Local Area Security Linux 0.4a

Anonymous Coward writes "Local Area Security Linux is a small 'live CD' distribution based on Knoppix that aims at being less than 185MB so it will fit on a MiniCD. It is now 107MB with FluxBox as the window manager. It contains about 100 security (forensics, penetration testing, firewall, intrusion detection, etc.) tools including Ethereal and Nessus. See a screenshot here."

Re:my favorite part:

[v_1_r_u_5]

That's really strange.. this was supposed to be posted to a different story.

Torrent file

[DJFelix]

Click here for a torrent of the .04a ISO image.

Enjoy!

Re:Torrent file

[ModernGeek]

I'm only getting .7 KB/sec from it, what is everyone else getting?

Re:Torrent file

[DJFelix]

I'm currently the only seed and my upload speed is pegged out at 390KB/s. I'm sure it'll pick up.

Re:Torrent file

I'm getting about 3kb dl 2kb ul. It will pick up if more people help. Even if your not going to use it help someone who IS!

Re:Torrent file

[numatrix]

Please, PLEASE folks, use the torrent. My desktop is one of the mirrors, and I suddenly noticed about 9Mb/s started flowing and couldn't figure it out. I joked to my officemate that one of the isos I was hosting musta been /.'ed. Then I thought about it and, well, yeah, it was.

Re:Torrent file

just wait until Michael posts the BT link to the article... then it will pick up.

Re:Torrent file

[TedCheshireAcad]

I've said it before, and I'll say it again...

BitTorrent is teh rox0r.

296k/sec down, 135k up

sorry about the leetspeek.

Re:Torrent file

[Darth_brooks]

I used one of the euro FTP's and had the file in an hour or so. I've got it torrent'd now, every little T1 helps. Spiking at 60 and 70k up, averaging 8-12.

If you've got the full version, put it on torrent anyway. share files that aren't copyrighted for once.

Re:Torrent file

[SquadBoy]

Are you behind a firewall?

Re:Torrent file

[wavelet]

make sure you port forward inbound TCP/6881 (and higher if you have multiple bittorrent windows open).

Since tcp is bidirectional, you're going to upload and download from any open tcp stream to other peers/seeds. Allowing inbound connections allows you to connect to more peers, which should allow your bittorrent client to pick from a great number of peers/seeds. In other words you'll get faster download speeds.

It should speed up once you start uploading and when you start accepting inbound connections.

Re:Torrent file

[bn557]

does somone have a torrent of the site with the torrent on it? I seem to be having troubles connecting.

Pat

Re:Torrent file

[suwain_2]

Lemme post a quick reply -- I never got BT to work, and figured I'd just download from the mirrors. I got sick of 30 KB/sec, an got BitTorrent to work. I'm at 147 KB/sec and rising. (And as a sidenote... You'll be alleviating the huge load on the mirrors, as well as helping your fellow /.ers.)

Don't do it because of the pleas from the mirror operators -- do it to get a faster download. :)

Re:Torrent file

[suwain_2]

I had no trouble, but I copied it to my site. http://n1zyy.com/l.a.s_0.4a_MAIN.iso.torrent (BTW, never thought I'd say this, but mods, please don't mod this up. I'd prefer to not get slammed with hits.)

Security?

[willy134]

So is this a security or hacking cd? Seems like some good tools to me.

Re:Security?

[ChiefArcher]

I think the authors intent was that of a security CD.. more or less to scan your network for "issues".

But.. it can be used for the powers of evil.
so more or less, in the US he would be found guilty of releasing hacking programs to the world.. :(

ChiefArcher

Re:Security?

[Frymaster]

But.. it can be used for the powers of evil.

of course! tools are value-neutral - it's intent that makes something good or evil. a gun can be used to do good, a pillow can be a weapon of murder.

now what we really need is /dev/intent

Re:Security?

[goranb]

This is the same as asking whether a knife is for use in the kitchen or for cutting up my neighbour...
Most tools we use in everyday life can be used for evil, and so can most security tools out there... Thats the way it is...

Re:Security?

[duffbeer703]

I understand that hacking tools don't kill people, people kill people... But what about the children?

Re:Security?

Yeah I know, they kill people too...

Re:Security?

[ichimunki]

It's obvious from the desire to keep it on a "mini CD" that this is meant for clandestine activity. Any legitimate user of "security tools" wouldn't mind simply using a regular sized CD. :)

Re:Security?

[prichardson]

>a gun can be used to do good

If you exclude protection from enviroment (killing an animal because it wants to eat you, something that will not be any concern to 99.99% of people) the only good a gun can be used for is to prevent evil caused by guns.

Your analogy holds up though because all of these tools would not need to exist if people didn't create tools to crack into peoples computers and mess things up.

Re:Security?

[Xerithane]

I understand that hacking tools don't kill people, people kill people... But what about the children?

If you think about the children, the terrorists have already won in this Post September 11th world and in Soviet Russia the children care about you.

Re:Security?

[Hitiek]

Or they desire for it to fit on one of those CDs that fit inside your wallet so a legitimate user can have it with them wherever they go.

Re:Security?

[bhtooefr]

Wrong. A gun can be used to prevent evil caused by knives/swords/large objects/etc.

Re:Security?

[RancidBeef]

If you like target shooting, then shooting can be used to reduce stress, which is good.

Re:Security?

So what you're saying is, Indiana Jones should have just shot at the large boulder that was going to smush him.

Re:Security?

[RancidBeef]

And hacking up people usually kills them. The children usually taste better with ketchup.

Re:Security?

[Unregistered]

These tools need evil bits.

Re:Security?

[wirelessbuzzers]

Adding to the litany of bad "people kill people" jokes:

Hacking tools don't kill servers, malformed packets kill servers.

Guns don't kill people, bullets kill people.

Guns don't kill people, I kill people >:-)

Re:Security?

[thetamind_pyros]

Oh, trust me, its a hacking CD. Hackers always use miniCDs. They just look cooler than full sized CDs.

I can see it now... In Matrix3, Trinity pulls out a miniCD and holds it in front of the camera. The shimmering glow of the miniCD sends awwws through the audience. Trinity inserts the miniCD and..

L.A.S now booting...

appears on the screen. A couple hard core geeks stand up and cheer.

Could you see that scene done with a full sized CD? No, it just would not be as cool.

Re:Security?

[alib001]

Or they want to put the CD on a gold chain and wear it as a medallion... bling!

Re:Security?

[Jaffa]

I think the authors intent was that of a security CD.. more or less to scan your network for "issues".

In a different, but similar, vein I'm trying to get <plug>Salvare</plug> to be a generic system rescue CD/workstation in less than 34MB (the size of the credit-card CDs I've got).

The small space isn't so much of an issue given that you can apt-get install foo into RAM and so install new software on the fly without having to even mount the hard disk!

It's only at 0.1.1 atm, but further testers and suggestions would be welcome ;-)

maybe I missed it but,

[justMichael]

How do you deal with the weekly Nessus plugin updates? Do you have to d/l and burn a new disk every week or two?

Re:maybe I missed it but,

[anno1a]

With it being based on Knoppix, which is based on Debian, I'm sure a simple procedure of apt-get update, apt-get dist-upgrade could be implemented, installing all (or better, only selected vital-for-security-checking) updated programs onto a RAM-drive.

Re:maybe I missed it but,

[Jeremiah+Cornelius]

You run "nessus-update-plugins", which pop th elatest and greatest to your ramdisk.

Same as Knoppix.

No big deal, losing these between boots. The 2200+ vulns on the CD are fine to begin with AFAIC.

Re:maybe I missed it but,

It seeems that if he is releasing them once a week anyway. On their frshmeat page (http://freshmeat.net/branches/42827) it was less than a week between. On his site he states the next will be this weekend or middle next week at the latest. He would be running the update for nessus before compressing the filesystem. . .

Sometimes the child in me wins ...

[JSkills]

"penetration testing" with FluxBox?

Sounds like futuristic porno rather than Unix security.

Sorry. That was not funny and clearly off-topic. Mod me down :-(

Re:my favorite part:

[Aliencow]

Gives a new meaning to moderators on crack and not reading the article doesn't it ?

