In Linux, the three most common commands that hackers usually attempt to Trojan are:
The easiest programs to trojan and the smartest ones to trojan are ones commonly run by administrators and users,in this case netstat,ps,and top,for a complete list of commonly trojaned and rootkited software please reference this URL: http://www.usenix.org/publications/login/1999-9/features/rootkits.html
John wishes to install a new application onto his Windows 2000 server.
He wants to ensure that any application he uses has not been Trojaned.
What can he do to help ensure this?
A. Compare the file’s MD5 signature with the one published on the distribution media
B. Obtain the application via SSL
C. Compare the file’s virus signature with the one published on the distribution media
D. Obtain the application from a CD-ROM disc
MD5 was developed by Professor Ronald L. Rivest of MIT. What it does,to quote the executive summary of rfc1321,is: [The MD5 algorithm] takes as input a message of arbitrary length and produces as output a 128-bit “fingerprint” or “message digest” of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest,or to produce any message having a given prespecified target message digest. The MD5 algorithm is intended for digital signature applications,where a large file must be “compressed” in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.
In essence,MD5 is a way to verify data integrity,and is much more reliable than checksum and many other commonly used methods.
Jason’s Web server was attacked by a trojan virus. He runs protocol analyzer and notices that the trojan communicates to a remote server on the Internet. Shown below is the standard “hexdump” representation of the network packet, before being decoded. Jason wants to identify the trojan by looking at the destination port number and mapping to a trojan-port number database on the Internet. Identify the remote server’s port number by decoding the packet?
A. Port 1890 (Net-Devil Trojan)
B. Port 1786 (Net-Devil Trojan)
C. Port 1909 (Net-Devil Trojan)
D. Port 6667 (Net-Devil Trojan)
From trace,0x1A0B is 6667,IRC Relay Chat,which is one port used. Other ports are in the 900′s.
Which of the following Netcat commands would be used to perform a UDP scan of the lower 1024 ports?
A. Netcat -h -U
B. Netcat -hU
C. Netcat -sU -p 1-1024
D. Netcat -u -v -w2 1-1024
E. Netcat -sS -O target/1024
The proper syntax for a UDP scan using Netcat is “Netcat -u -v -w2 1-1024”.
Netcat is considered the Swiss-army knife of hacking tools because it is so versatile.
Sniffing is considered an active attack.
Sniffing is considered a passive attack.
A file integrity program such as Tripwire protects against Trojan horse attacks by:
A. Automatically deleting Trojan horse programs
B. Rejecting packets generated by Trojan horse programs
C. Using programming hooks to inform the kernel of Trojan horse behavior
D. Helping you catch unexpected changes to a system utility file that might indicate it had been replaced by a Trojan horse
Tripwire generates a database of the most common files and directories on your system. Once it is generated,you can then check the current state of your system against the original database and get a report of all the files that have been modified,deleted or added. This comes in handy if you allow other people access to your machine and even if you don’t,if someone else does get access,you’ll know if they tried to modify files such as /bin/login etc.
Erik notices a big increase in UDP packets sent to port 1026 and 1027 occasionally. He enters the following at the command prompt.
$ nc -l -p 1026 -u -v
In response, he sees the following message.
cell(?(c)????STOPALERT77STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.
Windows has found 47 Critical Errors.
To fix the errors please do the following:
1. Download Registry Repair from: http://www.reg-patch.com
2. Install Registry Repair
3. Run Registry Repair
4. Reboot your computer
FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!
What would you infer from this alert?
A. The machine is redirecting traffic to http://www.reg-patch.com using adware
B. It is a genuine fault of windows registry and the registry needs to be backed up
C. An attacker has compromised the machine and backdoored ports 1026 and 1027
D. It is a messenger spam. Windows creates a listener on one of the low dynamic ports from 1026 to 1029 and the message usually promotes malware disguised as legitimate utilities
The “net send” Messenger service can be used by unauthorized users of your computer,without gaining any kind of privileged access,to cause a pop-up window to appear on your computer. Lately,this feature has been used by unsolicited commercial advertisers to inform many campus users about a “university diploma service”…
ettercap ɃNCLzs –quiet
What does the command in the exhibit do in pEttercapq?
A. This command will provide you the entire list of hosts in the LAN
B. This command will check if someone is poisoning you and will report its IP.
C. This command will detach from console and log all the collected passwords from the network to a file.
D. This command broadcasts ping to scan the LAN instead of ARP request of all the subnet IPs.
-N = NON interactive mode (without ncurses)
-C = collect all users and passwords
-L = if used with -C (collector) it creates a file with all the password sniffed in the session in the
-z = start in silent mode (no arp storm on start up)
-s = IP BASED sniffing
–quiet = “demonize” ettercap. Useful if you want to log all data in background.
A remote user tries to login to a secure network using Telnet, but accidently types in an invalid user name or password. Which responses would NOT be preferred by an experienced Security Manager? (multiple answer)
A. Invalid Username
B. Invalid Password
C. Authentication Failure
D. Login Attempt Failed
E. Access Denied
As little information as possible should be given about a failed login attempt. Invalid username or password is not desirable.
A POP3 client contacts the POP3 server:
A. To send mail
B. To receive mail
C. to send and receive mail
D. to get the address to send mail to E. initiate a UDP SMTP connection to read mail
POP is used to receive e-mail.
SMTP is used to send e-mail.