Introduction

Recently a friend of mine was having a dinner party, and he'd bought a lovely bottle of wine for the occasion. When the time came to pour the glasses, however, he realized that he didn't have a corkscrew. With a steak knife, some scissors, and a little elbow grease, ten minutes later he had managed to open the bottle by pushing the cork into the bottle, but not without shattering the cork and spraying wine down the back of my neck. Later that same week, I was having dinner at my girlfriend's apartment and once again a bottle of wine required opening. This time we had a corkscrew at our disposal, but it was her roommate's fancy single-lever “waiter-type” corkscrew as opposed to the no-brainer, double-lever “wing-type” corkscrew I was used to. Being a relatively inexperienced wine connoisseur, I really had no idea how to use this thing. I managed to get the cork halfway out of the bottle before the lever slipped off the lip, resulting in the cork splitting into pieces and the bottle nearly falling to the ground as the corkscrew slammed into my right hand. After counting my fingers to make sure I hadn't lost any, I grabbed a steak knife—yes, a steak knife yet again—to push the remaining third or so of the cork into the bottle. For the second evening that week, I found myself digging cork shreds out of my wineglass with a spoon.

This rather embarrassing anecdote illustrates a few important points. First, not every grown man knows how to open a bottle of wine. Second, accomplishing a task is extremely difficult if you don't have the right tools. And finally, accomplishing a task is just as difficult if you don't know how to use the tools properly.

The second and third lessons can be applied to the field of computer and network security as well as wine opening. If you don't have the right tools for performing a vulnerability scan, for example, or you don't know how to use the tools properly, you won't be able to get the job done. Well, you might be able to get the job done, but you probably won't get it done right. In this book, we cover a thorough assortment of the computer and network security tools available for use by today's IT professional. Before you can select the right tools for the job, you have to know what tools are available and a little bit about them. You need to see how the tools get used in everyday life.

This book aims to feature “best practices” for using security tools, giving background not only on how to use a tool but also on the underlying reasons of why to use that tool and when to use that tool. Knowing about a tool's existence and its command-line options won't help today's IT professional without a fundamental understanding of the underlying security principles and concepts surrounding the tool. Through the use of screenshots, code listings, example tool usage, and case studies, this book aims to show how the tool can be used in certain real-world situations that may mirror your own. Although the inclusion of command-line flags and configuration options also makes this book useful as a desktop reference, the additional information and fundamental concepts included in each chapter make this book much more than a “How-to” manual. It lets you familiarize yourself with the tools at your disposal so you can efficiently and effectively choose (and use) the right tools to properly complete your task.

This book has been divided into four parts: multifunctional tools, tools to audit systems on the network, tools to audit the network, and tools to aid in the investigation of incidents within your infrastructure. By dividing the book into these four parts, you should have the proper and field-tested tools to perform

• Auditing and prevention
• Detection of incidents
• Investigations and response
• Remediation

As we have found, these tasks represent a significant amount of the effort spent in a security/ network/system administrator's life on the job in the real world. The term “Anti-Hacker” emerges because we encompass all of the previous tasks (i.e. from the beginning to the end of the security process) in this book.

Each chapter conforms to a continuing theme. The chapter begins with a summary of the tools discussed. Next, each tool is described. Each section also contains in-depth implementation techniques, providing you with hands-on information on how to utilize the tool best, including advice based on what we have discovered when we've used the tools in the field. Case studies to demonstrate the tool's use in the real world are used when appropriate. In some instances, one case study is used to typify multiple tools discussed in the chapter. For some topics, we were able to provide specific case studies for each tool. While we try to make the case studies as real as possible, we had to use literary license to make the story slightly more fun to read and to cover as many of the tools as possible. There are instances where we may discuss the system administrator's reactions to an incident that occurred on his network, which could be considered questionable—at best. Therefore, we want to mention that we are by no means providing a methodology or recommendation for the course of action during a security engagement or incident, but we hope to give you an interesting case study to read to help emphasize a tool's usage.

For our returning readers, we have added and updated content to keep this book on the cutting edge. Changes in the second edition include

• Modified chapter layout for better flow and organization
• Updated content for tools throughout the book
• New case studies and examples for tools such as Netcat, tcpdump, Ethereal, nmap, hping, and more
• New tools such as THC-Amap, THC-Hydra, Trinux, Kismet, Ettercap, Wellenreiter, WinHex, X-Ways Trace, and more
• A whole new chapter on firewalls including discussions of firewall concepts, ipchains, iptables, ipfw, Cisco PIX, and more

We want to stress again that this book concentrates on the usage of tools rather than the methodologies of securing your network. Therefore, this book is a great companion to the Hacking Exposed series and Incident Response and Computer Forensics, by Kevin Mandia, Matt Pepe, and Chris Prosise, because those books build the basis for the methodologies these tools thrive upon. We suggest you read the methodologies discussed in these books before trying to understand the tools used to implement them. But, if you already have a general understanding of the methodologies you will fit right in when reading this book.

Additionally, to use these tools we must discuss the most popular operating systems in the market today and others you may face when securing or investigating existing networks. In this book, when we mention “Windows” we mean any operating system published by Microsoft, Inc., such as 95/98/Me/NT/2000/2003 and XP, unless otherwise noted. On the other hand, when we mention the word “Unix” we mean any Unix-like operating system and not just the original version from Bell Labs. Some of the flavors of Unix on which these tools are effective include Solaris (i386 and Sparc versions), Linux, FreeBSD, NetBSD, OpenBSD, Mac OS X, and more. If a tool only operates on one version of Unix, we will note that where it is appropriate.

Since the tools mentioned throughout this book can change dramatically in the future (as we see especially with the open-source or hacker tools), we include copious amount of screenshots and output. We do this not to provide filler material, but to help you match up later versions of the tool with the information discussed in this book.

Also included with this book is a CD-ROM that contains copies of many of the tools mentioned in this book, which the vendors allowed us to distribute. When a tool we discuss has a commercial license, we will include the vendor-approved demonstration version. If there is not a demonstration version available to the public, you must visit the vendor's web site directly to obtain the tool. Because the open-source movement is gaining ground, we tried to include numerous noncommercial tools on the CD-ROM and in the book's content in order for you to have alternatives. We hope that the CD will remove a significant amount of the hassle involved in obtaining these tools and locating the appropriate web sites. This should aid you in following along with any of the examples presented in the book.

As mentioned previously, network and security tools are constantly changing to keep up with the times and advances in technology. New tools will pop up and old tools will have new features. Because this book focuses on network and security tools, we want to have a mechanism in place that keeps you current and informed on the latest tools, tool changes, and security-related news. To accomplish this, we offer www.antihackertoolkit.com, a companion web site to this book. The site will contain links to tools, tool information, book errata, and content updates.

---

< Day Day Up >