Hackin9 de Juillet 2011 est sorti !!

Au sommaire :

Mummies still walk among us !

Firestarter : Starter to your Firewall

HTTP Parameter Pollution Vulnerabilities in Web Applications

Does your Blackberry Smartphone have ears

Web testing using Active and Passive Scanner

Web Application : Acess Control and Authorisation Issues

More on http://www.hakin9.org/

• Latest News From the IT Security World
  By Armando Romeo, eLearnSecurity and ID Theft Protect
• Mummies still walk among us!
  By Ali Al-Shemery
  Imagine all the great sources of information on the Internet today such as: news groups, blogs, websites and forums, and you still see networks, and websites being hacked and torn down using old hacking techniques. For God sake, isn’t that a walking mummy? The author in amusing way describes why it is so important to keep the knowledge updated and why attacking new system with old techniques still works. Read the true, didactic and full of sense of humor story.
• Firestarter: Starter toyour Firewall
  By Mervyn Heng
  The firewall is the first line of defense on the network perimeter and end points. Firewalls are the gatekeepers to facilitate the flow of necessary traffic to and from assets. The author in his article focuses on the best practices when setting up a host-based firewall on a Ubuntu 10.4 LTS laptop. He describes how the host-based firewalls allow all traffic by default to offer users with immediate access to networks and the Internet and how network-based firewalls interestingly employ the opposite tactic as their default rule is to deny all.
• HTTP Parameter Pollution Vulnerabilities in Web Applications
  By Marco Balduzzi, Luca Carettoni, Stefano Di Paola
  Is your web application protected against HTTP Parameter Pollution? A new class of injection vulnerabilities allows attackers to compromise the logic of the application to perform client and server-side attacks. HPP can be detected and avoided. But how? This article discusses why and how applications may be vulnerable to HTTP Parameter Pollution. By analyzing different attacking scenarios, The authors of this article introduce the HPP problem. They describe PAPAS, the system for the detection of HPP flaws, and conclude by giving the different countermeasures that conscious web designers may adopt to deal with this novel class of injection vulnerabilities.
• Does your BlackBerry smartphone have ears?
  By Yury Chemerkin
  The smartphone becomes the most popular gadget all over the world. Undoubtedly, compactness, convenience and PCs’ functional capabilities have been winning modern users’ hearts. People may think that Internet surfing is safer with their favorite smartphone than by PCs and that the privacy loss risk is minimized, however analytical statistics show the opposite. From this article we will find out why every BlackBerry is vulnerable to multiple network attacks and how it is that address book provides a spam-attack vector. The author explains also how deceptions may mislead Blackberry users to compromise security and what makes the DMTF signalling a possible covert channel.
• Web Testing Using Active and Passive Scanners
  By Ric Messier
  Website creation has become so simple that just anyone can do it. This doesn’t mean that everyone can do it well. There are so many frameworks and tools available to make dynamic sites easy to put up quickly. The author of this article shows how to scan systems using both an active and a passive Web proxy. He also explains the differences between active and passive scanning and points out the reasons why doing regular site scanning can’t be overvalued.
• Web Applications: Access Control and Authorization Issues
  By Nilesh Kumar
  This article is about different kinds of Access Control mechanisms and issues with them in Web Applications. Where sufficient authorization checks are lacking, access controls may be abused by the logged-in user. The impact can be catastrophic. Improper access control handling may result in information leakage or worse unauthorized access to system components. The article helps to imagine what will happen if a normal user is able to access the contents meant only for a system administrator. The author describes a few scenarios of where authorization checks are not performed correctly and shows what their impact could be.
• Web Applications: Testing and Securing Your Code
  By Joe Pezzino, Phil Rusek
  With the high demand for applications and information, companies have made data readily and easily available. Web applications, to keep in touch with friends, download music, or order a new espresso machine, are used so commonly you seldom think about how the information is presented to you. From this article you will find out how to test and secure your web applications. The authors will share with also you their knowledge why the best practice against SQL Injection is to write a code that stores procedures and prepared statements.
• An overview of Web Application Security Issues
  By Julian Evans
  Web application security is very much in its infancy – some security experts believe this is going to be a major emerging area of technology. Nowadays web apps are more complex and are based on a client-server architecture. This architecture is evolving and we see web apps such as Google Apps acting as a word processor, storing the files and allowing you to download the file onto your PC. Facebook and the social web have also moved into Web apps hence the recent coined phrase Web 3.0. This is the overview article in which author points out the most current issues in area of Web App security, such as: programming development, JavaScript API, AJAX programming, mobile security or Facebook app security and authentification.
• Why are there So Many Command and Control Channels Part Two
  By Matt Jonkman
  In his last article Matt Jonkman wrote about Command and Control Channels, or CnCs. In this one he continues the topic of CnC channels and take up the discussion of the individual categories. He also describes some up to date examples of many of these cathegories out of the Emerging Threats Sandnet.

