Linux Scapy Guards Your Servers (part 2) - page 2
Building a Scapy Toolbox
Much of the discussion to this point has been defensive in nature. One way to go on the offensive is to generate traffic targeted at specific hosts to see what happens. This type of activity falls into the intrusion detection (ID) category. There are many commercial and open source tools that will perform this task but so will Scapy. See the secdev.org website for a good paper on how to use Scapy for this type of task.
dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff")/ IP(src="0.0.0.0",dst="255.255.255.255")/ UDP(sport=68,dport=67)/ BOOTP(chaddr=hw)/ DHCP(options=[("message-type","discover"),"end"]) ans, unans = srp(dhcp_discover, multi=True)
You could test these two lines out using the Scapy interactive prompt or incorporate into your own tool. What you should see as a response will be every Mac and IP address that identifies itself as a DHCP server. If you don't recognize any of the addresses, you may have a rogue DHCP server on your network. The Scapy wiki has a number of other examples of offensive tools that are worth your time to explore.
This article really just touches the surface of what you can do with Scapy. Hopefully, it will give you enough information to get started. Waiting until you have a problem to learn what to do about it is never a good idea.
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.
- 1Linux Top 3: CoreOS, Oracle Enterprise Linux 7 and Ubuntu 14.10
- 2Linux Top 3: Debian Dumps SPARC, Ubuntu Takes Over Linux 3.13 and the Core Infrastructure Initiative
- 3Linux Top 3: Fedora, Ubuntu and Gluster Lose Community Leaders
- 4Red Hat Enterprise Linux 7 Finally Hits the Big Time
- 5Linux Top 3: Tails 1.0, OpenMandriva Lx 2014.0 and Debian 7.5