Monthly Archives: March 2006

Packet Sniffing

Q:

We recently had two sites defaced on our servers, and the perpetrators are claiming to have used TCPDump. Is there a cheap way to encrypt the data packets to ensure they can’t be sniffed? … [snipped]

– Rob

A:

The easiest way to encrypt data between you and the server is to use SSL or SSH. If you are connecting to a web server, enable SSL encryption, if you are connecting to a service that can be protected by SSL, enable it.

If you can’t use SSL encryption in your product, you can use OpenSSH for tunneling of traffic to the destination host, or use OpenVPN (SSL based) to encrypt the connection between you and the destination host.

diStorm – very quick (open source) stream disassembler

distorm is just another stream disassembler, but… the quickest one i have ever seen and it supports amd64. the guy (arkon, gil dabah) must have no life as this thing is very good and must have taken quite some time to develop. it is open source.

it’s available for windows, linux and general *nix. there is also a pe binary parsing library in the package.

distorm64 is an amd64 disassembler, which is the first open source disassembler library for amd64 out there, licensed under the bsd license.

distorm is a binary stream disassembler. it’s capable of disassembling 80×86 instructions in 64 bits (amd64, x86-64) and both in 16 and 32 bits. in addition, it disassembles fpu, mmx, sse, sse2, sse3 and 3dnow! (w/ extensions) and new x86-64 instruction sets. distorm was written to decode quickly every instruction as accurately as possible. robust decoding, while taking special care for valid or unused prefixes, is what makes this disassembler powerful, especially for research. another benefit that might come in handy is that the module was written as multi-threaded, which means you could disassemble several streams or more simultaneously.
for rapidly use, distorm is compiled for python and is easily used in c as well. distorm was originally written under windows and ported later to linux.

http://www.ragestorm.net/distorm/

a similar disassembler was recently released by piotr bania, called disit. also very good but my personal preference is distorm. disit is also still in beta.

gadi evron,
ge@beyondsecurity.com.