files, etc.), as well as arpspoof, dnsspoof, macof
(Helping to steal packets that are hard to be obtained by attackers in the Network), as well as sshmitm and webmitm, active man-in-the-middle attacks against SSH redirection and HTTP sessions are implemented using weak binding on ad-hoc PKI.
# Ls-la
Total 4320
Drwxrwxrwx 2 root other 206 Jul 20.
Drwxrwxrwt 5 root sys 365 Jul 20 ..
-Rw-r ----- 1 root other 2187973 Jul 20 dsniff-2.4b1-sol8-sparc-local.gz
# Chmod 777 dsniff-2.4b1-sol8-sparc-local.gz
# Gzip-d dsniff-2.4b1-sol8-sparc-local.gz
# Pkgadd-d dsniff-2.4b1-sol8-sparc-local
The following packages are available:
1 SMCdsniff dsniff
(ISCSI) 2.4b1
Select package (s) you wish to process (or all to process
All packages). (default: all )[?,??, Q]: all
Processing package instance <SMCdsniff> from </tmp/sniff/dsniff-2.4b1-sol8-sparc-local>
Dsniff
(ISCSI) 2.4b1
Dug Song
Using </usr/local> as the package base directory.
# Processing package information.
# Processing system information.
# Verifying disk space requirements.
# Checking for conflicts with packages already installed.
The following files are already installed on the system and are being
Used by another package:
*/Usr/local/sbin <attribute change only>
*-Conflict with a file which does not belong to any package.
Do you want to install these conflicting files [y, n ,?, Q] y
# Checking for setuid/setgid programs.
Installing dsniff as <SMCdsniff>
# Installing part 1 of 1.
/Usr/local/doc/dsniff/CHANGES
/Usr/local/doc/dsniff/CVS/Entries
/Usr/local/doc/dsniff/CVS/Repository
/Usr/local/doc/dsniff/CVS/Root
/Usr/local/doc/dsniff/LICENSE
/Usr/local/doc/dsniff/README
/Usr/local/doc/dsniff/TODO
/Usr/local/lib/dnsspoof. hosts
/Usr/local/lib/dsniff. magic
/Usr/local/lib/dsniff. services
/Usr/local/man/man8/arpspoof.8
/Usr/local/man/man8/dnsspoof.8
/Usr/local/man/man8/dsniff.8
/Usr/local/man/man8/filesnarf.8
/Usr/local/man/man8/macof.8
/Usr/local/man/man8/mailsnarf.8
/Usr/local/man/man8/msgsnarf.8
/Usr/local/man/man8/sshmitm.8
/Usr/local/man/man8/sshow.8
/Usr/local/man/man8/tcpkill.8
/Usr/local/man/man8/tcpnice.8
/Usr/local/man/man8/urlsnarf.8
/Usr/local/man/man8/webmitm.8
/Usr/local/man/man8/webspy.8
/Usr/local/sbin/arpspoof
/Usr/local/sbin/dnsspoof
/Usr/local/sbin/dsniff
/Usr/local/sbin/filesnscarf
/Usr/local/sbin/macof
/Usr/local/sbin/mailsnscarf
/Usr/local/sbin/msgsnscarf
/Usr/local/sbin/sshmitm
/Usr/local/sbin/sshow
/Usr/local/sbin/tcpkill
/Usr/local/sbin/tcpnice
/Usr/local/sbin/urlsnscarf
/Usr/local/sbin/webmitm
/Usr/local/sbin/webspy
[Verifying class <none>]
Installation of <SMCdsniff> was successful.
 
Use Dsniff
#/Usr/local/sbin/dsniff-I dmfe0
Listening on dmfe0
-----------------
07/20/07 05:06:54 tcp netra104.32803-> 172.19.4.202.23 (telnet)
Login root
Pass root à ooops! : X
 
Dsniff includes:
* Dsniff: common password sniffing.
* Arpspoof: uses a forged ARP response to redirect packets from one target host (or all hosts) to another host in the LAN.
* Dnsspoof: counterfeit the response to any DNS address in the LAN/pointer queries.
* Filesnscarf: stores the files sniffed by NFS traffic to the current working directory.
* Macof: the local network is flooded with random MAC addresses.
* Mailsnscarf: a fast and simple method to interfere with Electronic Communications Privacy
Act of 1986 (18 USC 2701-2711), use it with caution!
* Msgsnscarf: records from AOL Instant Messenger, ICQ 2000, IRC, and Yahoo! The information sniffed in the Messenger chat sessions.
* Sshmitm: an SSH man-in-the-middle attack.
* Tcpkill: Kill the specified TCP connection.
* Tcpnice: Slow down the specified TCP connection (Sepuede usar para evitar virus/gusanos tipo NIMDA ).
Mirar: http://bulmalug.net/body.phtml? NIdNoticia = 865
* Urlsnscarf: Output all URL requests transmitted from HTTP to CLF (Common log format, used by almost all web servers), which is suitable for offline processing.
* Webmitm: an HTTP/HTTPS man-in-the-middle attack.
* Webspy: Send the URLs that is detected by a client to your local browser.
 
