Results 1 to 5 of 5

Thread: home network security pen test

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    3

    Smile home network security pen test

    Hi,

    I'm new to this forum, and was wondering if anyone could point me in the right direction.

    I am planning to assess the security of my home network and I aim to gain access to resources over a broadband link by using current hacking methodologies. It's in aid of a college project and I have gained ethical approval. I was hoping y'all could steer me in the right direction.

    Many Thanks

    cale_doses

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: home network security pen test

    That's a rather non specific and vague question. But you asked to be steered in the right direction...so I'll tell you not to try and run before you can walk. Try some tutorials first, and once you get to grips with the basics read some of the penetration testing frameworks that are around so you get an understanding of the entire Penetration testing process. Id also recommend you read the latest edition of Hacking Exposed - it has a good overview of the steps required to access a system via "hacking".

    I should probably inform you that regardless of the fact that you apparently have "ethical approval" to hack your home network systems, your ISP might not like you sending attack traffic over their network to your systems. In addition, whatever network you launch your attacks from (since you wont be able to launch external attacks from your own network) may not like it either. Be prepared to face the consequences of your actions if you decide to go ahead with this.

    Personally Id suggest confining your attack traffic within a test network, and NOT sending it via the Internet.

    Anyway, what do you expect to prove by this? That home networks can be hacked? I think that everyone already knows this by now. Did your college actually assign you a project to hack into a network, because that seems like a recipe for disaster?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: home network security pen test

    Quote Originally Posted by cale_doses View Post
    Hi,

    I'm new to this forum, and was wondering if anyone could point me in the right direction.

    I am planning to assess the security of my home network and I aim to gain access to resources over a broadband link by using current hacking methodologies. It's in aid of a college project and I have gained ethical approval. I was hoping y'all could steer me in the right direction.

    Many Thanks

    cale_doses
    I would ask for my money back and transfer to a different institution if I were you. I mean seriously your teachers says something to the effect of " go hack and gain access to resources over a broadband link by using current methodologies" Wow what a fail bus school that must be.
    Here's a scalpel go cut that persons head open and learn about psychology.

  4. #4
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    3

    Post

    Quote Originally Posted by lupin View Post
    That's a rather non specific and vague question. But you asked to be steered in the right direction...so I'll tell you not to try and run before you can walk. Try some tutorials first, and once you get to grips with the basics read some of the penetration testing frameworks that are around so you get an understanding of the entire Penetration testing process. Id also recommend you read the latest edition of Hacking Exposed - it has a good overview of the steps required to access a system via "hacking".

    I should probably inform you that regardless of the fact that you apparently have "ethical approval" to hack your home network systems, your ISP might not like you sending attack traffic over their network to your systems. In addition, whatever network you launch your attacks from (since you wont be able to launch external attacks from your own network) may not like it either. Be prepared to face the consequences of your actions if you decide to go ahead with this.

    Personally Id suggest confining your attack traffic within a test network, and NOT sending it via the Internet.

    Anyway, what do you expect to prove by this? That home networks can be hacked? I think that everyone already knows this by now. Did your college actually assign you a project to hack into a network, because that seems like a recipe for disaster?

    I am very disheartened to hear a mod reply with such pessimism. Vague may the initial query be, but you should still be able to derive from what my question is.This is a legitimate project that is not repeating the work of others, of course home networks can be hacked!!! My ISP has been informed and I have a secure connection in college that I will be using. There is not enough research into this area, IDENTIFYING AND MITIGATING the threat of attack ideally for the novice home user. What I propose is to launch a series of attacks directed at my low secured home network and then implement the necessary countermeasures, do the tests again and thus the analyse the results and in turn provide a list of best practices for the home user market. It is very presumptuous of you to assume I have no pen testing experience, when I am familiar with most tools out there, albeit open source, I know there are excellent tools in which you use for a fee, however what I am showing is how easy and effortless it would be for someone to do this.

    I have never used backtrack before, so I am wondering if it would be beneficial to use this all in one open souirce package or, stick with the individual tools I have already > metasploit, netcat, nessus, wireshark, ophcrack, etc etc Also what in you opinions would be the most simplistic attack one could mount > DoS? Reverse Shell? Install BackDoor? Trojans? Buffer Overflow (any)?

