Our website is a unique platform where students can share their papers in a matter of giving an example of the work to be done. If you find papers
matching your topic, you may use them only as an example of work. This is 100% legal. You may not submit downloaded papers as your own, that is cheating. Also you
should remember, that this work was alredy submitted once by a student who originally wrote it.
The paper “E-Crime - Stilliano’s Case” is a provoking case study on information technology. The first look at the case shows that there is attempted entry into the system. This could be a hackers attempt to gain entry into the system using root privileges…
Download full paperFile format: .doc, available for editing
Case study: E-Crime: Stilliano’s Case
The first look at the case shows that there is attempted entry into the system. This could be a hackers attempt to gain entry into the system using root privileges. The assumption is gotten from the vague inference into the odd entry below;
netstat stream tcp nowait root /usr/lib/netstat netstat
This is possible through various means though it was necessary to determine the exact cause of the actions. In trying to find out what would have been happening in the system, it is advisable to first look into role of the inetd function.
The inetd function, also referred to as the super server listens to various ports that are used for the internet such as POP3. The inetd concept when used as a service dispatcher is vulnerable to some insecurity concerns which seem to have been inhibited in the case mentioned here.
The /etc/inetd.conf is the default file for configuration of the super server daemon. This file is basically used for the description of all the TCP/IP daemons that are supported as well as the non standard services. There is no need for a modification of this file unless one needs to remove some definitions for the daemons or add them. This brings up the assumption that odd entries in this file system might have been a cause for alarm. The netstat command is useful in the determination of the packets that have been sent and received in a particular system.
On detection of intrusion into a system, there are several ways in which the threats can be averted
Avoid initiation of logins such as scp and initiate all traffic frfrom the personal laptop
Identify data that is critical from the LDAP database
Reinstall the compromised systems with fresh copies of linux
Lessons
One should never be complacent. Linux is vulnerable to security intrusions and to avoid this, one needs to invest a lot of time in it
One does not necessarily have to be a target that is worth a lot of interest to be attacked but the server can be used in launcjhhi9ng other attacks to various other parts
Always be conversant with the release notes for the particular vendor
Always keep updating the wares. Patching and updating servers especially those that are publicly used is of great essence
Always be aware of what services are in use and be in tally with the open ports and especially the useful open ports. One should never accept the default services without p[roper knowledge of the meaning of the default values to the firewall
It is necessary that one hires a security administrator in a company that has versatile data. This is mainly due to the important nature of data security in an organization. One should consider doing personal tests of the bugtraqs to keep updated information of the security details. Ione should also minimise access to the office servers, production servers, desktops, laptops and honey nets.
In ensuring that security is kept standard, some of the actions that should be puit in place are:
Ingress filtering as well as egress filtering
Installation of a minimal amount of package. Having some present features like gcc, perl and make work as incentives to intruders
Reduce the access rights such as pop, smtp and samba
Implement measures like LIDS, grsecurity for restriction of roots to the users
In prevention of such actions, some of the counter measures are having secure software like
GrSecurity, Tripware, LIDS
TCPdump. Netcat, Nmap
OpenSSH, Isof, lslk
Stunnel
Ethreal, Etherape, ntop, dsniff, TCT
When the machines was compromised
An intruder or a hacker do not get root level access to the machine, rather they break into. This means that they hardly install root kits. Thus, it the response team has a variety of tools already available in the machine so as to see what happened. It is easy to determine the time a user logged in and then match them with the actual users log in times. Also last gives the IP address where the user logged in from. This will give the indications of the legitimacy of the login.
Then listing of the files and directories is of great importance especially when one knows the time/date of the compromise mostly found by running Is- Lart /. When this is done, one gets a list of files and directories, and determines the folders added and/ or removed files from the system. This where the netstat comes in which will list the current listening sockets on the machine. When it is run, it gives any backdoors that are listening. In this case Stilianos checked using - netstat stream tcp nowait root /usr/lib/netstat netstat - and found out that they were not coming from any of their computers, moreover, after checking the processor utilization it was showing a 100% utilization which meant that, there were some operations in the systems which could not be traced.
According to Sep 18 02:42:54 victim rpc.statd[349]: gethostbyname error for ^X[buffer overrun shell code removed] which showed a deleted syslogfile entry, which therefore depicts that Stalions Machine which was working under linux platform was compromised on 18th semptember.
Moreover, the presence of an extra inetd means that, there were operations in the networks. This is due to the fact that inetd are daemons that manage other daemons. From the analysis, the machine was hit by the use of rpc.statd overflow. Steve then used mactime program which can give a detailed information about what happened to the files in the computers. From the report which Steve got from the program, it was clear that there are number of files which shows that the attacker logged in through talnet and began his operations. This is clear through;
Sep 20 00 15:46:05 31376 .a. -rwxr-xr-x root root
/mount/usr/sbin/in.telnetd
Sep 20 00 15:46:39 20452 ..c -rwxr-xr-x root root
/mount/bin/login
If further shows that, /dev/ttypq/ directory was created on the filesystem exactly an hour later. This was followed by suspicious files which appeared to be modified on the system. This included ipv6.0 and rc.local and rpc.status files which Steve suspected where as a result of a compromise. This was clear in the following reports;
Sep 20 00 16:49:26 446592 m.. -rwxr-xr-x root root
/mount/dev/ttypq/.../ex
Sep 20 00 16:49:45 1491 mac -rw-r--r-- root root
/mount/dev/ttypq/.../doop
Sep 20 00 16:49:46 84688 m.c -rw-r--r-- root root
/mount/dev/ttypq/.../c4wnf 446592 ..c -rwxr-xr-x root root
/mount/dev/ttypq/.../ex
4096 m.c drwxr-xr-x root root
/mount/lib/modules/2.2.16-3/net
7704 ..c -rw-r--r-- root root
/mount/lib/modules/2.2.16-3/net/ipv6.o
There were ipv6.0 module’s visible strings that were closely linked to network sockets (32411/tcp, 3457/tcp) which were earlier suspected. There are several user account names, which were said to be in a promiscuous mode which means that the Ethernet interface was authenticated a passage of all traffic which was seen in the network. In other words, it did not only allow those authorized but all and therefore allowing a compromise. This was clear in this report;
mandragoras# strings ipv6.o
. . . check_logfilter
kernel_version=2.2.16-3 my_atoi
:32411 my_find_task
:3457 is_invisible
:6667 is_secret
:6664 iget
:6663 iput
:6662 hide_process
:6661 hide_file
:irc __mark_inode_dirty
:6660 unhide_file
:6668 n_getdents
nobody o_getdents
telnet n_fork
operator o_fork
Proxy n_clone
proxy o_clone
undernet.org n_kill
Undernet.org o_kill
netstat n_ioctl
syslogd dev_get
klogd boot_cpu_data
promiscuous mode __verify_write
. . . o_ioctl
adore.c n_write
gcc2_compiled. o_write
__module_kernel_version n_setuid
we_did_promisc cleanup_module
netfilter_table o_setuid
check_netfilter init_module
strstr __this_module
logfilter_table sys_call_table
an investigation of the rc.local file, showed a change of inode. Moreover, the raed had 6.2 sytem showed that there was an addition of command script /usr/sbin/initd.
mandragoras# cat /usr/sbin/initd
#!/bin/sh
#
# automatic install script to load kernel modules for ipv6 support.
# do not edit the file directly.
/sbin/insmod -f /lib/modules/2.2.16-3/net/ipv6.o >/dev/null 2>/dev/
null
/usr/sbin/rpc.status
Read
More
Likewise, in case of a directory, the time stamp is updated when there are changes / modifications or deletion occurs within the file in that particular directory.... Andy found concrete evidence from the deleted log file entry on Stilianos system that was initially compromised on 18th September Sep 18 02:42:54 victim rpc....
The basic understanding underlining the case study is that there has been an attempted electronic crime against Stilianos.... From the case study, it can be noticed that there is a particular hub that has been invaded by whoever is behind the plot.... It is for this reason that according to the case study, two listening services on TCP ports 3457 and 32411 did not show up when viewed from within the system.... Electronic crime or e-crime basically refers to a situation whereby crime is committed by the use of technology....
The third and final tier is that of remaking as critical category, which investigates issues of reception, including audiences and institutions; the film remake emerges as a case of repetition, a function of the cinematic discursive fields that is maintained by specific practices in history.... In that case, the concept of film remaking is a common feature in the history of cinema and it entails a number of technological, textual, and cultural practices; however, film remake has since then been maintained as a separate phenomenon, yet connected....
In this case, steady employment is largely incompatible with intensive criminal activity.... This essay "How Drugs Cause Crime" focuses on the idea that drug addiction is closely connected with a crime and is a potential explanation for property crime and for violent crimes that are instrumental in some way....
In the case, the defendant is accused of possessing a computer hard drive, which number Computer Crime Defendant was put into conviction in court and tried in the United s District Court.... In the case, the defendant is accused of possessing a computer hard drive, which contained visual depiction of a minor engaged in sexually explicit conduct, and a webcam.... In the case of Acevado, the defendant was sentenced following a panel of adjudicators' trial of aiding, and producing and assisting in the creation of a visual portrayal of a minor taking part in explicit sexual behavior with materials shipped, mailed or transported in foreign commerce or expressway....
The article 'Fighting Crime case Study' pinpoints America's politics as being responsible for its weak criminal justice system.... Fighting Crime case Study The problems that accost the efforts of fighting crime are multifaceted, with some touching on the nature of criminal justice, while others are not related to the American justice system....
The researcher of this descriptive essay mostly focuses on the discussion of the topic of crimes and crime reduction in the cities.... The crime reduction strategies and methods that have and are continuing to take place will also be discussed in detail.... ... ... ... The author of this research paper analyzes the statistics of crimes....
This paper "Does Social Disadvantage Cause Crime" will focus on education, employment status, parenting, and housing as social issues to highlight their relation to crime.... Poverty happens to be the main cause of almost all social disadvantages (Saunders, Naidoo & Griffiths, 2007).... .... ... ...
6 Pages(1500 words)Literature review
sponsored ads
Save Your Time for More Important Things
Let us write or edit the case study on your topic
"E-Crime - Stilliano's Case"
with a personal 20% discount.