StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

E-Crime - Stilliano's - Case Study Example

Summary
The paper “E-Crime - Stilliano’s Case” is a provoking case study on information technology. The first look at the case shows that there is attempted entry into the system. This could be a hackers attempt to gain entry into the system using root privileges…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98% of users find it useful

Extract of sample "E-Crime - Stilliano's"

Case study: E-Crime: Stilliano’s Case The first look at the case shows that there is attempted entry into the system. This could be a hackers attempt to gain entry into the system using root privileges. The assumption is gotten from the vague inference into the odd entry below; netstat stream tcp nowait root /usr/lib/netstat netstat This is possible through various means though it was necessary to determine the exact cause of the actions. In trying to find out what would have been happening in the system, it is advisable to first look into role of the inetd function. The inetd function, also referred to as the super server listens to various ports that are used for the internet such as POP3. The inetd concept when used as a service dispatcher is vulnerable to some insecurity concerns which seem to have been inhibited in the case mentioned here. The /etc/inetd.conf is the default file for configuration of the super server daemon. This file is basically used for the description of all the TCP/IP daemons that are supported as well as the non standard services. There is no need for a modification of this file unless one needs to remove some definitions for the daemons or add them. This brings up the assumption that odd entries in this file system might have been a cause for alarm. The netstat command is useful in the determination of the packets that have been sent and received in a particular system. On detection of intrusion into a system, there are several ways in which the threats can be averted Avoid initiation of logins such as scp and initiate all traffic frfrom the personal laptop Identify data that is critical from the LDAP database Reinstall the compromised systems with fresh copies of linux Lessons One should never be complacent. Linux is vulnerable to security intrusions and to avoid this, one needs to invest a lot of time in it One does not necessarily have to be a target that is worth a lot of interest to be attacked but the server can be used in launcjhhi9ng other attacks to various other parts Always be conversant with the release notes for the particular vendor Always keep updating the wares. Patching and updating servers especially those that are publicly used is of great essence Always be aware of what services are in use and be in tally with the open ports and especially the useful open ports. One should never accept the default services without p[roper knowledge of the meaning of the default values to the firewall It is necessary that one hires a security administrator in a company that has versatile data. This is mainly due to the important nature of data security in an organization. One should consider doing personal tests of the bugtraqs to keep updated information of the security details. Ione should also minimise access to the office servers, production servers, desktops, laptops and honey nets. In ensuring that security is kept standard, some of the actions that should be puit in place are: Ingress filtering as well as egress filtering Installation of a minimal amount of package. Having some present features like gcc, perl and make work as incentives to intruders Reduce the access rights such as pop, smtp and samba Implement measures like LIDS, grsecurity for restriction of roots to the users In prevention of such actions, some of the counter measures are having secure software like GrSecurity, Tripware, LIDS TCPdump. Netcat, Nmap OpenSSH, Isof, lslk Stunnel Ethreal, Etherape, ntop, dsniff, TCT When the machines was compromised An intruder or a hacker do not get root level access to the machine, rather they break into. This means that they hardly install root kits. Thus, it the response team has a variety of tools already available in the machine so as to see what happened. It is easy to determine the time a user logged in and then match them with the actual users log in times. Also last gives the IP address where the user logged in from. This will give the indications of the legitimacy of the login. Then listing of the files and directories is of great importance especially when one knows the time/date of the compromise mostly found by running Is- Lart /. When this is done, one gets a list of files and directories, and determines the folders added and/ or removed files from the system. This where the netstat comes in which will list the current listening sockets on the machine. When it is run, it gives any backdoors that are listening. In this case Stilianos checked using - netstat stream tcp nowait root /usr/lib/netstat netstat - and found out that they were not coming from any of their computers, moreover, after checking the processor utilization it was showing a 100% utilization which meant that, there were some operations in the systems which could not be traced. According to Sep 18 02:42:54 victim rpc.statd[349]: gethostbyname error for ^X[buffer overrun shell code removed] which showed a deleted syslogfile entry, which therefore depicts that Stalions Machine which was working under linux platform was compromised on 18th semptember. Moreover, the presence of an extra inetd means that, there were operations in the networks. This is due to the fact that inetd are daemons that manage other daemons. From the analysis, the machine was hit by the use of rpc.statd overflow. Steve then used mactime program which can give a detailed information about what happened to the files in the computers. From the report which Steve got from the program, it was clear that there are number of files which shows that the attacker logged in through talnet and began his operations. This is clear through; Sep 20 00 15:46:05 31376 .a. -rwxr-xr-x root root /mount/usr/sbin/in.telnetd Sep 20 00 15:46:39 20452 ..c -rwxr-xr-x root root /mount/bin/login If further shows that, /dev/ttypq/ directory was created on the filesystem exactly an hour later. This was followed by suspicious files which appeared to be modified on the system. This included ipv6.0 and rc.local and rpc.status files which Steve suspected where as a result of a compromise. This was clear in the following reports; Sep 20 00 16:49:26 446592 m.. -rwxr-xr-x root root /mount/dev/ttypq/.../ex Sep 20 00 16:49:45 1491 mac -rw-r--r-- root root /mount/dev/ttypq/.../doop Sep 20 00 16:49:46 84688 m.c -rw-r--r-- root root /mount/dev/ttypq/.../c4wnf 446592 ..c -rwxr-xr-x root root /mount/dev/ttypq/.../ex 4096 m.c drwxr-xr-x root root /mount/lib/modules/2.2.16-3/net 7704 ..c -rw-r--r-- root root /mount/lib/modules/2.2.16-3/net/ipv6.o There were ipv6.0 module’s visible strings that were closely linked to network sockets (32411/tcp, 3457/tcp) which were earlier suspected. There are several user account names, which were said to be in a promiscuous mode which means that the Ethernet interface was authenticated a passage of all traffic which was seen in the network. In other words, it did not only allow those authorized but all and therefore allowing a compromise. This was clear in this report; mandragoras# strings ipv6.o . . . check_logfilter kernel_version=2.2.16-3 my_atoi :32411 my_find_task :3457 is_invisible :6667 is_secret :6664 iget :6663 iput :6662 hide_process :6661 hide_file :irc __mark_inode_dirty :6660 unhide_file :6668 n_getdents nobody o_getdents telnet n_fork operator o_fork Proxy n_clone proxy o_clone undernet.org n_kill Undernet.org o_kill netstat n_ioctl syslogd dev_get klogd boot_cpu_data promiscuous mode __verify_write . . . o_ioctl adore.c n_write gcc2_compiled. o_write __module_kernel_version n_setuid we_did_promisc cleanup_module netfilter_table o_setuid check_netfilter init_module strstr __this_module logfilter_table sys_call_table an investigation of the rc.local file, showed a change of inode. Moreover, the raed had 6.2 sytem showed that there was an addition of command script /usr/sbin/initd. mandragoras# cat /usr/sbin/initd #!/bin/sh # # automatic install script to load kernel modules for ipv6 support. # do not edit the file directly. /sbin/insmod -f /lib/modules/2.2.16-3/net/ipv6.o >/dev/null 2>/dev/ null /usr/sbin/rpc.status Read More

CHECK THESE SAMPLES OF E-Crime - Stilliano's Case

E-crime investigation. Security breach on a Linux Operation System

Likewise, in case of a directory, the time stamp is updated when there are changes / modifications or deletion occurs within the file in that particular directory.... Andy found concrete evidence from the deleted log file entry on Stilianos system that was initially compromised on 18th September Sep 18 02:42:54 victim rpc....
12 Pages (3000 words) Assignment

E-crime against Stilianos

The basic understanding underlining the case study is that there has been an attempted electronic crime against Stilianos.... From the case study, it can be noticed that there is a particular hub that has been invaded by whoever is behind the plot.... It is for this reason that according to the case study, two listening services on TCP ports 3457 and 32411 did not show up when viewed from within the system.... Electronic crime or e-crime basically refers to a situation whereby crime is committed by the use of technology....
10 Pages (2500 words) Assignment

The Concept of Film Remaking

The third and final tier is that of remaking as critical category, which investigates issues of reception, including audiences and institutions; the film remake emerges as a case of repetition, a function of the cinematic discursive fields that is maintained by specific practices in history.... In that case, the concept of film remaking is a common feature in the history of cinema and it entails a number of technological, textual, and cultural practices; however, film remake has since then been maintained as a separate phenomenon, yet connected....
16 Pages (4000 words) Essay

How Drugs Cause Crime

In this case, steady employment is largely incompatible with intensive criminal activity.... This essay "How Drugs Cause Crime" focuses on the idea that drug addiction is closely connected with a crime and is a potential explanation for property crime and for violent crimes that are instrumental in some way....
12 Pages (3000 words) Essay

Study Case (computer Crime)

In the case, the defendant is accused of possessing a computer hard drive, which number Computer Crime Defendant was put into conviction in court and tried in the United s District Court.... In the case, the defendant is accused of possessing a computer hard drive, which contained visual depiction of a minor engaged in sexually explicit conduct, and a webcam.... In the case of Acevado, the defendant was sentenced following a panel of adjudicators' trial of aiding, and producing and assisting in the creation of a visual portrayal of a minor taking part in explicit sexual behavior with materials shipped, mailed or transported in foreign commerce or expressway....
2 Pages (500 words) Case Study

Fighting Crime Case Study

The article 'Fighting Crime case Study' pinpoints America's politics as being responsible for its weak criminal justice system.... Fighting Crime case Study The problems that accost the efforts of fighting crime are multifaceted, with some touching on the nature of criminal justice, while others are not related to the American justice system....
1 Pages (250 words) Essay

Crimes, and Crime Reduction in the cities

The researcher of this descriptive essay mostly focuses on the discussion of the topic of crimes and crime reduction in the cities.... The crime reduction strategies and methods that have and are continuing to take place will also be discussed in detail.... ... ... ... The author of this research paper analyzes the statistics of crimes....
6 Pages (1500 words) Research Paper

Does Social Disadvantage Cause Crime

This paper "Does Social Disadvantage Cause Crime" will focus on education, employment status, parenting, and housing as social issues to highlight their relation to crime.... Poverty happens to be the main cause of almost all social disadvantages (Saunders, Naidoo & Griffiths, 2007).... .... ... ...
6 Pages (1500 words) Literature review
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us