Usefull

[silas_moeckel]

I dont know it realy looks like a toy to throw in and boot up some lab machine without leaving many traces. Most people I can think that need this allready have linux on a laptop for this function or are running windows equivialants.

Maybe it's a good giveaway for consultants to throw a little knoledge at the clients let them get scared and then do a real audit?

Re:Usefull

[tbdean]

I always thought a Linux bootable CD would be great at Best Buy. Throw the CD in, reboot, and then ask the sales rep to come over and show you how to get around "this new version of Windows."

Re:Usefull

[silas_moeckel]

But do you realy want to scan the network at best buy? All those vulnerable windows boxes.

Re:Usefull

[Darth_brooks]

Knoppix was great for my last trip to best buy. I threw it in a couple of laptops to make sure i wouldn't be buying into a hardware nightmare. Of course I couldn't seem to flag down a sales person actually willing to sell me the item, and once I finally recieved assistance I was told they were out of stock.

Circuit city appriciated the business I gave them though, and they knocked some money of the price of the laptop (they weren't offering the same credit terms). YMMV, chain retail stores are a crap shoot.

Re:Usefull

[Mitchell+Mebane]

I usually bring a few Knoppix CDs when I go to my local Sam's Club. Wait till no employees are around, throw them in the CD drives, and reboot.

I've never bothered a tech about it before, though. :P

Re:Usefull

[hplasm]

But do you realy want to scan the network at best buy? All those vulnerable windows boxes.

Hmm. Yeesss!

I likes it...

New feature request

[Doesn't_Comment_Code]

...All on 1 miniCD. That sounds very convenient.

I request that the next feature to develop is an option where you just wave or shake the miniCD at the computer to remedy any problems. This would alleviate the hassle of putting the miniCD into the tray and running it.

I am a big fan of easy to use diagnostics/repair utilities. This sounds very good, and with just this one final tweaking, I think it will be perfect.

Re:New feature request

My god, you are funny you know.

Re:New feature request

[Kadagan+AU]

Well, I've got one more feature to ask for, while we're asking. I want more games on it. It doesn't have enough (any?). I want it to have the full version of Neverwinter Nights (plus expansion) or it, as well as Unreal Tournament 2003 for when I feel like fragging. It still needs to fit on the mini-cd that you just wave in front of the computer though ;)

Re:New feature request

[Jerf]

I request that the next feature to develop is an option where you just wave or shake the miniCD at the computer to remedy any problems. This would alleviate the hassle of putting the miniCD into the tray and running it.

Sounds like a great Open Source project to make your fame with. Please make it RFC 2321 compliant.

Standards are very important, after all.

Re:New feature request

[snillfisk]

while the "minicd"-requirement may seem a bit stupid (hey, you could just use a regular cd, right?) .. it fits just perfectly on a 128MB flash / smart media card -- perfect for that laptop without a harddisk.

there's a few other distros aiming for this, but mostly it tends to blow into giant proportions when it comes to the size requirement of an installed system :/

No Damn Blaster...

[Captain_Loser]

Now, how many tools like this do you see for a windows, or any closed source environment. Its tools like these that keep linux away from crap like this balster worm. Linux isn't perfect, but it learns from its mistakes, thats what makes it superior to and closed source software

Re:No Damn Blaster...

[frovingslosh]

Now, how many tools like this do you see for a windows, or any closed source environment.

Actually, there are a number of tools for windows. Even ethereal is available for windows and works pretty well on it. Part of the problem is that you can't legally make and redistribute a CD that will boot and run windows from CD, so there would be no good way to set up windows with everything that needs installed and run these types of applications from CD, even if you had windows on the computer (plus not being able to plan for what flavor of Windows you had). And while there are a lot of good tools to do these things under windows, and most or all of what is on this CD is open source and certainly could be ported to windows, the people making these tools simply prefer Linux and put them there first. But the tools do exist under windows.

Re:No Damn Blaster...

[1lus10n]

well the distro itself is a major utility, and that cannot be ported to windows.

you got one thing right, windows cannot be made (legally) to do this since it doesnt boot from CD with the applications ready to run. hell i doubt as if you could get windows with the same programs onto a mini-CD.

Re:No Damn Blaster...

[bhtooefr]

Windows 95 fits in under 4MB. There was an article on a 4.47MB distro, but right after that the one I mentioned appeared.

Re:No Damn Blaster...

[1lus10n]

while i would conceed that the older unsupported, very buggy versions of windows MIGHT fit onto a mini-cd i dont see how XP or 2000 with a UI, and all of the dependancies for the tools that would need to be included would fit onto a mini-CD.

Re:No Damn Blaster...

[bhtooefr]

2000 could. Strip all of the options and it'd be 750MB. Somehow strip IE and use LiteStep then you could fit lightweight tools on.

Re:No Damn Blaster...

[frovingslosh]

while i would conceed that the older unsupported, very buggy versions of windows MIGHT fit onto a mini-cd i dont see how XP or 2000 with a UI, and all of the dependancies for the tools that would need to be included would fit onto a mini-CD.

And Red Hat 9.0 will not fit on a 1.2 Gigabyte hard drive with the GUI (when installed right from the Red Hat install CD's)! So what's your point?

Re:No Damn Blaster...

[Gyorg_Lavode]

The point is that with linux, you can strip off the fat, not just use something out of date. I assume this distro is built on Knoppix 3ish which is up-to-date software. A better comparison would be to windowsXP embedded.

Re:No Damn Blaster...

[1lus10n]

mini-CD's (which is what we are talking about) are 185MB .....

Re:No Damn Blaster...

[bhtooefr]

Of course, XP Embedded can go down to 50MB... enough for a business card CD.

live CDs are nice

[Dark+Lord+Seth]

Live CDs like knoppix are all very lovely but when's the day that I can roll out my own live CDs without TOO much effort? Just select the packages you want, kernel, drivers, etc, wait as the program churns out a nice ISO for you which you can burn to a CD and voila, insta-Linux! Now that would seriously rock as you can simply modify all the basics as you see fit and can easily alter the whole deal for bugfixes.

Re:live CDs are nice

[caudron]

"when's the day that I can roll out my own live CDs without TOO much effort? Just select the packages you want, kernel, drivers, etc, wait as the program churns out a nice ISO for you which you can burn to a CD and voila, insta-Linux!"

When? Today.

What you just described is what Gentoo is about entirely. Gentoo fanaticism aside, if that's what you want, then you should look into it.

-Tom

Re:live CDs are nice

[martman00]

That would be nice. Which Gentoo would try something like that :) Any developers reading this?

Re:live CDs are nice

You can now.

Check out Morphix. It's a distro based on Knoppix, but modularized. There are small versions (that will fit on a mini-CD) as well as "fat" versions (with all the bells and whistles).

It's designed so that you can choose the features you want, add additional software, and burn a custom CD. Not quite turnkey, but quite doable with a little effort.

Re:live CDs are nice

[Dark+Lord+Seth]

Gentoo would be a nice thing for this, I suppose. Personally I'd rather have RPM or DEB package system but the Gentoo would work nicely as well I presume. There's going to be some friction here again as not everyone likes the Gentoo system as much as others. (which makes sense, glibc is a monstrousity, though this is not Gentoo's fault.) Then again, there are more opinion on this matter then just mine and I'm open to any ideas :P

Re:live CDs are nice

[Lenbok]

That's the gist of the LNX-BBC. It has a very cool package building system called GAR. See the lnx-bbc website

Re:live CDs are nice

[Kadagan+AU]

Along these same lines, but far more specialized, is MoviX, which allows you to customize it with any media files you like, then burn a liveCD that will play your movies/music on most any computer. I really love all these great innovations coming out these days! Another cool feature with MoviX, depending on the version you download, is that it can load the entire OS into memory, then you remove the disk and put a dvd in the drive to watch. fun times! =D

Re:live CDs are nice

[Cyno]

I want a live CD that has the option to run off a RAM drive, update itself by downloading the source files on the web, compile, install, etc. Then has the option of burning the whole updated OS back to another live CD for further propogation.

Another idea would be to have a distro that scans all the systems on your subnet and offers you a nice GUI to supply passwords so it can use to hack, steal their apps, use their bandwidth, and make them your bitches, etc.

I rather enjoy the thought of hostile operating systems that take what they want and give nothing in return.

Re:live CDs are nice

[genevaroth]

morphix.org is coming out with that- see the wiki on the side of the site to get there.

Re:live CDs are nice

[ahfoo]

Wow, there's so much going on in LiveCDs these days. I'm terribly impressed. I use Morphix as a router with almost everything running out of RAM and I love it, but there's so many different versions coing out these days I don't have time to try them all. It sure is cool though. I'm going to check out this MoviX in addition to this LASL I'm downloading.

Re:live CDs are nice

[zapp]

(disclaimer: i've never used Gentoo, this is all just from what i've read about it)

Isn't Gentoo compiled specifically for your machine, with all sorts of optomizations and such? Doesn't that contradict the concept of burning a cd that can run on (almost) any system?

Re:live CDs are nice

[zapp]

I rather enjoy the thought of hostile operating systems that take what they want and give nothing in return.

Here ya go!

Re:live CDs are nice

[jafiwam]

Not that I know anything about it (still playing with Knopppix) but there is Debian based Knoppix like thing that lets you customize the CDs first.

Again, not that I have tried it. Here's a link:

Morphix

Re:live CDs are nice

[Cyno]

Haha! That's a classic. :)

Re:live CDs are nice

[bn557]

well, yeah, sort of. you have to SET the optimizations. so if you set -mcpu=i486, you won't run into problems. if you set -march=athlon-xp, you might run into problems.

Pat

Re:live CDs are nice

[Namaseit]

Actually i use lnx-bbc for all my recovery, format, etc. It has every tool possible including X. I have it on a mini-cd and carry it around with me most of the time. In fact I carry it so much its like my phone, I dont leave home without it.

Re:live CDs are nice

[mhesseltine]

Isn't Gentoo compiled specifically for your machine, with all sorts of optomizations and such? Doesn't that contradict the concept of burning a cd that can run on (almost) any system?

Typically, yes, Gentoo is compiled for your machine. However, nothing prevents you from setting the architecture to i386 and making a universal system. Gentoo is almost a "meta" disto, in that you could use it to build a secure distro, web server only distro, desktop system, etc.

And of course, since it's open source, it doesn't cost anything more than a little of your time to try it out.

Re:live CDs are nice

[frostman]

I think the parent poster means something a little more like the way the Cygwin installer works, not just the option to roll your own if you know what you're doing.

I agree that would be super cool. I've thought about rolling my own with Morphix, aimed at apache/perl/postgres development with minimal CD access (ie, cooler laptop). But it seems like a big project and I haven't got time.

So, Dark Lord Seth, here is your opportunity for fame and/or Profit!

Make such a critter.

Better yet, make the "Custom Live Linux Maker" live on a miniCD itself, fetching the required packages from Debian or wherever, storing everything in an approved space on the local HD, and burning a nice CD at the end.

Re:live CDs are nice

[FeeDBaCK]

emerge livecd-ng

You now have all the scripts used to create a LiveCD. Simply configure it how you want and tell it to build. Once it is done, you have a CD with exactly what you want on it.

slashdottedly slashdotted

[saskwach]

We need a modification of the robots.txt file standards to indicate that major pages like slashdot should not link here.

Re:slashdottedly slashdotted

this doesnt even make sense. you can't prevent one site from linking to another with anything at all. nevermind robots.txt

Re:slashdottedly slashdotted

It does if you read robots.txt before slashdotting...I wasn't saying that file in particular, just some method for telling people to not slashdot/lotd a site. If we have a slashdot.txt and respect it, we'll have fewer small servers getting fried from 1 post. And yes, I realize that this is a distro launch, and they should have been prepared for it (mirrors, etc).

Re:slashdottedly slashdotted

I submitted an idea like this to /. a long time ago, but it was rejected.

Re:slashdottedly slashdotted

Any amount of respect given to robots.txt or slashdot.txt will be abused. robots.txt is just a method for certain content controllers (like the nytimes) to attempt to to distribute information allong with a control of it's use. It should be honored when reasonable for technical reasons and ignored otherwise, like the X-noarchive flag.

A slashdot.txt file would provide a handy flag for a mirroring engine that would sweep the net, pulling in the small sites and automatically providing the mirror when the link appeared on slashdot.

Re:slashdottedly slashdotted

[Durin_Deathless]

How about a slashdot.txt file which can ask for mirrors(so that an automated mirror-maker could be set up), ask not to be linked to, or ask that mirrors _not_ be made, or even provide a list of mirrors?

Re:slashdottedly slashdotted

[lucifuge31337]

Ummm...you just don't allow *.slashdot.org as a valid referrer. Any real web server already can tell you the referring URL.

Re:slashdottedly slashdotted

[budcub]

Just run Apache with Linux and you wont have to worry about slashdotting, its so powerful. According to the release notes in Apache, a Pentium 133 can saturate a 10 megabit pipe serving static webpages.

Re:slashdottedly slashdotted

Here's why that doesn't work:

I run apache on GNU/Linux off my 1.5 Mbit ADSL. Sure, my 1.4GHz Athlon can handle saturating the 285k or so of upstream...I just don't want it saturated. That, and my ISP is not going to be happy with me. Also, many people pay for overage bandwidth on colocated web servers.

Re:slashdottedly slashdotted

[suwain_2]

That's rather nieve. A well-tuned version of Linux probably could. But we've seen machines far more powerful than a P133 running Apache go down.

Plus, fairly often, the problem is bandwidth being exceeded and not the machine.

This is nothing new...

Knoppix-STD has been out for over 2 months. Lame.

Re:This is nothing new...

[core+plexus]

I was wondering how this compares to Knoppix STD, which I run from time to time.

The Knoppix STD (Security Tools Distro) ISO is about 612MB. So it would appear this one is much smaller. I'm going to try it out when the traffic dies down.

-cp-

Re:my favorite part:

Some script kidie downloaded this new fangled "security-disguised" Linux distro called L.A.S. He then used it to scan for exploits on slashdot.org and made posts get routed to different stories.

He then screamed: | 4|V| l337. j00 s|-|0ulD ph34r m3.

Fluxbox

[Blangopolis]

The window manager that LAS is using, fluxbox, is a truly great window manager. I think that it is one of my favorites. It basically is an extension of the blackbox window manager. I was actually reading a review on it earlier.

Overall, this is a great new window manager, that will perform well on lower end machines.

Re:Fluxbox

[mackstann]

Erm, new? Fluxbox has been around for a long time now.

On a side note, they're using my theme in that screenshot :)

SLashdotted!! mirrors

[Creepy+Crawler]

::::: New Mirrors Added! :::::

L.A.S. 0.4a Main with FluxBox MD5: 0939d7294035b5246bedbce1085bb1e1

http://lightning.chem.tue.nl/las/l.a.s_0.4a_MAIN .i so -The Netherlands

http://sarovar.org/mirrors/knoppix-las/l.a.s_0.4 a_ MAIN.iso -India/Asian Pacific

http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.4a_MA IN .iso -USA

L.A.S. 0.3b Main MD5: f47150d2458c78169a65458bcf8ebf96

http://lightning.chem.tue.nl/las/l.a.s_0.3b.iso

http://sarovar.org/mirrors/knoppix-las/l.a.s_0.3 b. iso

http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.3b.is o

L.A.S. 0.3b SECSERV MD5: ff412734492e39d1d084ced556a47493

http://lightning.chem.tue.nl/las/l.a.s_0.3b_SECS ER V.iso

http://sarovar.org/mirrors/knoppix-las/l.a.s_0.3 b_ SECSERV.iso

http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.3b_SE CS ERV.iso

Re:SLashdotted!! mirrors

[numatrix]

Argh, dang you, that's my desktop machine hosting the ONLY US mirror... .

Though the main problem isn't the load on my machine, but my boss's expression if she realizes the traffic spike I caused.

Re:SLashdotted!! mirrors

ufl.edu -> purdue = 1.22MB/s I wouldn't call that a slashdotting :-)

Re:SLashdotted!! mirrors

[YetAnotherDave]

since some of the mirror operators seem to be here, can they maybe explain why a 'security'
tool doesn't offer MD5 or gpg verification files for it's iso...

Re:SLashdotted!! mirrors

[numatrix]

Umm, why don't you read the copy above, or the original page itself. See those nice long numbers next to the image name? Yeah... md5.

You're welcome.

Re:SLashdotted!! mirrors

[YetAnotherDave]

some day I'll learn to read

I even looked on the download page for mirrors... :}

Excellent. :)

[numbski]

I'm getting to really love these things. If it's got ssh, scp, ethereal, port scanner, and a few other goodies, this thing's gonna rock.

Don't need no network security tools

[Rosco+P.+Coltrane]

I have a script on my box that puts the eth0 interface down and back up every 3 minutes to break the connection of any evil pirate who might haNO CARRIER

Re:Don't need no network security tools

you need the latest distro that s....NOCARRIER

USB flash version

[Kegetys]

How about an version that you can (easily) put on an USB flash memory card and boot from there?

Re:USB flash version

[sys$manager]

Hardly any systems have a BIOS that supports USB booting right now.

Re:USB flash version

[Kegetys]

Hmm.. My GA-8IGX mobo has support for it, based on the i845 chipset which is quite old already. I think there certainly are alot of systems that support it, its just not a very commonly known feature.

Re:USB flash version

[numatrix]

I can think of two:

knoppix-usb
and runt.

Knoppix-usb is based on (you guessed it!) and runt is based on slackware.

Re:USB flash version

[deinol]

Why bother waiting?

Ok, they are still a little expensive (~$400) but I know you can get 1GB USB flash drives already. You can fit the whole knoppix CD on that. Even better, you can change it slightly so that the home directory gets stored on the flash drive.

Think of it, a bootable linux distro complete with data storage built in.

Sounds a lot like F.I.R.E.

This sounds a LOT like F.I.R.E. (http://fire.dmzs.com) which I've found to be extremely useful, and highly recommend for forensics, pen testing, and other practical security efforts.

Re:Sounds a lot like F.I.R.E.

Actually, it sounds a lot more like http://www.knoppix-std.org/ (a knoppix dist with security tools in mind as well) since F.I.R.E. isn't based around knoppix at all.

Re:Sounds a lot like F.I.R.E.

[numatrix]

Yup, it's also very similar to knoppix-std (which I ~highly~ recommend), it's just smaller.

Re:Sounds a lot like F.I.R.E.

It looks like this is a more 'dedicated' distro. Where Knoppix-STD has games, OpenOffice, and other stuff not related to security. I noticed on their website it even says to get Knoppix-STD if you want a full Knoppix version with all the extra crap you don't need for auditing networks etc. And F.I.R.E. hasn't been updated in a while it seems. Plus they are bloated at roughly 600 or 700 Megs. As L.A.S. is only 107 at present since it is fat-free. That is what makes it stand apart. . .

roll out my own

I've been wondering about this as well. I would like to see an online generic kernel/package distributor offer a system where I could select, say from a series of menus, the packages I would like (possibly with custom tweaks) and have an iso/s generated just for me to download. The processor and bandwidth requirements of this pipedream are probably too cost prohibitive right now for a free system. If you would like to see a demo of a similar system (for graphics rendering) check out cooltext.com.

MS 95 Aqua

Why did they choose MS win95 default aqua as a background color? BLUUUAAAAAHHHHHHHH!!!!!!!

Forensics utilities are somewhat useless

[dodell]

In the real world, you don't always have permission to take a box down to perform forensics. Rebooting == downtime. Booting into Linux from a CD to inspect == downtime. When you *are* granted permission to take down a box for forensics analysis (you have to get permission in a search warrant for this, or permission from the company that wants you to investigate, but this is rarely feasable), you'll probably be working for a large firm that can afford forensics tools that cost tons of cash and do much more advanced forensics analysis than the forensics software for Linux.

This sounds more like another goodies CD for people to mess around with at school. Or perhaps something to give people Linux demos with. Who knows. I wouldn't market it as a forensics tool, though.

Re:Forensics utilities are somewhat useless

[Amon+Re]

Or more simply....a hacking tool.

Re:Forensics utilities are somewhat useless

[DamienMcKenna]

I think the idea of this is to grab a random PC on the network and use it for testing, like Mary Thesecretary's P4/3ghz that is used for daily reports and word processing. I don't really think they want you to take down the core servers to run tests, if you do that then you don't have anything to test against.

Re:Forensics utilities are somewhat useless

[agentZ]

you'll probably be working for a large firm that can afford forensics tools that cost tons of cash and do much more advanced forensics analysis than the forensics software for Linux.

If I'm working for a cash rich company, why can't I use the free toolkit and pocket the extra money set aside for "tools"?

Re:Forensics utilities are somewhat useless

I may be missing something here, but it sounds like you're describing a scenario where a machine has been compromised, and you're discussing what should be done afterwards. If you're describing something else, everyone should just ignore the rest of this article. Otherwise...

If a system has been compromised, then you can't afford not to take it down. In my book, any system that has been compromised is already down and should never be put back on the network again. At least not until you have done forensics, then either re-installed it from the original media or restored from backups that you're totally sure were made before the break-in. Anything else is just an invitation for downtime of your other machines and thus further losses. You may think you can go in and clean out the infection, but that's just a pipedream. You may have gotten it all, but you can never be sure, and from now on, that system is basically useless because it will always be suspect.

And if the rest of the business protests because that system is mission critical, then it's the system admin's responsibility to inform everyone that that's why it has to be worked on right away.

Re:Forensics utilities are somewhat useless

[Jeremiah+Cornelius]

I work with this stuff, and just plain ol' Knoppix is tool #1 or 2 for incident/post-mortem. You are way off base in your assumptions. Especially if you think small banks and insurance companies are budgeting copies of Encase for the InfoSec staff.

Re:Forensics utilities are somewhat useless

[chef_raekwon]

i agree with your statement to some extent...you won't be downing a server to run some silly tools that you can run on the server...

but, if you are a "security consultant", you simply need to show up, on-site with your mini-cd, and proclaim that all matters will be quickly resolved...as soon as you comandeer the secretary's pc.....
(and quickly reboot it.) .....
i dunno.

Re:Forensics utilities are somewhat useless

[JonTurner]

>>If I'm working for a cash rich company, why can't I use the free toolkit and pocket the extra money set aside for "tools"?

Oh, I dunno, let's see, maybe because that would be EMBEZZLEMENT?

Re:Forensics utilities are somewhat useless

"do much more advanced forensics analysis than the forensics software for Linux."

such as what ? the tools that are used by AtStake, L0pht, ISS, All.net, Counterpane....are these exact tools.

your comment shows just how much you know about the Forensics field.

Re:Forensics utilities are somewhat useless

No, it's ok because he's a tool.

Re:Forensics utilities are somewhat useless

[MoralHazard]

Oh, really? Since when does "advanced forensics [sic] analysis" involve expensive tools? What forensic company do you work for, anyway, that you'd have the experience to make such a sweeping generalization? Oh, wait... you DON'T work for a forensic company--you build servers for a living.

I've worked six jobs in the last four months using Unix tools, and used various combinations of dd, netcat, ssh, mount, losetup, grep, and the other unix basics to wonderful effect on every one. They don't really ever fail on account of bugs or arbitrary limit conditions (can't handle files bigger than X MB, for instance), and they're terribly simple to troubleshoot. Oh, and there's nothing like an open-source tool for when you have to walk into court and answer the question "So, Mr. Expert-Computer-guy, how do you KNOW that this software did what you said it did?" It takes the wind out of an attorney's sails when you whip out the printed source code to md5sum and start walking him through it.

I've used the $90K forensic tools from the high-profile companies, and they work OK. Not great , though. EnCase, one of the more popular LE programs, has been plagued with bugs in the latest major version. Also, they're restricted to Windows and Mac analysis, so you're out of luck if you get a Linux machine. Oh, and don't even bother with tech support unless you're a true idiot who has failed to plug in his computer--one time, their IDE write-blocking interface was forcing drives into PIO mode (and taking 40 hours to copy a 10 GB hard drive!), and their phone tech suggesting that I try "www.hardforum.com" for technical advice. Talk about pure shit.