    My issue is the HOW and HOW? any help would be appreciated
    Last edited by lupin; 02-05-2010 at 10:02 AM. Reason: Merging and tidying...

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: home network security pen test

    Quote Originally Posted by cale_doses View Post
    I am very disheartened to hear a mod reply with such pessimism. Vague may the initial query be, but you should still be able to derive from what my question is.
    Not pessimism, realism. I was giving you realistic advice based on the level of knowledge you demonstrated in your first post. This is not meant to be an insult, this is just resulting from my assessment that if you need to ask how you can test the security of your network, and cannot offer any suggestions of your own on how you might go about it, you may not be ready to do it.

    And I can determine what your question is, the problem is that its a question that wont result in a good answer because you have not been specific enough about what you want to know. Its not possible to give a comprehensive to answer a question like "How can I assess the security of my home network" in a forum response, and the fact that you asked it like that shows you havent put a lot of thought into this. Asking a specific question about an area in which you were stuck, mentioning some research you had already done and asking for clarification on particular points, or listing an outline of what you planned to do and asking for comments would all have been better ways to get useful information out of us.

    Quote Originally Posted by cale_doses View Post
    This is a legitimate project that is not repeating the work of others, of course home networks can be hacked!!! My ISP has been informed and I have a secure connection in college that I will be using. There is not enough research into this area, IDENTIFYING AND MITIGATING the threat of attack ideally for the novice home user. What I propose is to launch a series of attacks directed at my low secured home network and then implement the necessary countermeasures, do the tests again and thus the analyse the results and in turn provide a list of best practices for the home user market.
    Do you really believe that no one else has ever examined the threat to the home user before? There are God knows how many commercial end point security tools aimed at the home market. Wouldnt you think that some research may have gone into that? Have a read of the blogs of any of the major antivirus or security software vendors and you will see a lot of information relating to threats that affect the home user.

    My home countries Government even has a web site dedicated to the subject of home and small business Internet security:

    Home | Stay Smart Online


    Quote Originally Posted by cale_doses View Post
    It is very presumptuous of you to assume I have no pen testing experience, when I am familiar with most tools out there, albeit open source, I know there are excellent tools in which you use for a fee, however what I am showing is how easy and effortless it would be for someone to do this. I have never used backtrack before, so I am wondering if it would be beneficial to use this all in one open souirce package or, stick with the individual tools I have already > metasploit, netcat, nessus, wireshark, ophcrack, etc etc Also what in you opinions would be the most simplistic attack one could mount > DoS? Reverse Shell? Install BackDoor? Trojans? Buffer Overflow (any)?
    Im sorry, but someone who needs to ask how to assess the security of a home network does not have pen testing experience. You might know how to use some of those tools you mentioned, but that is not pen testing.

    Quoting myself from the old forums:

    Pen Testing is a professional activity that involves systematically testing a set of systems for security weaknesses using defined and repeatable processes, and then reporting on the results providing risk ratings and remediation advice.
    Learning to use tools individually, as you have claimed to have done, is an important step along the way to learn to perform penetration testing, but you need to be able to use the tools required in each of the steps of a penetration test as well as being able to link the use of each tool together to obtain the correct overall result.

    Quote Originally Posted by cale_doses View Post
    My issue is the HOW and HOW? any help would be appreciated
    Again, if you want to know HOW to use the various tools in BackTrack, Im going to refer you back to the advice that I gave in my first post. Follow some tutorials, read some of the penetration testing frameworks available, check out some books on the subject such as "Hacking Exposed", which is a good introduction to the subject.
    Last edited by lupin; 02-05-2010 at 02:30 PM. Reason: Typo
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Similar Threads

  1. Evaulation of my BT Home Hub Version 1.
    By JF1976 in forum BackTrack Howtos
    Replies: 3
    Last Post: 04-08-2010, 08:13 PM
  2. someone hacking my network
    By halfdone in forum Beginners Forum
    Replies: 1
    Last Post: 01-30-2010, 04:45 PM
  3. AutoScan Network
    By Archangel-Amael in forum BackTrack Fixes
    Replies: 1
    Last Post: 01-20-2010, 10:27 PM
  4. Replies: 4
    Last Post: 01-15-2010, 08:48 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •