search
HomeCommon ProblemWhat are the ways to attack local processes in Linux systems?

Linux system local process attack methods include: 1. Denial of service attack (DOS); 2. Local users obtain read and write permissions for unauthorized files; 3. Remote users obtain read and write permissions for privileged files; 4. The remote user obtains root privileges.

What are the ways to attack local processes in Linux systems?

The operating environment of this tutorial: Windows 10 system, Dell G3 computer.

What are the ways to attack local processes in Linux system?

linux system With the expansion of Linux enterprise applications, a large number of network servers use the Linux operating system. The security performance of Linux servers has received more and more attention. Here we list the Linux servers in levels according to the depth of attacks and propose different solutions.

The definition of Linux server attack is: An attack is an unauthorized behavior designed to hinder, damage, weaken, or destroy the security of a Linux server. Attacks can range from denial of service to complete compromise and destruction of a Linux server. There are many types of attacks on Linux servers. This article explains from the perspective of attack depth, we divide the attacks into four levels.

Attack Level 1. Denial of Service Attack (DOS)

Due to the proliferation of DOS attack tools and the fact that the flaws in the protocol layer targeted cannot be changed in the short term, DOS has become the most widespread and most difficult attack method to prevent.

Service denial-of-service attacks include distributed denial-of-service attacks, reflective distributed denial-of-service attacks, DNS distributed denial-of-service attacks, FTP attacks, etc. Most denial-of-service attacks cause relatively low-level dangers, and even those that might cause a system reboot are only temporary problems. This type of attack is largely different from those that want to gain network control. Generally, it will not affect data security, but denial of service attacks will last for a long time and are very difficult to deal with.

So far, there is no absolute way to stop this type of attack. But this does not mean that we should just sit back and take advantage of it. In addition to emphasizing the importance of strengthening the protection of personal hosts from being exploited, strengthening the management of servers is a very important part. Be sure to install verification software and filtering functions to verify the true address of the source address of the message. In addition, the following measures can be taken for several kinds of service denial: close unnecessary services, limit the number of Syn semi-connections opened at the same time, shorten the time out of Syn semi-connections, and update system patches in a timely manner.

Attack Level 2: A local user has obtained unauthorized file read and write permissions

A local user refers to someone who has a password on any machine on the local network. Thus there is a directory of users on a certain drive. Whether the issue of local users gaining read and write permissions to files they are not authorized to pose a risk depends largely on the criticality of the files being accessed. It is dangerous for any local user to freely access the temporary file directory (/tmp), which can potentially pave a path to the next level of attack.

The main attack method of Level 2 is: hackers trick legitimate users into telling them confidential information or performing tasks. Sometimes hackers will pretend to be network administrators and send emails to users, asking users to give them passwords for system upgrades.

Attacks initiated by local users almost always start with remote login. For Linux servers, the best approach is to place all shell accounts on a separate machine, that is, only accept registrations on one or more servers assigned shell access. This can make log management, access control management, release protocols, and other potential security issues easier to manage. The system that stores user CGI should also be distinguished. These machines should be isolated in specific network segments, that is, they should be surrounded by routers or network switches, depending on how the network is configured. The topology should ensure that hardware address spoofing cannot extend beyond this zone.

Attack Level 3: The remote user obtains read and write permissions for privileged files

The third level of attack can not only verify whether a specific file exists, but also Can read and write these files. The reason for this situation is that there are some weaknesses in the Linux server configuration: remote users can execute a limited number of commands on the server without a valid account.

Password attack method is the main attack method in the third level, and damaging the password is the most common attack method. Password cracking is a term used to describe the penetration of a network, system, or resource with or without the use of tools to unlock password-protected resources. Users often neglect their passwords, and password policies are difficult to enforce. Hackers have a variety of tools to defeat the passwords protected by technology and society. Mainly include: dictionary attack (Dictionary attack), hybrid attack (Hybrid attack), brute force attack (Brute force attack). Once a hacker has a user's password, he has many of the user's privileges. Password guessing refers to manually entering a common password or obtaining the password through the original copy of a programmed program. Some users choose simple passwords—such as birthdays, anniversaries, and spouses' names—but don't follow the rule of using a mix of letters and numbers. It doesn't take long for a hacker to guess an eight-character birthday number.

