Table of Contents
Advertisement
not secured against hijacking through encryption, which only perform a simple authen-
tication procedure upon establishing the connection, makes it easier for attackers.
Spoofing is an attack where packets are modified to contain counterfeit source data,
usually the IP address. Most active forms of attack rely on sending out such fake
packets—something that, on a Linux machine, can only be done by the superuser
(root).
Many of the attacks mentioned are carried out in combination with a DoS. If an attacker
sees an opportunity to bring down a certain host abruptly, even if only for a short time,
it makes it easier for him to push the active attack, because the host will not be able to
interfere with the attack for some time.
44.1.12 DNS Poisoning
DNS poisoning means that the attacker corrupts the cache of a DNS server by replying
to it with spoofed DNS reply packets, trying to get the server to send certain data to a
victim who is requesting information from that server. Many servers maintain a trust
relationship with other hosts, based on IP addresses or hostnames. The attacker needs
a good understanding of the actual structure of the trust relationships among hosts to
disguise itself as one of the trusted hosts. Usually, the attacker analyzes some packets
received from the server to get the necessary information. The attacker often needs to
target a well-timed DoS attack at the name server as well. Protect yourself by using
encrypted connections that are able to verify the identity of the hosts to which to connect.
44.1.13 Worms
Worms are often confused with viruses, but there is a clear difference between the two.
Unlike viruses, worms do not need to infect a host program to live. Instead, they are
specialized to spread as quickly as possible on network structures. The worms that ap-
peared in the past, such as Ramen, Lion, or Adore, make use of well-known security
holes in server programs like bind8 or lprNG. Protection against worms is relatively
easy. Given that some time elapses between the discovery of a security hole and the
moment the worm hits your server, there is a good chance that an updated version of
the affected program is available on time. That is only useful if the administrator actu-
ally installs the security updates on the systems in question.
782
Deployment Guide
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008
Related Products for Novell LINUX ENTERPRISE DESKTOP 10 SP2 - DEPLOYMENT GUIDE 08-05-2008
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL APPARMOR 2.0.1 - ADMINISTRATION GUIDE 05-2008
- NOVELL EDIRECTORY 8.8 - GUIDE 09-2006
- NOVELL INTELLISYNC MOBILE SUITE 7.0 - SECURE GATEWAY ADMINISTRATOR GUIDE 04-2006
- NOVELL LINUX ENTERPRISE DESKTOP 10 SP1 - START UP GUIDE 03-15-2007
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - LAB GUIDE 01-19-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.2 - ADMINISTRATION GUIDE 09-2007
- NOVELL ZENWORKS LINUX MANAGEMENT 7.2 IR2 - ADMINISTRATION GUIDE 09-25-2008
- NOVELL ZENWORKS LINUX MANAGEMENT 7.3 IR2 - ADMINISTRATION GUIDE 02-12-2010
- NOVELL SENTINEL 6.1 SP2 - INSTALLATION GUIDE 02-2010
- NOVELL ZENWORKS NETWORK ACCESS CONTROL 5.0 - INSTALLATION GUIDE 09-22-2008
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0 - INTEGRATION AND STREAMING GUIDE 05-07-2010
- NOVELL PRIVILEGED USER MANAGER 2.2.1 - ADMINISTRATION GUIDE 03-31-2010