Linux Scapy Guards Your Servers (part 2) - page 2
Building a Scapy Toolbox
Much of the discussion to this point has been defensive in nature. One way to go on the offensive is to generate traffic targeted at specific hosts to see what happens. This type of activity falls into the intrusion detection (ID) category. There are many commercial and open source tools that will perform this task but so will Scapy. See the secdev.org website for a good paper on how to use Scapy for this type of task.
dhcp_discover = Ether(dst="ff:ff:ff:ff:ff:ff")/ IP(src="0.0.0.0",dst="255.255.255.255")/ UDP(sport=68,dport=67)/ BOOTP(chaddr=hw)/ DHCP(options=[("message-type","discover"),"end"]) ans, unans = srp(dhcp_discover, multi=True)
You could test these two lines out using the Scapy interactive prompt or incorporate into your own tool. What you should see as a response will be every Mac and IP address that identifies itself as a DHCP server. If you don't recognize any of the addresses, you may have a rogue DHCP server on your network. The Scapy wiki has a number of other examples of offensive tools that are worth your time to explore.
This article really just touches the surface of what you can do with Scapy. Hopefully, it will give you enough information to get started. Waiting until you have a problem to learn what to do about it is never a good idea.
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.
- 1Linux Top 3: GNOME 3.12 and New Betas for Ubuntu 14.04 and OpenMandriva Lx 2014.0
- 2Linux Top 3: Linus Lashes out, Linux 3.14 Gets PIE and Ubuntu One is Done.
- 3Linux Top 3: Ubuntu 14.04, Debian Gives Squeeze More Life and Red Hat Goes Atomic
- 4Linux Top 3: RHEL 6.5, Debian 7.2 and EOL for Linux 3.0.x
- 5Linux Top 3: CoreOS, Oracle Enterprise Linux 7 and Ubuntu 14.10