The best defense against Level 3 attacks is to strictly control access privileges, i.e. use valid passwords.

Mainly includes the rules that passwords should follow the mixed use of letters, numbers, and uppercase and lowercase (because Linux distinguishes between uppercase and lowercase).

Using special characters like "#" or "%" or "$" also adds complexity. For example, take the word "countbak", add "#$" (countbak#$) after it, and you have a pretty effective password.

Attack level four, remote user obtains root privileges

The fourth attack level refers to things that should never happen. This is a fatal attack. Indicates that the attacker has root, superuser or administrator permissions on the Linux server and can read, write and execute all files. In other words, the attacker has full control over the Linux server and can completely shut down or even destroy the network at any time.

The main attack forms of attack level four are TCP/IP serial theft, passive channel listening and packet interception. TCP/IP serial theft, passive channel listening and packet interception are methods to collect important information for entering the network. Unlike denial-of-service attacks, these methods have more theft-like properties and are more covert and difficult to detect.

A successful TCP/IP attack allows a hacker to block transactions between two parties, providing a good opportunity for a man-in-the-middle attack. The hacker can then take control of one or both parties' transactions without the victim noticing. . Through passive eavesdropping, hackers will manipulate and register information, deliver files, and find passable critical points from all passable channels on the target system. Hackers will look for the connection point between the connection and the password to identify the legitimate channel. Packet interception involves constraining an active listener program on a target system to intercept and redirect all or specific messages. Information can be redirected to an illegal system for reading and then sent back to the hacker unchanged.

TCP/IP continuous theft is actually network sniffing. Note that if you are sure that someone has connected a sniffer to your network, you can find some verification tools. This tool is called a Time Domain Reflectometer (TDR). TDR measures the propagation and changes of electromagnetic waves. Connecting a TDR to the network can detect unauthorized devices that access network data. However, many small and medium-sized companies do not have such expensive tools.

The best way to prevent sniffer attacks is:

1. Secure topology. The sniffer can only capture data on the current network segment. This means that the more granular you segment your network, the less information a sniffer can collect.

2. Session encryption. Don't worry specifically about the data being sniffed, but find a way to make the sniffer not recognize the sniffed data. The advantage of this approach is obvious: even if the attacker sniffs the data, the data is of no use to him.

Special Tips: Counterattack Measures to Deal with Attacks

You should pay special attention to attacks exceeding the second level. Because they can continuously increase the level of attack to penetrate Linux servers. At this time, the countermeasures we can take are:

First back up important key enterprise data.

Change all passwords in the system and notify users to find new passwords from the system administrator.

Isolate the network segment so that the attack behavior only occurs in a small range.

Allow the behavior to continue. If possible, do not rush to get the attacker out of the system and prepare for the next step.

Record all actions and collect evidence. These evidences include: system login files, application login files, AAA (Authentication, Authorization, Accounting, Authentication, Authorization, Accounting) login files, RADIUS (Remote Authentication Dial-In User Service) login, Network Element Logs (Network Element Logs) , firewall login, HIDS (Host-base IDS, host-based intrusion detection system) events, NIDS (network intrusion detection system) events, disk drives, hidden files, etc.

Be careful when collecting evidence: take photos before moving or dismantling any equipment; follow the two-person rule during investigations and have at least two people in information collection to prevent tampering with information; all information should be recorded Keep a record of all steps taken and any changes to configuration settings in a safe place. Check the access permissions of all directories in the system and detect whether the Permslist has been modified.

Make various attempts (using different parts of the network) to identify the source of the attack.

In order to use legal weapons to fight crimes, evidence must be preserved, and it takes time to form evidence. In order to do this, the brunt of the attack must be endured (although some security measures can be put in place to ensure that the attack does not harm the network). In this case, we not only need to take some legal measures, but also ask at least one authoritative security company to help prevent this crime. The most important feature of this type of operation is to obtain evidence of a crime, find the address of the perpetrator, and provide the logs in possession. The evidence collected should be effectively preserved. Make two copies at the beginning, one for evaluating the evidence and one for legal verification.

After finding the system vulnerability, try to block it and conduct a self-attack test.

