SECURITY BUYER'S GUIDE
Netcat: A security jack of all trades?
David Strom
06.07.2001
Rating: -4.20- (out of 5)
Netcat: A security jack of all trades?
By David Strom
Category: Network utility
Name of tool: Netcat 1.10
Company name: AtStake/L0pht
Price: Free
URL: http://packetstorm.securify.com/UNIX/netcat
Platforms supported: Windows 95/98//NT/2000/Me and various Unix
versionsf
Strom-meter:
**** = Very cool, very useful
Key features:
Pros:
A versatile toolkit that can be used to probe your network for
vulnerabilities and can serve as a foundation for network
applications testing.
Cons:
A command line tool only, you'll have to spend some time
experimenting with its many uses. Documentation is thin.
Description:
If you want to learn more about your corporation's network security
issues, probably one of the best tools to have on your hard disk is
the Netcat utility, originally developed by Hobbit for Unix and since
ported to Windows platforms by Weld.
What is Netcat? I think of it as many different things, similar to
that routine on old Saturday Night Live shows about the floor wax
that is also a dessert topping. Basically, it is a tool that can be
used to analyze various security issues about your servers, gateways
and firewalls. Netcat can also test for ways that your machines can
be exploited by hackers over the Internet. The best way to avoid
being hacked is to use some of the same tools that the bad guys use
and discover some of your network weaknesses before it's too late.
While the documentation is spotty (there are two ReadMe files, one
more complete for the Unix version and a very abbreviated one for the
Windows versions), there is enough of a cult following and plenty of
examples on various Web sites, including the links at the PacketStorm
URL above. People have developed all sorts of programs that take
advantage of its scripting capabilities, including building a
low-level Web server and client program and a way to query multiple
search engines with a single command.
Let's start off by giving you a few examples of how to use it. One of
the simplest is to perform port scans on a server that you suspect is
vulnerable. Using the command line as follows, you can scan the first
200 IP ports on machine 10.0.0.1. To scan UDP ports, you use the
second command string:
nc -v -z -w2 10.0.0.1 1-200
nc -v -z -w2 -u 10.0.0.1 1-200
But the power of Netcat goes much further than just simple scanning.
You can use it to connect to your NT or Unix servers and determine if
it can be exploited by running any executable programs on it. It can
also show the kind of information that is available to anyone with a
minimal level of sophistication. Think of it as a scriptable security
server. For example, to find out the version of your Web server
software, type the following command. Then, when you get a response
from the server, type in the second line:
nc -v example.com 80
GET / HTTP / 1.0
You might need to hit ENTER a few times, but you'll get back the IP
address and Web server version information quickly.
If you set up a pair of machines, you can use one Netcat
implementation to control another and really exercise your machine to
see if every possible back door has been locked down. You configure
the program to listen on a certain IP port and launch an executable
when a remote system connects on that port. To do this, you would
issue the first command on the machine you wish to control and issue
the second command on your local desktop. (Note that the switches are
case-sensitive, in the best of Unix traditions.) This is often the
way that many hackers get inside your systems, so it is worthwhile to
attempt to try to use this tool in this way and be better prepared.
nc -L -d -e cmd.exe -p 8888
nc 10.0.0.1 8888
Once you get started with Netcat, you'll find there are all sorts of
uses for it, including doing quick file transfers, getting hex dumps
from programs, resolving DNS addresses and more. There are several
suggestions on how to test your firewalls for source routing issues
and packet filtering that are part of the Unix's version Readme file.
Overall, this is a very useful utility, and one that you'll find new
uses for as you dig deeper into its options. It should be in every
security manager's tool kit.
Strom-meter key:
**** = Very cool, very useful
*** = Hey, not bad. One notch below very cool.
** = A tad shaky to install and use but has some value.
* = Don't waste your time. Minimal real value.
About the author
David Strom is president of his own consulting firm in Port
Washington, NY. He has tested hundreds of computer products over the
past two decades working as a computer journalist, consultant and
corporate IT manager. Since 1995 he has written a weekly series of
essays on Web technologies and marketing called Web Informant. You
can send him email at david@strom.com.
Related book
Network Security: A beginner's guide
Author : Eric Maiwald
Publisher : Osborne
ISBN/CODE : 0072133244
Cover Type : Soft Cover
Pages : 400
Published : May 2001
Summary:
Create a successful security program -- even if you're new to the
field of network security -- using this practical guidebook. You can
now get the technical background you need and have access to the best
and most up-to-date security practices -- from one resource. You'll
learn how to set up and work with firewalls, smart cards and access
controls; develop and manage effective policies and procedures;
secure Internet connections; recover from security breaches; prevent
hacker attacks and much more. You'll also gain insight into actual
program implementations in different environments -- including
ecommerce and company intranets -- through real-world case studies.
Plus, you'll get an 8-page network blueprint section for additional
visual details on proper Internet architecture, ecommerce
architecture, intrusion detection and the information security
process. If you're looking for a solid introduction to securing a
network, this is the only book you'll need.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
