unix / net / hack page

This page is available from various servers. Feel free to use the one fastest for you, as they are all maintained by me, they all should be identical. They are:

http://www.unix.geek.org.uk/~arny/ - the primary site of the unix/net/hack page.
http://us1.unix.geek.org.uk/~arny/ - the unix/net/hack page U.S. mirror.
http://nl1.unix.geek.org.uk/~arny/ - Netherlands based server.

Latest developments to the page:

None whatsoever really. Yep this page is a little neglected and no its not '0-day'. Pressumably if it was providing good information in 1995 it still should be of some use to people today, though. Security moves on, but the principles remain the same, right?
Fixed a couple of the links in the C programming sub index.
Please check out my first ever java applet, a clickable IP datagram.

Documents:

about this page - the nearest thing I've got to a disclaimer (5K).
clickable IP datagram - a quick guide to the IPv4 packet, written as a java applet (10K).
admin's guide - excellent document on unix security by Dan Farmer and Wietse Venema (52K).
rfc's - the standards that define the protocols of the Internet.
glibc info pages - a complete reference to unix C programming. Brilliant. The moon on a stick.
bsd docs - apart from the glibc info pages, these are about the only freely available documents that I've come across that cover unix network programming. Includes 'tutorials' on sockets (by far the commonest method of network programming in C), and Sun Microsystems documentation on RPC. Unfortunately these files are in a format that most WWW browsers can't handle, although these are so good you'll probably want to print them out anyway.
security FAQ - answers to questions which appear in comp.security.misc (see also the 2600 / #hack FAQ published in phrack47 amongst other places) (78K).
computer misuse act - a document about the U.K.'s computer misuse act that I'm too frightened too read ;-) (12K).
NIS_Paper - 5 postscript pages describing the security weakness of NIS (76K).
IPspoof - 4 postscript pages on a creative use of TCP/IP written by Robert T Morris* in 1985, but still valid today (not quite as good as his contribution three years later, mind) (28K).
pktfilt - 14 postscript pages that seem to be a good introduction to packet filtering and its limitations (133K).
iphijack - 13 postscript pages that describe an attack envolving the takeover of a TCP connection (229K).
- iphijack .txt - the same document in plain text (47K).
ftpbounce - an interesting use of ftp's 'PORT' command, which you can use to make ftp servers connect to anywhere on the Internet, thus letting you use things that don't trust your machine, but trust a ftp server (11K).
8lgm - "the best thing that you've got in life is your eight legged groove machine".

Unix programs:

ypghost - a program I wrote that does the UDP NIS spoofing described in the 'NIS_Paper' above.
arnudp - sends out a single UDP datagram with the source/destination address/port set to whatever you like (kernel permitting). I've wrote this as an example of how to use raw sockets (3K).
hsh - 'hak' shell, a C program I've wrote that acts like a very basic shell. This shell has a few internal commands some of which seem to demonstrate features of the unix operating system (such as real and effective UID's, process groups etc) quite well. The simplicity of it should enable it to be 'hak'ed about by the C programmer so that different unix system calls can be easily experimented with etc. Also its input and output can be 'redirected' to a socket, thus enabling 'interactive' remote access to computers where the program can be invoked (14K).
ypx - ypx, a program thats used in a similar way to ypcat(1) only this gets NIS maps (such as the passwd and shadow passwd files) from any site that runs ypserv(8) as long as you can guess the NIS domainname and they haven't blocked the port (15K).
ypsnarf - similar to ypx only can use bootparam to determine a site's NIS domainname (although ypx can try to guess it after connecting to the SMTP port). I like this program because it comes as a single C source code file (10K).
iss - internet security scanner, a short program that automates common 'probes' (such as connecting to the mail port, rpcinfo -p, showmount -e, etc) on a range of I.P. addresses (57K).
crack4.1 - tries to guess user's passwords from the encrypted passwords in /etc/passwd (70K).
cops - a rather well known collection of utilities for checking unix systems for holes (such as having the wrong permissions or ownership of system files) (292K).
satan-1.1.1 - a much over hyped and misunderstood security tool written by Dan Farmer and Wietse Venema. Its convenient for scanning lots of computers and I suspect parts of it are quite clever but personally I think I'd have preferred it if these two people had spent their time writing an up-to-date sequel to their "admin's guide to cracking". If you're looking for a tool to get your postmaster bombarded with complaints from paranoid sites, this is just the thing :-) (379K).

Links to other sites:

people:

Wietse - a HTML index to all his papers and programs.

ftp, www, etc:

C - you can you program in C can't you? If not then its about time you learnt. This sub-index to C courses/tutorials at other sites may help.
RTFM - Sun and HP manual pages in the UK. This isn't some poxy cgi script either, even the 'see also's are linked. Very good, I'd have liked to done something like this on this page.
ftp.ox.ac.uk - this UK ftp site looks very good from what I've seen of it.
Netcraft's security diary - not got time to keep up with all them security mailing lists? - this diary should give you some sort of quick idea of some of the latest goings on.
linux documentation project - lots and lots of very useful documents. Far too many for me to include in this page.
the unix reference desk - top quality, its even got a link to my page on it ;-)
bugtraq - archives of the bugtraq mailing list.
CERT's ftp site - the CERT advisories. Unfortunately these people have a rather silly habbit of trying to not give out information that enables people to exploit holes, which tends to make it impossible to evaluate how serious (or not) the holes are. They also can be laughably slow and often seem to have a strange idea about what they should or should not report.
phrack - now under new management. Some of the ideas are a bit lame, but I'll leave you to make up your own mind.

Newsgroups:

Just in case you don't know about them already (list by no means complete) (note some of these links might not work if your site doesn't get the newsgroup),

comp.unix.programmer - self explanatory.
comp.protocols.tcp-ip
comp.protocols.nfs
comp.security.unix - mostly lame sys admins asking for help, occasionally you'll get a decent article, but not often.
comp.security.misc
comp.security.firewalls
comp.security.announce
alt.security
alt.ph.uk - phreaking and hacking kiddies in the U.K.

and finally.......

junk - stuff which hasn't made it on to my page for various reasons. Select this only if you are sure you have read all the other stuff properly and still have time to kill.

An access count for this site is not available. Just before it got censored (march 96), this file on the original U.K. page got over 300 access a day.

Well thanks for looking at this page. Watch this space for future additions, I may even try writing a few docs myself.

Please mail me your suggestions or comments.

If you're tired of reading about all this unix network security stuff you might like to drop by the homepage of the UK's largest Internet BBS, http://www.mono.org/.

Looking for a Netherlands based ISP? Whilst I've seen many servers come and go, after over 2 years I can safely say Cistron Internet Services do an excellent job of serving the home page of my domain, http://www.geek.org.uk/.

See you around,

Cheers,

Arny - arny@geek.org.uk

Reality is just one big computer