[HOME]
Technical level
Following the white rabbit...
Back to the articles page
This series of documents canvasses security tools,
security technologies, and various techniques used to
disrupt operations, steal information, or embarrass
organisations or individuals. It is published here in the
hope that security consultants will be better informed of
technical risk in the industry.
What is this?

"Following the white rabbit"
is a series of progressive
advisories, which will be
published on this site
regularly (at least weekly).

The first week starts with  
common techniques used to
associate IP addresses with
contactable people and  
cloaking mechanisms
related  to disguise IP
addresses being used.

The second week includes
network reconnaissance,
password cracking,  
intrusion detection,
shunning and other relevant
technologies.
Downloadable tools are
bulleted in the text margin
with a paw print.


Identity and the Internet






























Network and system penetration - offence and defence

















































                            These articles are attributed to DIrk Venter
Entry
Guru
Security - columns
Tracing identity on the Internet

Abstract: In every packet switched across the Internet we
know two addresses- the sender, and the recipient. This article
explains how organisations become associated with IP
addresses. It illustrates techniques of displaying which
addresses have connected to a system, and how to turn the
addresses into domain names, as well as how to turn domain
names into contactable people. It looks at other clues as to
user identification.
Hiding identity on the Internet

Abstract: This page develops concepts in the previous one, it
examines how source IP addresses in packet switched
networks can be disguised and hidden. It looks at three ways
of doing this, via NAT, via proxy servers, and via applications.
Issues with address translation

Abstract: This page develops the issues raised on NAT by
discussing how it can be implemented externally and internally
within an organisation. It illustrates external NAT provider sites,
and shows how the translated source address can be
confirmed. It also discusses risks of using external NAT
providers.
Hacking, cracking, and the law

Abstract: This page breaks types of hacking into categories. It
also discusses the penalties attached to each type under South
African law, and mentions the ironic position that IT security
personnel find themselves in - where multinational
organisations endorse tools such as L0phtcrack and nmap to
test and troubleshoot security installations, and yet where
possession of the same tools constitutes an offence.
Network reconnaissance and defences to it

Abstract: This page looks at Nmap, how it finds targets via
subnet broadcast or host-specific echo requests, how it scans
ports on running hosts to determine which services are
available, how it can force another system to relay this
information, and how it identifies operating systems and
application versions. It also looks at tools available for network
defence, such as honeypots and honeynets.
Danger in the design

Abstract: Rather than list the massive number of constantly
changing exploits, this page illustrates links that hackers use,
and that security advisors ought to be aware of. It categorises
exploits into those inherent in systems, those introduced to
systems, and those whose intention is to destroy or cripple a
system, as well as denial of service and distributed denial of
service attacks. It touches on techniques that resist exploitation.
Network defence with IDS - pros and cons

Abstract: This page discusses intrusion detection, the
signature mechanism triggered by network intrusion, the
different classes of intrusion detection system (IDS), issues
surrounding their placement and configuration, and gives
examples of how poorly configured IDS signatures can result
potentially in denial of service attacks against a company
through address spoofing.
[START]