March 2006

Packet Sniffing

Q:

We recently had two sites defaced on our servers, and the perpetrators are claiming to have used TCPDump. Is there a cheap way to encrypt the data packets to ensure they can’t be sniffed? … [snipped]

– Rob

A:

The easiest way to encrypt data between you and the server is to use SSL or SSH. If you are connecting to a web server, enable SSL encryption, if you are connecting to a service that can be protected by SSL, enable it.

If you can’t use SSL encryption in your product, you can use OpenSSH for tunneling of traffic to the destination host, or use OpenVPN (SSL based) to encrypt the connection between you and the destination host.

diStorm – very quick (open source) stream disassembler

diStorm is just another stream disassembler, but… the quickest one I have ever seen and it supports AMD64. The guy (Arkon, Gil Dabah) must have no life as this thing is very good and must have taken quite some time to develop. It is open source.

It’s written in Python and available for Windows, Linux and general *nix. There is also a PE binary parsing library in the package.

Read More