apt-get install mrtg
apt-get install snmpd
vi /etc/snmp/snmpd.conf
com2sec readonly default public
#com2sec paranoia default public
mkdir /var/www/mrtg
cfgmaker --global 'WorkDir: /var/www/mrtg' --global 'Language: French' --output /etc/mrtg.cfg public@127.0.0.1
indexmaker /etc/mrtg.cfg --columns=1 --output /var/www/mrtg/index.html

puis ajouter dans le crontab
 */5 * * * *  /usr/bin/mtrg /etc/mrtg.cfg --logging /var/log/mrtg.log

Source : http://oss.oetiker.ch/mrtg/

Nous allons utiliser la méthode make-kpkg, recommandée par Debian

Continue reading “Compiler un Kernel Linux à la methode Debian” »

La translation pour IPv6 existe !!!

Il s’agit d’un concept proche de celui du NAT (NAT44) bien connu en IPv4, mais d’une translation de la partie Network Prefix d’un paquet IPv6. Cette translation à le mérite d’etre transport-agnostic.

Le nom de la fonctionnalité est : IPv6-to-IPv6 Network Prefix Translation (NPTv6)

Cette fonction permet de rendre son espace d’addressage IPv6 interne indépendant de celui de son ou ses FAIs, considéré comme externe.
Cette fonction fournis une relation 1:1 entre les addresses IPv6 des préfixes interne et externe.
La communication et le routage et donc la reachability end to end sont donc préservés, bien que l’ espace d’adressage interne (inside) soit différent de celle du réseau d’acces (outside) (FAI).

Il permet de s’affranchir du renumbering d’un réseau lors d’un changement d’opérateur ou de l’utilisation de plusieurs opérateurs simultanés (multihoming).

Cette translation est implémentée dans un router IPv6 et map un préfix d’addresse IPv6 vers un autre préfix IPv6 pour chaque paquet qui transitent sur ce router. Le routeur qui implémente cette translation NPTv6 est appelé un NPTv6 Translator.

Sources :

http://tools.ietf.org/html/draft-mrw-nat66-09

http://iucg.org/wiki/WIKI_NPTv6_Draft_-_Baker

Liens : http://wiki.amiot.biz

Afin de re-switcher le traffic d’un réseau local sur sa machine, un hacker va activer l’IP-Forwarding sur sa machine, puis lancer une attaque de type ARP-Spoofing pour tromper le segment réseau sur lequel il se trouve, en lui faisant croire que l’addresse MAC de la default gateway n’est plus celle d’origine mais celle de sa machine (nous sommes ici en L2 – switch world).

Il va alors flooder le réseau d’ARP-Reply disant que l’IP de la défault gateway a l’adresse MAC de sa propre machine. Les PCs en tiendront compte et le traffic sera alors rediriger vers le PC du hacker. Continue reading “Attaque par ARP Spoofing (IPv4) et contre mesures” »

RFC 4949 : Internet Security Glossary, Version 2

RFC 3704 : Ingress Filtering for Multihomed Networks

RFC 2827 : Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing

Consulter le WIKI IPV6

L’ISOC a proposé que le 8 juin 2011 devienne l’ IPv6 World Day.

Ce jour là, les grands nom du Web (Google, Facebook, Yahoo, Akamai) fourniront une résolution IPv6 à leur préfixe “www”, afin de valider et mettre en lumière les éventuelles problèmes de connectivité IPv6 rencontrés par leur clients/visiteurs si ce cas devenait, dans un avenir très proche, une réalité. Ces problèmes de connectivité, qui d’après eux, viendrait alors de clients mal configurés ou d’ISP ayant des problèmes de connectivité avec l’Internet v6.

Pour Google, le pourcentage d’Internaute connecté en IPv6 représente aujourd’hui 0,22% de leur traffic (voir les statistiques).

L’ISOC à d’hors et déja de testez votre connectivité IPv6 :  http://test-ipv6.com/

sources :

http://googleblog.blogspot.com/2011/01/world-ipv6-day-firing-up-engines-on-new.html

http://isoc.org/wp/worldipv6day/

IPv6 est le protocole qui regnera demain sur le réseaux Internet mais aussi sur les réseaux locaux.

Ce protocole est il pour autant fiable et sécurisé pour les réseaux d’entreprises, nottamment en environnement sensible (soit par nature, ie machine outils, soit par fonction, ie réseau du centre opérationnel de surveillance des satellites ou des autoroutes, ou de tour de contrôle) ?

Et bien pas vraiment … j’en veux pour preuve la liste des vulnérabilités IPv6 suivantes, principalement ciblées pour l’attaque d’un réseau local (liste non exhaustive) :

Continue reading “Sécurité IPv6” »

Juste pour mémoire, fonctionnement du peering ISP, vue de haut niveau :

Sans Peering : €€€€

Avec Peering : €€