Most of the other insanely expensive tools that I've used have similar issues: limited platform support, buggy out the ass, and crappy tech support. The last isn't their fault so much, because most people using forensic tools are advanced enough that they won't be helped by any by the best--and the best technical/forensic people are expensive. But the bugs, oh god, the bugs!

There are a few tools that the USAF's OSI put into public domain usage that are handy, but really, you just need a linux machine with dd, ssh, netcat, and a custom kernel.

Re:Forensics utilities are somewhat useless

What is this? An anti-hire resume? Sure, downtime is bad, but it sounds like its a good time to suggest some work for yourself or your droogs -- engineer and justify a hot-swap machine for quick swap in during crime, h/w failure, s/w failure, etc.

Sheesh, in the mean time, switch traffic over to your disaster recovery machine floating in the Atlantic.

Re:Forensics utilities are somewhat useless

sure, but let's say you are given permission. you can make much more profit offhand than if you charge for the expensive tools plus your labor chharges. even if you don't charge as much as you would have had you used the expensive tools, it's still a greater profit margin for whoever's doing the audit using this CD.

Re:Forensics utilities are somewhat useless

[dodell]

No, I don't build servers for a living, I administrate them. I think you would agree that this job does require some amount of knowledge of computer forensics. And, to clarify further, I *am* discussing situations dealing with Windows computers.

Agreed, many of the more "advanced" forensic utilities are somewhat lacking in certain areas, but there are cases in which they are really the only way to get the job done. And I've come across many situation in which it is not feasable to take the box down.

Re:Forensics utilities are somewhat useless

[dodell]

I agree. If a system has been compromised, it should be immediately removed from the network. I'm referring to situations in which a computer has not necessarily been compromised, but contains "sensitive" "wiped" data. In these situations, it may not be feasable to remove the box from the network.

Re:Forensics utilities are somewhat useless

[wfberg]

>>>If I'm working for a cash rich company, why can't I use the free toolkit and pocket the extra money set aside for "tools"?

Oh, I dunno, let's see, maybe because that would be EMBEZZLEMENT?

It's not embezzlement if you out-source to MeMyselfAndIAssociatesInc. who invoice you and everything ;-)

Re:Forensics utilities are somewhat useless

[ManxStef]

If a system has been compromised, then you can't afford not to take it down.

Errr... not immediately, no.

Say you've just discovered that a box is compromised (e.g. you noticed an internal box portscanning your local network), you'd immediately take it down?? The whole point of forensics is to gather as much evidence as possible from the compromised machine, and shutting the box down or disconnecting it from the network means losing vital information, so you better be sure you've got as much evidence as possible before powering off. While there is always a fine balance in deciding whether or not to switch off (e.g. do I leave this box up an extra few minutes while I gather more evidence, after having discovered that the box is running a ton of SQL queries against the DB server), it should be carefully considered rather than a knee-jerk "pull the plug" approach.

Besides, the original parent poster seemed to have missed the point that the forensic analysis shouldn't be done from the compromised box; run netcat or cryptcat (from read-only media such as a CD) on it and pipe the shell to the secure forensics box (running LASL 0.4a for instance), then gather your evidence here. Depending on the compromised OS you'll need a variety of binaries on the CD to put in the suspect box, for instance the excellent PS tools are a must for Windows auditing.

For those interested in forensics it might be worth reading a paper linked off the front of SecurityFocus at the moment: Maintaining System Integrity During Forensics. While it's not really intended as an introduction it does cover the main points pretty well, so would be worth a read if you're curious.

Re:Forensics utilities are somewhat useless

[frostman]

Taking a box offline may not be an option in a lot of environments, but I can think of several cases in which this would be very useful.

1. Small/home/project server
   One of my private servers was taken over once. Very un-nice thing, resulting in several months of frustrating interaction with network provider until we figured out we'd been rootkitted. We reinstalled everything from scratch and did our best to lock it down, but it still would have been nice to have a handy forensics tool to pop on the 'doze box down the hall.
2. Intranet server
   If you have a server on your intranet and you want to run checks on it (say, to make sure you're safe against malicious/disgruntled employees in the billing department), you can pretty easily have a few hours of scheduled downtime at night.
3. Multiple identical servers
   I worked at a company that had a number of identically-configured web boxes. That was the whole point: you could take one out whenever you liked. Since the config was identical, you could take one out, run whatever tests you wanted, and if you found a problem you could fix the servers in rotation.
4. Clueless company
   If you work for someone who has no real sysadmin, and they sometimes expect you to do sysadmin-like things, it could be very nice to have such a MiniCD handy. If that's the case you probably don't have a forensics-kit laptop handy, nor expensive tools.

Of course, always get permission first.

Re:Forensics utilities are somewhat useless

[hplasm]

Ah, spoken like a true consultant ;*)

Re:Forensics utilities are somewhat useless

[kentborg]

Looking at the package list I didn't see any ssh or sshd listed.

Is it there?

-kb

Re:Forensics utilities are somewhat useless

I've done some forensics at the last company I worked for (mostly for obtaining legal grounds for terminating/prosecuting employees) and have looked into starting a forensics consulting business with an ex coworker from the same company. We have little money to start so free tools are great. I have used EnCase and can agree that it is very flakey and expensive. The good thing about it wasn't its ability to get an image from a target, but to be able to parse the data after you had it. After you pull 40gigs off a drive with dd and the others you listed, what do you use to go through the data to find what you're looking for? Sometimes we didn't even know exactly what we were looking for, so EnCase also had the ability to automatically eliminate the known system files to make it a little easier. So, how do you go through that much data? Also, does dd and the other tools you use let you copy and analyze slack space as well as deleted files? This could be very important if the target knows a little about what he's doing.

Another question: What methods do you follow as far as chain of custody for hard drives/systems you acquire and documenting procedures for use in court?

(I'm posting this AC because, well, I'm just generally paranoid, among other reasons that I won't mention because, uh, I'm paranoid.)

YADLD Yet Again :-P

[einhverfr]

Yet Another D??? Linux Distro....

Haven't we already got enough?

And what is this Coroner's toolkit thingy? Something for the morgue? What does it have to do with Linux?

And forget this Lazarus thingy-- if you want religion, get Jesux.

Oh, and more more thing. My pen writes fine. No need to test it.

(for the humor impaired-- if you didn't get it, forget it)

Re:YADLD Yet Again :-P

I think you're fucking humor impaired

Re:YADLD Yet Again :-P

[autechre]

Lazarus and The Coroner's Toolkit were developed several years ago by Wietse Venema (Postfix, TCPWrappers) and Dan Farmer (SATAN). Lazarus recovers deleted files which can then be browsed with a Web browser. The Coroner's Toolkit is forensics software (post-breakin analysis). I saw a presentation on them in 1999, and they looked very useful then; I'm sure they're even better now. Fortunately, I haven't had occasion to use them :)

Re:YADLD Yet Again :-P

[einhverfr]

Lazarus and The Coroner's Toolkit were developed several years ago by Wietse Venema (Postfix, TCPWrappers) and Dan Farmer (SATAN). Lazarus recovers deleted files which can then be browsed with a Web browser. The Coroner's Toolkit is forensics software (post-breakin analysis). I saw a presentation on them in 1999, and they looked very useful then; I'm sure they're even better now. Fortunately, I haven't had occasion to use them :)

I know what they are. Sorry for my lame attempt at making a joke. For those who didn't get that "My pen writes. I don't need to test it" as a reference to pen testing (as short for penetration testing).

I use tct and it came in very handy for recovering files after a hard-drive platter went bad.....

Well

[DaLiNKz]

they may be secure but it seems they weren't ready for /. - can't resolve already :S

Seing as it's Debian based ...

[zonix]

Just select the packages you want, kernel, drivers, etc, wait as the program churns out a nice ISO ...

Well, as I see it, with Knoppix (and derivatives) you get almost everything you need. If not you can always apt-get what you need as it's based on Debian. Not exactly what you want, but it's easily customizable from this viewpoint.

z

Re:Seing as it's Debian based ...

[frovingslosh]

Well, as I see it, with Knoppix (and derivatives) you get almost everything you need. If not you can always apt-get what you need as it's based on Debian. Not exactly what you want, but it's easily customizable from this viewpoint.

No, you get all of what the developer thinks you need, but that's hardly always what you need. Knoppix has even been removing things to make space, so you no longer get some things, but you still get three or four different spreadsheets and word processors and at least two power point replacements and such. And apt-get isn't a very reasonalbe solution when you're talking about a CD based system. Clearly Knoppix can be be customized (a customization is why were're talking about it), but it's also clear those customizations are a major effort to do right. The original request, a clean easy way to build true knoppix style CD bootable Linux ISO files would be a great thing. I'll go a step further: If it was scriptable in some way (say you provided a manifest file of everything that needed to be apt-got and then any special burning information), then people could release special Knoppix packages such as Local Area Security Linux or a Game Knoppix or anything else they thought the world needed and were willing to spend the time doing, not as a huge ISO file, but a simple (small) manifest file of what the Knoppix generator needed to put together to build the system. Now that would be slick.

Re:Seing as it's Debian based ...

[Hatta]

I can't even figure out how to get console nethack on knoppix. All we get is this crappy isomorphic view, I can't tell wtf I'm doing.

Re:Seing as it's Debian based ...

[Wolfrider]

Ummmm.... Sounds kinda like Morphix.

Re:Seing as it's Debian based ...

[frovingslosh]

== WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??

OK, You might be wrong.

Why not included in distributions?

[kneecarrot]

I have only dabbled in Linux so excuse my ignorance, but some of these apps seem rather important. Why aren't they included in the various Linux distributions? Or are they just better incarnations of included software?

Re:Why not included in distributions?

[eggarsuit]

I think the point of the Live CD is to let people use these tools without having to actually install Linux on their computer. Versions of all of these tools are available with pretty much every other Linux distro. It's just a way to use this software without dedicating a machine, or even part of a machine to Linux.

Re:Why not included in distributions?

They are included, and they aren't better incarnations. This CD isn't for installing the programs. You can put it into a computer, boot off the CD, and use the tools regardless of what OS is actually installed on the computer.

Re:Why not included in distributions?

The point is, when something has gone wrong with your system -- like for example that it's been taken over by an intruder, you can boot up and try to do stuff, but you never know what kinds of traps the intruder may have left for you. Maybe they just looked around and did nothing, or maybe they've left behind special code so that just running a regular program or even just booting up might cause your entire hard drive to be erased. What you want to do in that kind of situation is boot off a different volume -- one that gives you software that is known to be good and known not to be under the control of whoever broke into your system.

Plus, in such a situation, you want to be able to look at the state of the system without changing it. Even booting up a regular system changes some files. If you are going to be contacting law enforcement or anything, you need to gather information that's as accurate as possible, with absolutely no unnecessary changes.

Another reason such a CD might be help is if you are a security person (or a hacker) who travels around a lot and wants to always have your tools with you. This could even be useful to a system admin who wants to do a spot check by booting up the CD on some computer in a different building than where his normal machine is.

Downtime

[Bruha]

Someone earlier said companies cannot afford downtime. True but in most corporate enviroments there are plenty of boxes to take over the job of the hacked box most times and in the event that there's no backup most serious hackings will require the downtime anyways to investigate and fix the issue.

Can you imagine if a credit card database was hacked and they said just bring it back up?

Mini CD?

[useosx]

But what about my slot-loading Powerbook?

</humor>

Yeah, so I don't own a Powerbook, but does anyone really use mini-CDs?

Re:Mini CD?

[TheShadow]

There are digital cameras out there that record on Mini CD-RWs. So, yeah... people do use them.

Re:Mini CD?

[B1ackDragon]

No, or at least not anyone that I know of. But they're so damn cute!

Re:Mini CD?

They're very nice for distributing large amounts of literature, video clips, or small demo versions of products. Our salescritters like them because they're just large enough to shove a business card in and give to customers.

Re:Mini CD?

[m00by]

well yeah, they're really useful. :) unless I have over 185Mb of stuff :)

Re:Mini CD?

I do. ERD Commander, NTFSDOS, and Morphix fit nicely on them.

Re:Jon Katz

From the recent IRC session:

<Questions> limerickey asks: What happened to John Katz?
<CmdrTaco> We had to let him go during a round of layoffs last summer. We miss him, and were sad to see him go. He added a lot to Slashdot, and it was really unfortunate.
<hemos> Well, that and he wanted to write more about dogs.
<CmdrTaco> Yes, also the dogs.
<hemos> Since Running To the mountain, he's written two more books about dogs. Jon and I still talk semi-regular. To be frank,
<CmdrTaco> He's a really cool human.
...
<hemos>the acerbic nature of some of the people also turned him off. both in terms of writing, and in terms of people's impressions.

Uh Oh!

[Zorkerman]

5...4...3...2...1...

SCO has just accused them of patent infringement.

Seems we need new hosting. . .

[localareasecurity]

It seems our host in Argentina didn't like all the bandwidth we were using even though we get 20GB a month not including ftp traffic. If anyone wants to donate some hosting we'd appreciate it. . .

-J-

Re:Seems we need new hosting. . .

[advocate_one]

wondered why I got the hostile greeting when i attempted to access your front page... Sounds like you need some burstable hosting for the big files... this slashdot effect was discussed just a couple of days ago when we were looking at ways to slashdot proof a site...

Re:Seems we need new hosting. . .

hi
we can donate some bandwidth, email us at support@opensourcerer.net

Karun
OpenSourcerer WebHosting

MY favorite part:

[JonTurner]

was when I clicked on the link to the screenshot only to be presented with a 444 error:
"You do not have permission to access the requested file on this server."

Wow, when it comes to security, these folks aren't kidding around! It's so secure, you can't even look at the images it serves! Now THAT'S tight!

185Meg? That's old sk00l!

[Tumbleweed]

Newer mini-CDs now fit up to 210Meg, FYI.

And they have R/W versions, as well. Nifty!

I always thought something like these would make great floppy replacements, but it looks like USB flash drives are gonna do that first. That's OK - solid state storage rawks, and their capacity is already well over that of even the 210Meg CD-R(/W) mini-CDs.

Here's to hoping they come out with FireWire '2' (IEEE1394.b) flash drives! *cheers*

Re:185Meg? That's old sk00l!

You're right, flash keychain devices can be very useful for some tasks. I am very envious to have one. But you've squarely missed on their drawbacks.

They have pretty limited r/w lifetimes

The tranfer speed is abysimal, and in no way, shape, or form could take advantage of the faster firewire transfer speeds.

Re:185Meg? That's old sk00l!

[Tumbleweed]

> They have pretty limited r/w lifetimes

True, but, you shouldn't think of a _floppy replacement_ in terms of how the rewrites compare to, say, a harddrive, but in how appropriate is it for the task, especially as compared to what it replaces. Also the technology change involved in implementing the new tech. Pretty much every computer comes with a USB port (or 4 or 6 or 8) these days. Many do not come with rewritable optical drives.

> The tranfer speed is abysimal, and in no way, shape, or form could take advantage of the faster firewire transfer speeds.

Good point to bring up, but do you know for a fact that's true? Are the USB 2.0 "high speed" drives meeting the speed of the flash memory, or limiting it? Flash memory may not be as fast as FireWire '2', but it may be faster than USB 2 - I dunno. One thing I do know - flash memory will get faster over time, as all memory does.

Knoppix can already do this!

[purplebear]

You should be able to customize what is on the knoppix cd fairly easy already. If you look at the Knoppix cheatcodes, for manipulating hardware detection, there is a note in there about remastering the cd:

If you wish to remaster the CD, please don't forget to specify
-b KNOPPIX/boot.img
for the german version of the bootfloppy, or
-b KNOPPIX/boot-en.img
for the english version, as option to mkisofs. Otherwise your CD
won't be bootable. The directory KNOPPIX, containig the compressed
filesystem file "KNOPPIX", must be located in the top level
directory of the CD.

