No announcement yet.

Anti-hacking code

  • Filter
  • Time
  • Show
Clear All
new posts

    Anti-hacking code

    Does anyone have some code or ideas on adding anti-hacking capabilities to a server program? The router and firewall can be used, but it might
    be nice to also add some more security to the server software.
    If an IP keeps trying to force themselves in what would be the best method to handle this? Also, how easy would it be for someone to just fake a static IP address through DHCP to get past a filter?
    Note: The term anti-hacking was taken from an Abyss web server setup.

    There are two types of hacking, Network Level and Application Level hacking. Network level prevention is in place when you have a good firewall rule set and patches for the OS are up to date. Get a good firewall and let it do its job, pretending to be a firewall from your application is going to be a nightmare.

    When a request is submitted to a server via tcp ip a SYN is sent, the server will respond with a SYN-ACK, to which the client will respond with an ACK. Nothing happens until this is completed. If the client has spoofed an IP then when the server responds it will never reach the client with a SYN-ACK and consequently will the client will never send the ACK, either because it doesnt exist or it will actively refuse it.

    From you application you can simple say - if ip = x.x.x.x and it exists in my list of bad ips then close the connection.

    Application level prevention is only as good as the application itself. Depending on what it is you are writing I would have a look at OWASP.ORG and the Top Ten List. It is a list of the top 10 threats and methods to prevent them from an application level.

    Its a good place to start.
    Last edited by Thomas Tierney; 5 Sep 2008, 03:22 PM.
    Sr. Software Development Engineer and Sr. Information Security Analyst,
    CEH, Digital Forensic Examiner


      PEN Test Maybe?

      You might want to get a book on penetration testing and do a few tests to see if you have any hidden vulnerabilities. There are lots of free tools that will do a decent job.

      Be careful if you are doing this from a personal cable modem or DSL line. Your ISP may think you are a hacker yourself and shut you down.

      Man in the Middle attacks and IP Spoofing take some technical knowledge although there are lots of hacker tools that "Script Kiddies" (kids/novice hackers) can use and they don't really know what is happening.

      Lots of other brute force techniques exist like rapidly trying FTP passwords with a BOT. Intrusion Prevention Systems (IPS) can defend things like this and "black hole" an IP address for a while based on so many failed login attempts in a certain time frame. There are a few free IPS's and some very good expensive ones.

      You can do some logging with things like SNORT to see if any hacker activities are going on.

      Securty is not so much an event as it is a process. You should not rely on "Set it and forget it tools". Logging, if you review it, can keep an eye on activities and you can adapt your approach over time as you see what is going on.

      Remember --- "Locks only keep the honest people out". If somebody wants in to your server and is willing to spend the time they will gain access. The trick is to make it not worth while so they will find another easier target.

      Food for thought.
      Mark Strickland, CISSP, CEH


        Originally posted by Thomas Tierney View Post
        There are two types of hacking, Network Level and Application Level hacking.

        Far more than 2, the first and FOREMOST is pyschological hacking, it's far easier to call and pretend to be someone and get a password.

        Kevin Mitnik (Mitnick?) has good papers on that - good ways - he is the original "Hacker" as caught by the FBI, motorola, AT&T, Novell, he did it all, and got caught....

        AS for Network and application - get a copy of RETINA scanner - DOD certified, we use it - good stuff.

        Snort is an application, freeware last I checked, includes source, and it is probably the defacto standard for anti-network hacking, simply null routes (Or creates rules in a firewall) any requests that fit any specific known to mankind pattern of hacking...
        Scott Turchin
        MCSE, MCP+I
        True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi