Professional Documents
Culture Documents
Introduction
Operating Linux 2.6 on Virtual Machine can be input with OVF save file (open virtualization format).
SASL
Authorization method for defining remote user who and to send mail through mail server with
username and password for security protocol.
Set up SASL
Assuming the setting for the Mail Host is correct, the configuration file and name is directly referred to
the related sections with MailHost.
To configuration SASL, firstly add “/etc/postfix/main.cf”, this line can be add anywhere although it is
suitable to write under “### smtpd directives” as shown in the screenshot below.
Postfix SASL
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
Enter two following line next to this file above “smtpd_recipient_restrictions =”
permit_mynetworks
permit_sasl_authenticated
SNA
Configure “/etc/dovecot/dovecot.conf”
Simply add from “adduser” with command. Step by step input the following to create user.
First of all copy the dhcpd.conf from “/user/doc/dhcp-4.1-ESV-R7/examples” to “/etc/” unless the
existing file in “/etc/” is empty.
Dhcpd.conf
Starting dhcpd
SNA
Binding can have error like libxml.so.2 missing. Then, it need to install with this command “lmz2dir
libxml2-2.7.6.lzm/”
SNA
Snort
“Snort is an open source network intrusion detection system (NIDS) created by Martin Roesch. Snort is
a packet sniffer that monitors network traffic in real time, scrutinizing each packet closely to detect a
dangerous payload or suspicious anomalies” (searchmidmarketsercurity.com)
“libcap” which is a common library form known for developing Snort, popular tool which is widely by
TCP/IP network technicians. Using snort can provide the detection mechanism, such as stealth port
scans, buffer overflow, DNS, DDos and SMB intrusion methods. Snort has real-time alert and activity log
file system to record all the suspicious activities.
Usually snort can be setup in Gateway for traffic control which other servers are passing through
Gateway.
Snort installation need TinyNetConfig iso which can download from MyTiny.net.
First Go to CD directory with cd/mnt/hdc and use /SetupMenu to start the snort installation. Select the
last option, install other packages as well and mainly select “Snot”.
It can easily edit, rename and remove the extension from this directory.
Renaming process
SNA
Configure /etc/snot/snort.conf
Don’t forget thatsnort.conf is control all the rules and only these rules can available in /etc/snort/rules.
So in snort.conf, find the line name “output alert_syslog: LOG_AUTH, LOG_ALERT”. Change it with
output alert_syslog: LOG_LOCAL6LOG_ALERT”
Configure /etc/syslog.conf
Find the Snort location of the snort.conf and also the location of log file.
Use “snort-c /etc/snort/snort.conf –l/var/log/snort”, it will run in background as daemon, we can use
htop to check the running state.
Next, enter “snort –D-c /etc/snort/snort.conf –l/var/log/snort”, it will view the “Snort” running as
daemon as follow diagram.
SNA
Note: libmysqlclient.so.15 is not found can occur. Check the mysqul-5.0.67-client.lzm and find the
missing file with WinRAR or other file extractor. Usually it is in user library.
Again, find the /usr/lib , there is @libncurses.so. Press F9>file>edit sYmlink. Repeat for the
/usr/lib/mysql/.
Using hping2
Can add “other rules” from /etc/rules or etc/snort/rules depend on the configuration.
“alert tcp any any> any any (msg:”SYN FLOOD for SNA ASSIGNMENT”; flag:RA;
sid:10001;)”
Record alert is in snort.log located in /var/log/. To start attack, follow this command “ hping2 -c 10000
-d 120 -S -w 64 -p 21 --rand-source 192.168.1.25” format in: name of application binary,
SNA
number of packet send, size of packet, sending SYN packet, TCP window size, Destination port,
Source IP address, Destination IP address.
Sending hping2 SYN flood from Webserver with random source IP to Gateway.
References
“TCP SYN flood DOS attack with hping” (2011) by Silver Moon, [Online] Available at :
http://www.binarytides.com/tcp-syn-flood-dos-attack-with-hping/
“Denial of service attack-DOS using Hping3 with spoofed ip in KALI linux” [ONLINE] Available at :
http://www.blackmoreops.com/2015/04/21/denial-of-service-attack-dos-using-hping3-with-spoofed-ip-
in-kali-linux/
“Linux DNS server setup - Install and configure BIND in Slackware | Linux basic configurations” (2009) by
JINLUSUH, [Online] Available at: http://www.basicconfig.com/slackware_linux_dns_server_setup
[Accessed at 26 May 2015].