Hack attack detection RRS feed

  • Question

  • We, at our college, are working on making an application to detect some basic attacks, by using tools such as tcpdump, nmap, netcat etc. This application checks the outputs of these tools (stored in a file -- separate file for each tool) and finds out some known attack patterns for attacks like DoS, Buffer overflow etc. and finally gives an output which a normal user can understand.

    We want our application to run on Windows.

    Pls help in finding out some known attacks or attack patterns. Any suggestion for building the application will be appreciated, too.

    Thank you.
    Sunday, March 11, 2007 11:47 AM

All replies

  • Sunday, March 11, 2007 12:12 PM
  • I don't want a software for my protection buddy, we at college r intending to build one.
    So I  need help regarding basic hack attacks etc.

    Monday, March 12, 2007 7:55 AM
  • u can learn from internet by google search they are lot of website that guide u how to protect

    for example in order to protect u email from hacker u need to do is

    the password should contain

               both lower and upper case of letter

              it should contain symbols

            it should contain number

    this like if u give the password ur email is safe from hacker



    Monday, March 12, 2007 9:44 AM
  • try to create packet receiver application, that can accept packets and analyze them. you can also create packet generator to generate packets to be sent across network.
    Monday, March 12, 2007 5:51 PM
  • @Sanket

    ya, we are actually thinking of using a packet capturing tool (like tcpdump etc.) and want to analyse its output by our application to generate an output that can be interpreted by a naive user.

    So, for this analysing process, which language do u ppl suggest???
    Tuesday, March 13, 2007 2:51 PM
  • If pattern matching is the main issue, Perl is an excellent language to do it. A Windows version of Perl is available from ActiveState, called ActivePerl. You can use it. Perl also has a lot of modules for internet and networking, so it's probable that you'll be able do the packet capturing also from within the program.

    Wednesday, June 13, 2007 5:45 PM

  • Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit or several exploits at the same time.
    Some of the Ways:

       1.Suspiciously high outgoing network traffic.
       2.Increased disk activity or suspicious looking files in the root directories of any drives.
       3.Large number of packets which come from a single address being stopped by a personal firewall.
       4.Your resident antivirus suddenly starts reporting that backdoors or trojans have been detected, even if you have not done  
          anything out of the ordinary.

     If you use UNIX machine.
     1. You can find suspicious files in /tmp folder.
     2.Modified /etc/passwd, /etc/shadow, or other system files in the /etc folder.
     3. Suspicious services added to ur /etc/services
    Wednesday, September 12, 2007 10:30 AM