January 03, 2001, 2:05 PM — For about a year now, I've been nodding my head wisely whenever anyone mentions Linux. I have sagely agreed with people that yes, it's definitely a viable commercial operating system; yes, it obviously beats Windows hands down in so many areas; yes, it clearly has so much potential; and so on. Recently, I decided it was time I installed Linux and actually saw it run.
Well, I finally did it, though in the end, I installed it about 10 times because things kept going wrong. Admittedly, some of these errors were due to crass mistakes on my part, but it was still a difficult process.
Most of the mistakes were caused by trying to install Windows 2000 and Linux on the same machine. People have told me that its possible to do it, but in practice, the resulting mess was beyond the abilities of even our resident Linux expert to sort out. I got to the marvelous stage where my machine would power up, check its memory, start loading Linux, display a few dots on the screen and then reboot itself and repeat the process in an infinite loop.
Tools of the Trade
I've been trying to install Linux because more and more hacker tools seem to be available for it. The combination of power, flexibility and the open-source community seems to be very attractive to hackers. Web sites such as the Nomad Mobile Research Centre and Securify Inc.'s Packet Storm regularly offer new Linux tools. I want to be able to try these tools and see what they can do, just so I can keep an eye on new developments and find out how others could see our network.
So far, I've downloaded five tools: Firewalk, Nmap, Sniffit, Swatch and Tripwire. All are publicly available.
Firewalk was designed to determine what filtering rules your firewall uses and to map the network beyonnd it. Firewalk is a means of finding what holes already exist in firewalls to allow authorized traffic; an unauthorized attacker could potentially take advantage of this information to gain access through the firewall. The tool was written by someone who delights in deconstructing systems to find out more about them.
Firewalk is a classic example of a "white hat" hacker tool, because it's designed to provide information; it's based on an elegant exploitation of the way another tool (Traceroute) works; and most important, the author provides a detailed explanation of what Firewalk does, how it does it and how to stop it.
Nmap is a network-mapping tool that's very similar to some of the basic functionality of Internet System Scanner from Atlanta-based Internet Security Systems Inc. (ISS). Nmap runs a ping scan of the local network and then runs a port scan and TCP/IP fingerprinting on any hosts on that network.