So, just take the knoppix ISO, copy to disk and modify away. Then use mkisofs with the -b flag to make your new custom ISO. :)

Redundant

[veldmon]

Gentoo already provides this service and much more. I have used the the ports collection (Portage) to download the source of each and every package that is on this new LANSL LiveCD.

Why would I want to use an unoptimized version of each of these security tools when I could speed up their operation by at least 10%?

It just makes imminently more sense to only have source on your CD. What's the use of binary packaged security tools that could have buffer overflow vulnerabilities of their own, that I could not first examine before using.

Re:Redundant

[advocate_one]

no, not redundant at all... optimisation will make it work fast on only the machine you built it for... try booting an "optimised" CD on the machines in a mixed environment... one where you have no real idea of what is in the box until you fire it up... like at a friends or clients place.

Those binary packaged tools also have the source available on the web and you can check each package out yourself there. the list of packages is available on the download site...

The guy who put the distro together has merely taken the trouble to save you a lot of time by assembling all the packages himself. I'm sure he will be just as keen to keep it up to date as well keeping track of major holes and also making sure you have the documentation available so you can keep it up to date yourself as well like you can with Knoppix.

I take it from your tirade that you've never enjoyed the advantage of Knoppix in being able to boot up the disk on someone elses computer without having to actually mess with the hard disk at all??? Just try turning up at a clients site with a CD stuffed with source code and expecting to be able to install it all on the hard disk before you can conduct your tests... and having to wait whilst it all compiles...

The prepackaged binary CD is far more convenient... and you can leave a copy behind for him to use himself... I've left behind some twenty knoppix CDs now for friends and relatives to play around with so they can experience Linux without having to mess with their hard disk. I've since gone back and installed it properly for seven of those people as duel boot setups.

Re:Redundant

Just what I want... A live CD that boots up and compiles for three days before I get a prompt that lets me do anything. Boy that is gonna make one hell of a bill at an internet cafe when I need to fix something back at the office while I am on the road....

Re:Redundant

[kcurrie]

Why would I want to use an unoptimized version of each of these security tools when I could speed up their operation by at least 10%?

You think nmap and nessus are going to scan 10%+ faster just because they are compiled for your specific system? I seriously doubt it-- these are NOT CPU bound applications folks. This isn't a chip simulation platform, it's a generalized distro that is supposed to be portable and have a suitable amount of security tools on it.

It just makes imminently more sense to only have source on your CD. What's the use of binary packaged security tools that could have buffer overflow vulnerabilities of their own, that I could not first examine before using.

No, it makes no sense at all to have the source on the CD so you can recompile it. First off, this is a CD-- a READ ONLY cd, so you'd need to be compiling the code each time you use the tool. If you're putting the source on there and can't change it, why not just but the binary on there to begin with?? Since all the tools you'd use to compile it are on the CD itself, on any given system you boot it on the results will be (more or less) the same anyway (except CPU optimizations, which don't matter here). Further, are you REALLY checking the source code looking for BO's and all that before you build the tools? If so, why don't you get to work and do some code audits on the existing tools out there.

This is great!!!!!

i wonder if fyodor can use this to hack sdem's computer

Great Idea...

[ihummel]

I walk around with that in my pocket until a rent-a-cop, or paranoid faculty member, at college sees me with it and, after inspecting it, accuses me of trying to hack into the college computer system. After all, its like carrying around a lockpick set, at least to some people.

Re:Great Idea...

[toddestan]

Yeah, I walk around my schools campus carrying CDs that say things ldke l33t h4k0r1n9 t00lz" on them.

Heck, I'd just throw a few low quality .mp3's in any free space on the CD, and claim it's a CD of remixes of Britney Spears and 'N-Sync. I doubt they'll suspect anything.

Re:Great Idea...

[Gyorg_Lavode]

Wait, employees of your school actually care what's on the CDR's your carrying around? I could have walked around the school w/ a toolbox that said "big ol' hackin kit" on it and no-one would have looked twice.

What...

what do you need a screen shot for? It's fucking Linux.

Knoppix STD

[phoneboy]

Also featured on slashdot recently:

http://www.knoppix-std.org/.

-- PhoneBoy

Re:Knoppix STD

I didn't know Knoppix had become a sexually transmitted disease.

Just like Trinux

[DrugCheese]

I used to use an old floppy based distro called Trinux. On about 3 floppies I had X server + GUI web browser and some network tools to do some testing. I think it was flown as a security tool distro but I used it mainly for network troubleshooting. Still ahve the floppies but I think the site and distro have died.
Anyone know what I'm talking about?

Re:Just like Trinux

[ciphrix]

They actually mention Trinux on their site in the FAQ section.

"Being that there was already similar things out such as Trinux. But I prefered to utilize the wonderful developments made by Knoppix to take all the tools available in Trinux and put them on one MiniCD."

http://www.localareasecurity.com/modules.php?op= mo dload&name=FAQ&file=index&myfaq=yes&id_cat =1

http://trinux.sourceforge.net/

Re:Just like Trinux

[cdf123]

http://trinux.sourceforge.net

They also have a mini CD version available that I have used a lot. (google for "trinux-80rc2-2.4.5.iso") The site also mentions that it is being activly maintained again, it was dead for about a year, but now seems to be back again.

File information for the BT

L.A.S. 0.4a MAIN with FluxBox
Description: This is the alpha version of 0.4 with FluxBox added along with more tools.
MD5: 0939d7294035b5246bedbce1085bb1e1
Version: 0.4a | Filesize: 107.29 MB
Added on: 11-Aug-2003
Homepage | Details

HTH

What it doesn't seem to have...

...is mouse support (2-button touchpad or USB wheelmouse) for a Sony VAIO PCG-GRZ610. It boots but I can't do jack with it.

I tried both: boot: knoppix wheelmouse & knoppix usbmouse

Nothing seemed to work. Also, I can't seem to get the initial config script to reload to change some other settings. Any suggestions, please...

Fear Invoking Statement

[Shamanin]

At the Nessus site:
"A security scanner is a software which will audit remotely a given network and determine whether bad guys (aka 'crackers') may break into it, or misuse it in some way."

It fails to mention that Nessus maintains a database of all security violations that can be parsed by Hackers in the know.

WAAAHAAAHAAA... (cough) (cough) (cough)

Re:For more info, follow this link

Well done! You've managed to remain completely on topic while providing insightful and funny content. I do hope that other /. posters will follow this excellent example of a great post! Well done! My hat is off to you! Keep up the good work!

Re:my favorite part:

That's really strange.. this was supposed to be posted to a different story.

The many buttons on your mouse have confused you. Buy a Mac.

live cd?

[jonnyfivealive]

what makes a (distro's) cd "live?"

Re:live cd?

[Odin's+Raven]

what makes a (distro's) cd "live?"

A live CD is one where you can boot and run a fully-functional operating system entirely from the CD. (I.e., you don't have to go through the typical song-and-dance of booting off an installation CD, installing the software onto your hard drive, then booting off your hard drive to run the OS.)

A live CD might have options to use other media if it's available (mounting a Windows/Linux/swap/whatever partition on your hard drive, storing user preferences and files on a floppy or flash disk, etc), but a live CD doesn't *require* any other media to run.

Just as a simple example, earlier this year the hard drive on my girlfriend's laptop died while she was away at school. On the other side of the country. Two weeks before the end of the semester. Not exactly the best situation to be in.

So I sent her a copy of Knoppix (a popular live CD distro -- there's a link to it in the /. article) via Fed-Ex. Since it could run completely off her CD-ROM drive, she was able to boot her computer, browse the web to do research, access her email, even write her last couple of papers (hoorah for OpenOffice :-) and save them on one of those little USB flash drives -- all without having a working hard drive.

Re:live cd?

[jonnyfivealive]

wow, a fully explained, opinionless explanation? i thought this was /.
thanks

it's been done!

[poptones]

the problem is most PCs are not yet equipped with the cd-bluetooth karmic storage drives...