Network security is not just a technical issue, but a social issue. Enterprises should pay more attention to network security. If they blindly rely only on technical tools, they will become more and more passive. Only by leveraging social and legal aspects to combat cybercrime can they be more effective. Our country has a clear judicial interpretation of the fight against cybercrime. Unfortunately, most companies only focus on the role of technical links and ignore legal and social factors. This is also the purpose of writing this article.

Explanation of terms: Denial of Service Attack (DOS)

DOS is Denial Of Service, the abbreviation of Denial of Service. It cannot be considered as Microsoft’s DOS operating system! A DOS attack causes the target machine to stop providing services or resource access, usually with the goal of consuming server-side resources. By forging request data that exceeds the server's processing capabilities, the server response is blocked, so that normal user requests cannot be responded to in order to achieve the attack. Purpose.

For more related knowledge, please visit the FAQ column!

The above is the detailed content of What are the ways to attack local processes in Linux systems?. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
什么是linux设备节点什么是linux设备节点Apr 18, 2022 pm 08:10 PM

linux设备节点是应用程序和设备驱动程序沟通的一个桥梁;设备节点被创建在“/dev”,是连接内核与用户层的枢纽,相当于硬盘的inode一样的东西,记录了硬件设备的位置和信息。设备节点使用户可以与内核进行硬件的沟通,读写设备以及其他的操作。

Linux中open和fopen的区别有哪些Linux中open和fopen的区别有哪些Apr 29, 2022 pm 06:57 PM

区别:1、open是UNIX系统调用函数,而fopen是ANSIC标准中的C语言库函数;2、open的移植性没fopen好;3、fopen只能操纵普通正规文件,而open可以操作普通文件、网络套接字等;4、open无缓冲,fopen有缓冲。

linux中什么叫端口映射linux中什么叫端口映射May 09, 2022 pm 01:49 PM

端口映射又称端口转发,是指将外部主机的IP地址的端口映射到Intranet中的一台计算机,当用户访问外网IP的这个端口时,服务器自动将请求映射到对应局域网内部的机器上;可以通过使用动态或固定的公共网络IP路由ADSL宽带路由器来实现。

linux中eof是什么linux中eof是什么May 07, 2022 pm 04:26 PM

在linux中,eof是自定义终止符,是“END Of File”的缩写;因为是自定义的终止符,所以eof就不是固定的,可以随意的设置别名,linux中按“ctrl+d”就代表eof,eof一般会配合cat命令用于多行文本输出,指文件末尾。

linux怎么判断pcre是否安装linux怎么判断pcre是否安装May 09, 2022 pm 04:14 PM

在linux中,可以利用“rpm -qa pcre”命令判断pcre是否安装;rpm命令专门用于管理各项套件,使用该命令后,若结果中出现pcre的版本信息,则表示pcre已经安装,若没有出现版本信息,则表示没有安装pcre。

linux怎么查询mac地址linux怎么查询mac地址Apr 24, 2022 pm 08:01 PM

linux查询mac地址的方法:1、打开系统,在桌面中点击鼠标右键,选择“打开终端”;2、在终端中,执行“ifconfig”命令,查看输出结果,在输出信息第四行中紧跟“ether”单词后的字符串就是mac地址。

手机远程linux工具有哪些手机远程linux工具有哪些Apr 29, 2022 pm 05:30 PM

手机远程linux工具有:1、JuiceSSH,是一款功能强大的安卓SSH客户端应用,可直接对linux服务进行管理;2、Termius,可以利用手机来连接Linux服务器;3、Termux,一个强大的远程终端工具;4、向日葵远程控制等等。

linux中lsb是什么意思linux中lsb是什么意思May 07, 2022 pm 05:08 PM

linux中,lsb是linux标准基础的意思,是“Linux Standards Base”的缩写,是linux标准化领域中的标准;lsb制定了应用程序与运行环境之间的二进制接口,保证了linux发行版与linux应用程序之间的良好结合。

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Best Graphic Settings
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. How to Fix Audio if You Can't Hear Anyone
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Atom editor mac version download

Atom editor mac version download

The most popular open source editor

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

Dreamweaver Mac version

Dreamweaver Mac version

Visual web development tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.