the first thing i would do is start capturing all network traffic or if it's easier i'd just switch off my hub.
i ain't affraid of no script kiddie. :P
What would you do if you got hacked?
Well, since I've been experimenting on my own home network, using ettercap, wireshark, and cain and abel in windows.
It makes me wonder what happens if I get hacked and how can I prevent it when someone breaks the wireless key. Are their any ARP detection or prevention to use. I want some extra protection, maybe something I could install on my DD-WRT wrt54gs router.
I've read about honey pots but haven't found any good tutorials on that.
Sorry for the stupid questions, just curious about the what if's.
New to BT, not new to Linux.
the first thing i would do is start capturing all network traffic or if it's easier i'd just switch off my hub.
i ain't affraid of no script kiddie. :P
if a solution to a problem is stupid and works, it is not stupid.
"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." - Bill Gates :rolleyes:
If you have an extra machine you could run a program called snort. Its an intrustion detection software. Give it a look and see what you think. Trying to do honey pots and revers "hacking" is still not legal. Try to stop it first before you worry about the what ifs.
A honeypot is a specific box (or a program looking like it's a box) set up to trap and observe attacks, either live or in a forensic post mortem. That isn't what you want.Originally Posted by Andy_R
You want a box (or program) to act as an Intrusion Detection System (IDS). Snort is an excellent IDS that is scalable from a single user up to enterprise level pipes. IDS's usually work hand-in-hand with a firewall. A great firewall for is Smoothwall 3.0, which includes Snort.
Thorn
Stop the TSA now! Boycott the airlines.
Running a honeypot isn't illegal, at least I've never heard to be illegal anywhere. "Reverse cracking" may be illegal, depending on what you're doing.
Thorn
Stop the TSA now! Boycott the airlines.
honey pots should be fine since you are only passivly monitoring your own network traffic. Anyone who is connected to your network and all information that passes over your network is yours unless specificly stated in some form of EULA.
Reverse hacking is illegal however the chances of someone who is activly trying to jack your network reporting you is pretty slim. Just remember that if you get caught you are in the same legal boat as the original hacker and you forfit any legal recourse for prosecuting them.
Morpheus: "You take the blue pill - the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill - you stay in Wonderland and I show you how deep the rabbit-hole goes."
Neo: "What if I take both?"
Morpheus: "Don't do that! You end up like Nick Nolte!"
I definately look into snort and smoothwall, I don't have a spare computer I can use for monitoring, but I can use a virtual machine.
Basically, I'm thinking about doing a little virtual webhosting for friends and maybe a couple of local businesses to advertise their products. Of course I won't host any sites that require ssl certificates such as ecommerce sites. But I was thinking about creating my own local classifieds website, but it wouldn't have any information expect username and passwords and their email incase they lose their password.
But I don't want anyone watching my packets, I'm thinking about getting rid of wireless, but it is useful so I don't know yet.
So thats why I'm learning about security before I start hosting.
New to BT, not new to Linux.
Another option is openbsd's packet filter. This is what I have recently started using. Its a "firewall" sort of but really what it does is create a dedicated box with 2 nics before your router which does exactly what it says, it filters packets based on a whole range of variables which can be coded by the user via a pf.conf file. Pf can be very useful for protecting a web server but sjhould be used in combination with snort as well.
I'm running smoothwall3 on my home network. There are three network cards installed in it. One for the incoming "red" internet connection. One for the internal "green" wired connections. One for the internal "purple" wireless access point. The green network uses what Streaker calls the "baby networks" 192.168.1.0/24 range. The purple uses 192.168.2.0/24 range. Smoothwall keeps the 1.0 and 2.0 networks separate, both can get to the internet, green can go to purple, but purple can't get to green. The access point uses wpa2 with a stupidly large random character password that I keep on a thumb drive for easy cut and paste. If a wireless client needs access to the file server smoothwall has a pretty easy to set up openvpn addon that so far has worked with damn near any os I've tried setting it up on.
Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69
I have never called it the baby network. I have however called it the dweeb network.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Posting Permissions