Popular sniffing commands
#/Usr/local/sbin/dsniff-help
Version: 2.4
Usage: dsniff [-cdmn] [-I interface] [-s snaplen] [-f services]
[-T trigger [,...] [-r |-w savefile] [expression]
#/Usr/local/sbin/arpspoof
Version: 2.4
Usage: arpspoof [-I interface] [-t target] host
#/Usr/local/sbin/dnsspoof-help
Version: 2.4
Usage: dnsspoof [-I interface] [-f hostsfile] [expression]
#/Usr/local/sbin/filesnbadly-h
Version: 2.4
Usage: filesnscarf [-I interface] [[-v] pattern [expression]
#/Usr/local/sbin/macof-h
Version: 2.4
Usage: macof [-s src] [-d dst] [-e tha] [-x sport] [-y dport]
[-I interface] [-n times]
#/Usr/local/sbin/mailsnscarf-h
Version: 2.4
Usage: mailsnscarf [-I interface] [[-v] pattern [expression]
#/Usr/local/sbin/msgsnscarf-h
Version: 2.4
Usage: msgsnscarf [-I interface] [[-v] pattern [expression]
 
TTY watcher SMCttywatcher
TTY-Watcher is quite effective for monitoring and controlling users on a standalone system. It is based on our IP-Watcher and can be used to monitor and control users in a complete network. It is similar to advise or top, but has more advanced features and a more user-friendly (X-Windows or text) interface. TTY-Watcher allows a user to monitor and interact with every tty on the system, without interrupting the real owner of tty to input commands. The information is only displayed on the screen and not sent to the relevant process (parent process or child process ). In addition to monitoring and controlling ttys, separate connections are recorded in a text file.
# Pkgadd-d ttywatcher-1.2-sol8-sparc-local
The following packages are available:
1 SMCttyw ttywatcher
(ISCSI) 1.2
Select package (s) you wish to process (or all to process
All packages). (default: all )[?,??, Q]: all
Processing package instance <SMCttyw> from </tmp/3-sniff-tty/ttywatcher-1.2-sol8-sparc-local>
Ttywatcher
(ISCSI) 1.2
En Garde Systems
Using </usr/local> as the package base directory.
# Processing package information.
# Processing system information.
4 package pathnames are already properly installed.
# Verifying disk space requirements.
# Checking for conflicts with packages already installed.
# Checking for setuid/setgid programs.
This package contains scripts which will be executed with super-user
Permission during the process of installing this package.
Do you want to continue with the installation of <SMCttyw> [y, n,?] Y
Installing ttywatcher as <SMCttyw>
# Installing part 1 of 1.
/Usr/local/bin/ttywatcher
/Usr/local/doc/ttywatcher/ANNOUNCE
/Usr/local/doc/ttywatcher/COPYRIGHT
/Usr/local/doc/ttywatcher/Makefile
/Usr/local/doc/ttywatcher/Makefile. solaris
/Usr/local/doc/ttywatcher/README
/Usr/local/doc/ttywatcher/README. xview
/Usr/local/doc/ttywatcher/TODO
/Usr/local/man/man8/ttywatcher.8
/Usr/local/twtch/CVS/Entries
/Usr/local/twtch/CVS/Repository
/Usr/local/twtch/CVS/Root
/Usr/local/twtch/Makefile
/Usr/local/twtch/Makefile. solaris
/Usr/local/twtch/README
/Usr/local/twtch/install_driver
/Usr/local/twtch/load4x
/Usr/local/twtch/load5x
/Usr/local/twtch/popall
/Usr/local/twtch/sparcv9/driver. o
/Usr/local/twtch/sparcv9/twtchc
/Usr/local/twtch/twtchc
/Usr/local/twtch/twtchc. conf
[Verifying class <none>]
# Executing postinstall script.
To complete the installation of ttywatcher
Perform the following commands
Cd/usr/local/twtch
./Install_driver
As root and answer y to the question.
To find out how to use ttywatcher, read
The documents in/usr/local/doc/ttywatcher
And also do
Man ttywatcher
Installation of <SMCttyw> was successful.
 
TTY sniffer source code
# Include <stdio. h>
# Include <unistd. h>
# Include <fcntl. h>
# Include