Linux Certification

IFCONFIG is a command-line tool, which is used for network interface management. Following are some of the options used with the command:

• up: This option is used to activate the specified interface.
• down: This option is used to deactivate the specified interface.
• lo: This option is used to view the loopback interface.

The IFCONFIG command is also used to configure an interface.

Syntax:

IFCONFIG interface options

For example, to configure a Linux computer’s first network interface with an IP address 200.200.200.123 and subnet mask 255.255.255.0, the following command is used:

IFCONFIG eth0 200.200.200.123 netmask 255.255.255.0

The Multi Router Traffic Grapher (MRTG) is free software for monitoring and measuring the traffic load on network links. It allows the user to see traffic load on a network over time in graphical form. MRTG is written in Perl and can run on Windows, Linux, UNIX, Mac OS and NetWare.

MRTG uses the Simple Network Management Protocol (SNMP) to send requests with two object identifiers (OIDs) to a device. The device, which must be SNMP-enabled, will have a management information base (MIB) to look up the OIDs specified. After collecting the information it will send back the raw data encapsulated in an SNMP protocol. MRTG records this data in a log on the client along with previously recorded data for the device. The software then creates an HTML document from the logs, containing a list of graphs detailing traffic for the selected device.

A password cracker is an application program that is used to identify an unknown or forgotten password to a computer or network resources. It can also be used to help a human cracker obtain unauthorized access to resources.

Password crackers use two primary methods to identify correct passwords: brute-force and dictionary searches. When a password cracker uses brute-force, it runs through combinations of characters within a predetermined length until it finds the combination accepted by the computer system. When conducting a dictionary search, a password cracker searches each word in the dictionary for the correct password. Password dictionaries exist for a variety of topics and combinations of topics, including politics, movies, and music groups.

To successfully share your connection you’ll need to set up the ad-hoc wireless network from scratch. Besides an active wired internet connection at the time of setup, here’s what you’ll need:

Network Manager 0.7 or later release
dnsmasq-base installed; a DNS proxy and DHCP/TFTP server

NetworkManager comes pre-installed with all Ubuntu releases since 8.10 so the only installation requirement should be that of dnsmasq-base; you can install easily by using this command:

sudo aptitude install dnsmasq-base

there are 3 types of encryption( Ciphers ) used by ssh idea, 3des & blowfish.

unless explicitly mentioned ssh by default uses idea cipher to encrypt & decrypt.

Bruce Schneier’s block cipher blowfish was designed to be fast & secure, it uses a 128 bit key, although the algorithm allows anything from 32 to 448 bits.

We can explicitly mention the ssh client to use a certain type of encryption by using the following command

# slogin -2 -c blowfish user@some_remote_machine.com

the above command also explicitly mentions the ssh client to use ssh protocol version 2

Port knocking is a method of establishing a connection to a networked computer that has no open ports look up port on webopedia.com look up port on FOLDOC . Before a connection is established, ports are opened using a port knock sequence, which is a series of connection attempts to closed ports. A remote host generates and sends an authentic knock sequence in order to manipulate the server’s firewall look up firewall on webopedia.com look up firewall on FOLDOC rules to open one or more specific ports. These manipulations are mediated by a port knock daemon, running on the server, which monitors the firewall log file for connection attempts which can be translated into authentic knock sequences. Once the desired ports are opened, the remote host can establish a connection and begin a session. Another knock sequence may used to trigger the closing of the port.
Applicability

These Programs :

* Work as a key logger.
* Send any Information from Victim’s PC to the Hacker’s PC.
* Run any program on the Victims PC.
* Display any Violating Image on victim’s Screen.
* Open the CD Drive of the Victim’s PC.
* Open any Web page on the Victims Screen.
* Disable any Specific Key or whole Keyboard.
* Shutdown Victim’s PC.
* Start a Song on the Victim’s PC.etc.etc…………..

Back Orifice / Back Orifice 2000

Fail2Ban is an intrusion prevention framework written in the Python programming language. It is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally (for example, iptables or TCP Wrapper). Fail2Ban’s main function is to block selected IP addresses that may belong to hosts that are trying to breach the system’s security. It determines the hosts to be blocked by monitoring log files (e.g. /var/log/pwdfail, /var/log/auth.log, etc.) and bans any host IP that makes too many login attempts or performs any other unwanted action within a time frame defined by the administrator.

Snort is an open source network intrusion prevention and detection system that operates as a network sniffer. It logs activities of the network that is matched with the predefined signatures. Signatures can be designed for a wide range of traffic, including Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP).

The three main modes in which Snort can be configured are as follows:

* Sniffer mode: It reads the packets of the network and displays them in a continuous stream on the console.

* Packet logger mode: It logs the packets to the disk.

iptables is a firewall that is a replacement of the IPChains firewall for the Linux 2.4 kernel and later versions. It requires elevated privileges to operate, and it must be executed by user root, otherwise it fails to function. iptables allows a system administrator to configure the tables provided by Xtables (which in turn uses Netfilter) and the chains and rules it stores. iptables has the following features:

* It supports stateful packet inspections.
* It filters the packets according to the MAC address and TCP header flag values.
* It is helpful for preventing attacks using malformed packets.
* It reduces DoS attacks.
* It provides better network address translation.
* It supports the transparent integration of the operating system with Web proxy servers.