Below, from the hacker to the Linux intrusion attacks and Linux system security protection two aspects to explain how to strengthen the Linux system security management.
Prevent hackers from invading
Before talking about the security management of hacker intrusion, this paper briefly introduces some main ways and methods of hacker attacking Linux hosts, so that we can understand the ways and methods of hacker attack. This can be better to prevent the preventive measures, do a good job of security.
In order to prevent hackers from intentional intrusion, it can reduce the connection between intranet and outside network, even independent of other network systems. Although this method has caused the network to use the inconvenience, but also is the most effective prevention measure.
Hackers generally seek out the following ways to test a Linux or Unix host until it finds an intrusive target and then starts hacking.
The common methods of attack are as follows:
1, direct eavesdropping to obtain the root password, or to obtain a special user password, and the user may be root, and then get any user password, because it is usually easy to obtain a general user password.
2, hackers often use some commonly used words to crack the password. An American hacker once said that the word "password" could open up most computers in the United States. Other commonly used words are: account, ALD, alpha, beta, computer, dead, demo, dollar, games, bod, hello, help, Intro, Kill, Love, no, OK, okay, Please, sex, secret, Superuser, System, test, work, yes, etc.
3, use the command to know the user name on the computer above. Then find these users, and through these vulnerable users to obtain the system password file/etc/passwd, and then use the password dictionary file with the password guessing tool to guess the root password.
4, use the general user in the/tmp directory of the setuid file or execute the setuid program, let Root to execute, to create security vulnerabilities.
5, the use of the system needs to setuid root permissions of the program security vulnerabilities, to obtain the right to root, such as: PPPD.
6, from the host intrusion. Rhost. Because when a user performs a rlogin login, the Rlogin program locks the host and account number defined by Rhost and does not require a password login.
7, modify the user's. Login, CSHRC,. Profile, and other shell settings file, add some damage program. The user simply logs in and executes.
8, as long as the user login system, will unknowingly execute the Backdoor program (may be crack program), it will destroy the system or provide further system information to facilitate hacker infiltration system.
9, if the company's important host may have network firewall layer of protection, hacker sometimes first find the subnet of any one easy to invade the host, and then slowly to the important host out of the clutches. For example, using NIS to go online, you can use remote commands to log in without requiring a password, so that hackers are easy to get.
10, Hacker will be online through the intermediate host, and then look for attack targets, to avoid being used to catch their real IP address.
11, hacker into the host there are several ways, you can access via Telnet (port 23), Sendmail (Port25), FTP (port 21) or WWW (port 80). Although a host has only one address, it may perform multiple services at the same time, and the port is a good way for hackers to "enter" the host.
12, Hacker usually use NIS (IP), NFS RPC service to intercept information. Simple commands allow remote hosts to automatically report the services they provide. When this information is intercepted, even with security protection software, administrators are "borrowing" without their knowledge to use the file system on NIS server, leading to/etc/passwd outflows.
13, send e-mail to anonymous account, from the FTP station to obtain/etc/passwd password files, or directly download the FTP station/ETC directory passwd files.
14, the network eavesdropping, using sniffer program to monitor the network packet, capture Telnet,ftp and rlogin the beginning of the session information, can conveniently intercept the root password, so sniffer is one of the main causes of internet illegal intrusion today.
15, the use of some system security vulnerabilities intrusion into the host. This is quite easy for intruders who are not diligent in patching system vulnerabilities.
16, be hacker intrusion computer, the system Telnet program may be switched, all users telnet session account and password are recorded, concurrent e-mail to hacker, to further invasion.
17, Hacker will clear the system records. Some of the most powerful hacker will erase the time and IP address of the records they enter.
18. Intruders often replace inspection orders such as ifconfig and tcpdump to avoid being detected.
19, the system self-protection secretly copy/etc/passwd, and then use the dictionary file to solve the password.
20. self-protection The Super User program, such as Su or sudo, to covet root privileges.
21, hackers often use buffer overflow (buffers overflow) manual intrusion system.
22. Cron is a tool that the Linux operating system uses to automate commands, such as scheduled backups or deletion of expired files, and so on. Intruders often use cron to leave the back door, in addition to the timing of the decoding code to invade the system, but also to avoid the risk of being found by the administrator.
23, the use of IP spoof (IP fraud) technology intrusion Linux host.
The above is the current common hacker attack Linux host trick. If hackers can use one of these methods to easily invade a computer, then the security of the computer is too bad, need to download the new version of the software to upgrade or use patch files to fix the security vulnerabilities. In this warning, unauthorized use of other people's computer systems or the theft of other people's information is illegal, I hope you do not defy the crime.
In addition to these methods, many hackers can use intrusion tools to attack Linux systems. These tools are often planted in the victim's server after the intruder has completed the invasion. These intrusion tools have different characteristics, some are simply used to capture user names and passwords, and some are very powerful to remember