Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
sniffers, log-clean<strong>in</strong>g scripts, and back door remote-access daemon replacements such as a<br />
modified telnetd or sshd.<br />
“The fundamental problem <strong>in</strong> detect<strong>in</strong>g rootkits is that you can’t trust your<br />
operat<strong>in</strong>g system. You can’t believe what the system tells you when you request<br />
a list of runn<strong>in</strong>g processes or files <strong>in</strong> a directory. One way to get around this is to<br />
shut down the suspect computer and check its storage after boot<strong>in</strong>g from<br />
alternative media that you know are clean, such as a rescue CD-ROM or a<br />
dedicated USB flash drive. A rootkit that isn’t runn<strong>in</strong>g can’t hide its presence,<br />
and most antivirus programs will f<strong>in</strong>d rootkits by compar<strong>in</strong>g standard operat<strong>in</strong>g<br />
system calls (which are likely to be altered by the rootkit) aga<strong>in</strong>st lower-level<br />
queries, which ought to rema<strong>in</strong> reliable. If the system f<strong>in</strong>ds a difference, you have<br />
a rootkit <strong>in</strong>fection” [A-14].<br />
A logic bomb (also known as a time bomb) is a program that lies dormant until a specified event<br />
happens or until a condition is true, when the malicious code is activated. They are especially<br />
effective when coupled with a virus.<br />
Worms and viruses are transport mechanisms for malicious code. A virus is a program that<br />
when run, <strong>in</strong>spects its environment and copies itself <strong>in</strong>to other programs if they are not already<br />
<strong>in</strong>fected, often without their users (or system adm<strong>in</strong>istrators) know<strong>in</strong>g about the <strong>in</strong>fection. A<br />
worm is a program that copies itself over computer networks, <strong>in</strong>fect<strong>in</strong>g programs and mach<strong>in</strong>es<br />
<strong>in</strong> remote locations. It primarily differs from a virus <strong>in</strong> that at does not require a human agency<br />
to activate it (e.g., a human (or a process) executes the affected program to propagate a virus, but<br />
a worm self-propagates itself).<br />
A backdoor is a mechanism for an attacker to return to the device to cont<strong>in</strong>ue to control (or<br />
attack) it once he has compromised it. One of the easiest backdoors for the attacker to add for<br />
ready future access <strong>in</strong>to a cracked Unix system leverages add<strong>in</strong>g the netcat (or nc) utility to the<br />
cracked system. Netcat is a common tool used for controll<strong>in</strong>g TCP/IP systems if it is compiled<br />
with the #def<strong>in</strong>e GAPING_SECURITY_HOLE option that is associated with its –e <strong>in</strong>vocation<br />
option. Netcat can be configured to listen on a certa<strong>in</strong> port and launch an executable when a<br />
remote system connects to that port. By configur<strong>in</strong>g a netcat listener to launch a shell for the<br />
remote attacker to use, normal security surround<strong>in</strong>g secure shell (SSH)-only remote access can<br />
be bypassed, permitt<strong>in</strong>g the attacker to have direct shell access without undergo<strong>in</strong>g SSH’s<br />
authentication mechanisms. Of course, other backdoor possibilities also exist, but this one is<br />
particularly well known. Other common backdoors <strong>in</strong>clude attacker-modified startup files<br />
(particularly rc.d), BOOTP startup files that are provided to computers via DHCP servers,<br />
regularly scheduled jobs (e.g., crontabs), and others. In fact, so many backdoors are possible<br />
that the most viable mechanism today for recover<strong>in</strong>g from be<strong>in</strong>g cracked is to restore and<br />
re<strong>in</strong>stall the OS from the orig<strong>in</strong>al media.<br />
In addition, cracked systems are vulnerable to port redirection that permits an attacker, located<br />
outside of a firewall, to access and control computers with<strong>in</strong> the firewall. Redirection works by<br />
hav<strong>in</strong>g a cracked system listen on certa<strong>in</strong> ports and forward the raw packets to a specified<br />
secondary target. In this manner, an attacker can know what is occurr<strong>in</strong>g beh<strong>in</strong>d the firewall—<br />
A-12