View previous topic :: View next topic |
Author |
Message |
eeps24 Just Arrived
Joined: 04 Dec 2004 Posts: 0
|
Posted: Sat Mar 26, 2005 12:33 am Post subject: hacking methods |
|
|
does anyone know a site / guide where i can learn about hacking methods...DoS,smurf,man in the middle, land attack ......my security+ book doesnt satisfy me on these explainations
|
|
Back to top |
|
|
alt.don SF Boss
Joined: 04 Mar 2003 Posts: 16777079
|
Posted: Sat Mar 26, 2005 1:15 am Post subject: |
|
|
Hello eeps24,
Well I would not counsel you to walk before you can run. Perhaps you would be best to study the basics first such as tcp/ip and programming. Off of these two subjects is everything else computer wise based. Should that not satisfy you then check out metasploit framework or other like minded tools. Though you will never really know anything until you understand the foundation upon which all exploits are built.
|
|
Back to top |
|
|
eeps24 Just Arrived
Joined: 04 Dec 2004 Posts: 0
|
Posted: Sat Mar 26, 2005 3:56 am Post subject: |
|
|
i have a decent foundation of tcp/ip,im no expert, but im not that much of a newbie with it...........just that in my security book.....it didnt detail the attacks well ........i want something where i can get details on information......not just a summary..........i want to be certified not paper certified, im sure many of you have noticed me with all my postings (sorry about that),i dont just want to learn something, i want to know why, whats going on etc, if anyone has any links or material i would greatly apprecaite it ......thanks
|
|
Back to top |
|
|
dgavrilovic Just Arrived
Joined: 22 Mar 2005 Posts: 0
|
Posted: Sat Mar 26, 2005 4:57 am Post subject: |
|
|
check the SANS reading room. they might have some more detailed analysis info on the stuff listed in the sec+ books.
|
|
Back to top |
|
|
Exodus Just Arrived
Joined: 28 Mar 2004 Posts: 0
|
Posted: Sat Mar 26, 2005 6:12 am Post subject: |
|
|
the best "hacking method" is your programming capabilities....
the underline is that hacking inst about methods... and it isnt somthing
you learn step by step.. it is somthing you learn from experince and researchs
|
|
Back to top |
|
|
alt.don SF Boss
Joined: 04 Mar 2003 Posts: 16777079
|
Posted: Sat Mar 26, 2005 3:41 pm Post subject: |
|
|
Simply go to www.k-otik.com and download some code. Compile it and use in in your home lab then.
|
|
Back to top |
|
|
Cybertrion-Systems Just Arrived
Joined: 03 May 2005 Posts: 0
|
Posted: Tue May 03, 2005 8:10 pm Post subject: |
|
|
one should be good in programming agreed but many of the code available on the net are outdated.
Better be in touch with the latest exploits, advisories and codes. This will help you out.
|
|
Back to top |
|
|
njan Trusted SF Member
Joined: 02 May 2005 Posts: 9 Location: Scotland, UK
|
Posted: Tue May 03, 2005 8:49 pm Post subject: |
|
|
Quote: |
does anyone know a site / guide where i can learn about hacking methods...DoS,smurf,man in the middle, land attack ......my security+ book doesnt satisfy me on these explainations |
Take a step back for a moment here - what exactly are you trying to accomplish? I'll take it as red that you don't want to learn about these things in order to employ them as they were intended - which leaves two possibilities: either you want to learn about them for the sake of the knowledge itself, or you want to be able to defend yourself (or others) from similar attacks. In either case, you need to understand how these attacks work.
Quote: |
Simply go to www.k-otik.com and download some code. Compile it and use in in your home lab then. |
As alt.don correctly points out, testing these forms of nasty in a controlled environment is an excellent way to learn - but in order to fully appreciate how they work, you need to be able to dissect them and understand what they're actually doing, as ultimately, understanding solely how to use these 'tools' only gives you the ability to break things (ie. to use them maliciously) and recognise what the effects of these attacks are - neither of which are useful either for understanding what these attacks are actually doing or how they work.
Looking at those two goals separately for a moment, then, there are two pieces of knowledge you can pursue:
* How these attacks work
As 'Cybertrion-Systems' and exodus point out, in order to accomplish this, you need to learn to program. This coupled with a little knowledge of TCP/IP will let you understand how a SYN flood or a smurf attack is executed.
* What these attacks are doing
Although understanding how the attacks work helps, the best way to understand this is a little more practical (but also requires theoretical knowledge). Play with tcpdump, ethereal, or snort, and actually *watch* what one of these attacks does. If you have a 'decent foundation' in tcp/ip, you should have a basic understanding of what a packet dump from one of these programs means, but in order to fully get under the skin of the exploit, you will require an excellent knowledge of both how tcp/ip works and what non-standard uses of it do to servers in a controlled environment.
These are slightly different methods of accomplishing the same thing, and if you pursue either, you'll end up not only with an excellent understanding of a form of attack, but a set of theoretical knowledge (c programming and/or tcp/ip) which will be extremely useful to you in the future.
|
|
Back to top |
|
|
|