Do you think you have been cracked? Someone has been trying to guess usernames and passwords for days on end. How do you know if they have? How do you find out who they are?
What can you do about it?
First thing is detecting the attack, how can you find a Mal if you don't know they are there?
Sings of an attack: 1 Log files. You have to have something watching your log files to see if there is an attack. And that something better not be human as humans don't like boring jiobs and find ways of not doing them.
You need an IDS (Intrusion Detection System) that reads all of your logs and tells you when suspicious activity happens.
How? Well if someone tries to login for a number of times they either forgot their login credentials (I do all the time, early signs of Alzheimer's?) or they are trying to break in (crack your system, hence cracker). If they are trying to break in then your IDS will catch them and in the case of system or network login and also email or whatever you can set on most systems a maximum number of login attempts before you time out that username for a specific period of time after a number of tries (usually 3 but you can set this.)
If the user then starts using other names and trying again then after a number of different names tried unsuccessfully from that location then block the IP for a while. This can all be done with your IDS if you want it to; and have it alert you and you can then watch as the attack unfolds or you can do something about it.
So you now have an crack attempt; if you want to find out who the cracker is then this is where a sniffer comes in handy. You can watch all packets to and from the system being attacked and get the information you need to start finding out who the cracker is.
What you might want to do about it is up to you. And most likely the subject of a future post.
Monday, June 30, 2008
Wednesday, April 09, 2008
MalZ not hackers
OK I am introducing a new term to the lexicon because i see the word Hacker used way to often in the wrong way.
So since the people we want to talk about are people who make 'Malware' and do 'malicious' acts and are 'maligning' the hacker name, MalZ, it just makes sense.
And it's short, easy to remeber, single silable, has the 1337 look and you can even 1337 it a bit 'M41Z' if you want (Although for using in a media outlet of any sort I recommend 'MalZ'.
Why? I am a hacker, old school. I like being called a hacker cause that's what i do. I make things work by hacking them. I know how to use code and use it to do things that are out of this world.
So there you have it, MalZ, tell everyone.
\\//_
So since the people we want to talk about are people who make 'Malware' and do 'malicious' acts and are 'maligning' the hacker name, MalZ, it just makes sense.
And it's short, easy to remeber, single silable, has the 1337 look and you can even 1337 it a bit 'M41Z' if you want (Although for using in a media outlet of any sort I recommend 'MalZ'.
Why? I am a hacker, old school. I like being called a hacker cause that's what i do. I make things work by hacking them. I know how to use code and use it to do things that are out of this world.
So there you have it, MalZ, tell everyone.
\\//_
Subscribe to:
Posts (Atom)