I'm using it right now ...

[MacEnvy]

I'm typing this right now in the "Links" browser. It's fast, it looks good, it has most of the tools I use (Nessus, Ethereal, XMMS, Firebird). I might just mod this and carry it with me instead of using other people's machines when I'm doing diagnostics. It picked up my wireless correctly and everything.

Have fun with this one, kids.

live CDs are nice-Unexplored potential.

Well use your imagination, imagination, imagination. How about portable development environments? e.g. Java, Web, Perl, Eclipse, Smalltalk, etc. Or portable server environments. e.g. Web, LDAP, JBoss, Samba, Proxy, E-Commerce, Blogs, etc. A portable gaming disk, with all the dependencies wrapped up. e.g. gaming clients, and servers with the possability to put updated drivers on a USB pen drive. Complete presentation/demo disks. e.g. go beyound powerpoint, and have full interactivity with the real thing. Word-processing extrodinare. e.g. Lyx, OpenOffice, DocBook, etc. Financial whiz. Throw in proprietary software and your posabilities go up. e.g Portable CAD station, Graphics workstation. Remember DVDs open up possabilities that the CDs don't. Make a couple of all the above, and place it on your site. Offer support and you can make some nice money. Or start a small company that puts any of the above on small form-factor hardware, with easy to use interface (or just remotely manage it all from your location, as part of support).

BTW Someone needs to extend this to other platforms. They want to have fun too.

Re:live CDs are nice-Unexplored potential.

[Library+Spoff]

This is a great Idea. A someone only getting to grips with linux i've been messing with the live distros and these would let me try it out on a network at home b4 going live.

let me get this straight

[honold]

you're using your auto-configured, no-vpn wireless connection as a security platform? looks like your tools are ahead of your mindset :)

Re:let me get this straight

[MacEnvy]

I'm using it (firewalled, proxied, spoofed) to test out the OS, not as a security platform. I'm just sitting here at home fooling around. Nice joke, though.

Re:More suicide bombing in Israel?

[spacecowboy420]

Why is it flame-bait when someone states an obvious fact? I have no problem with jews or any other religion/group of people - but more and more I am finding it hard not to be an anti-semite. As the parent poster pointed out, why do the Jews never learn?

It seems to me that everyone that answers a question by invoking God (Allah etc..) you are sentencing yourself and your children to death. Doesn't the fact that deaths caused by religious fundamentalism out number any disease (plaque, aids etc..)combined click in the mind of the most logic challenge that this is not the correct path? Doesn't murdering people - at all - tell you that you are as wrong as the murderers you are fighting?

Want peace? Remove god from the equation and you'll be on the short path (not there, but almost - you need to establish secular morality first)

no, I didn't forget the AC button, I truly believe what I say, mod me the way you like, but I speak truth.

I'm not impressed

[frovingslosh]

OK, I'm running it right now. I'm not very impressed. The menu does not list all of the included apps (none of the security apps, the very reason for this, as far as I can tell. It (the menu) does have stuff I don't want, including a lame game, a spreadsheet, a winamp clone and some other stuff, but not the security stuff!

I got a shell running, but there seems to be no man command and no documentation for some things in the menu, like the TinyIRC client. Obviously since I'm posting this from the running ISO there must be a web browser, but I had never used "links" before, so it was not easy to find. How I find the security tools supposedly built into this I have no idea. I did get a GUI ethereal running by bringing up a shell and typing in ethereal, but I just don't know what else is here (and what isn't).

By the way, I have network issues when booting Knoppix on this computer, so I booted this ISO with the "Knoppix expert" option. Or at least I tried to. Although it prompted me for the boot option, it ignored it after I typed it in.

Re:I'm not impressed

[Wolfrider]

Try ' dpkg -l | less ' and ' dpkg -L pkgname ' to get the files that the pkg contains.

--It IS version 0.4a after all... Pretty much an alpha release I'd say. But I wouldn't even *release* a version with the menus that b0rked...

Re:I'm not impressed

Yes it is an ALPHA release and if you don't know linux enough to figure out what tools are there then you shuldn't be playing with the tools to begin with. When you do a default install of Mandrake, RedHat, whatever. . .you don't get a menu listing for every package installed. But you may not realize that I guess. . .

Plus on their website they state that the menu is the main focus for 0.4b in a few places. Along with documnetation of excisting tools. I make sure to RTFM even if their is not a lot of 'M' I still read it.

Re:I'm not impressed

[frovingslosh]

I've RTF...website. Even the forums, where others have noted that there isn't a good list of included packages. It's not only lacking from the CD, the information isn't listed in the FAQ on on the website either.

Knoppix as a Debian installer

[deadcasuals]

One thing you can do is to install the Live CD to a hard drive to get a permanant installation. While this may seem counter productive for a Live CD, I've found it to be really useful. I'm currently using the Knoppix Security Tools Distribution as a "desktop" OS... :-) Knoppix 3.2 (what both these distros are based on) includes a really useful script to install the Live CD to the hard drive. It's the easiest way I've found so far to get a Debian testing/unstable system installed and running - with X configured correctly the first time! That, in addition to having tons of great security tools preinstalled and configured makes for one sweet network-workstation-on-steroids.

...of course, I'm in charge of security where I work, so using this as a desktop OS may get you fired from _your_ work... :)

g00r00?

Re:Knoppix as a Debian installer

[Wolfrider]

--I replaced SuSE 7.3 (DVD) on both my main systems with Knoppix installs, and am currently running pppoe dial-on-demand and squid on the low-powered (P233MMX) server. The 2-gig filesize limitation that SuSE had is now no longer a concern, and updates are incredibly easy with apt and debs instead of RPM Hell. Even LVM worked out of the box, detecting and using my existing setup. :)

--I did use the SuSE 8.2 LiveCD to get a better X config file tho, with all resolutions supported fullscreen under VMware.

OpenBSD?

[megaversal]

If they're trying to offer a secure server Linux distro, you'd think they'd run their webserver on that instead of OpenBSD.

NEWER Mirror List

[suwain_2]

Blatantly copying-and-pasting from LocalAreaSecurity.com (which is apparently back up on a 400 MHz box, 96 MB RAM, on a T1). I recommend BitTorrent, but if you're gonna use mirrors, here's a bigger list: ::::: New Mirrors Added! ::::: http://chefax.fe.up.pt/mirrors/las/ -HTTP Portugal ftp://chefax.fe.up.pt/pub/mirrors/las/ FTP Portugal ftp://ftp.ntua.gr/pub/linux/las/ -FTP Greece http://ftp.ntua.gr/pub/linux/las/ -HTTP Greece http://ftp.lug.udel.edu/pub/iso-images/LAS -US Delaware ftp://ftp.lug.udel.edu/pub/iso-images/LAS -US Delaware ::::: DOWNLOAD ::::: L.A.S. 0.4a Main with FluxBox MD5: 0939d7294035b5246bedbce1085bb1e1 http://lightning.chem.tue.nl/las/l.a.s_0.4a_MAIN.i so -The Netherlands http://sarovar.org/mirrors/knoppix-las/l.a.s_0.4a_ MAIN.iso -India/Asian Pacific http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.4a_MAIN .iso -USA L.A.S. 0.3b Main MD5: f47150d2458c78169a65458bcf8ebf96 http://lightning.chem.tue.nl/las/l.a.s_0.3b.iso http://sarovar.org/mirrors/knoppix-las/l.a.s_0.3b. iso http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.3b.iso L.A.S. 0.3b SECSERV MD5: ff412734492e39d1d084ced556a47493 http://lightning.chem.tue.nl/las/l.a.s_0.3b_SECSER V.iso http://sarovar.org/mirrors/knoppix-las/l.a.s_0.3b_ SECSERV.iso http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.3b_SECS ERV.iso

Better Formatting

[suwain_2]

Ack, should have previewd first. ::::: New Mirrors Added! :::::
http://chefax.fe.up.pt/mirrors/las/ -HTTP Portugal
ftp://chefax.fe.up.pt/pub/mirrors/las/ FTP Portugal

ftp://ftp.ntua.gr/pub/linux/las/ -FTP Greece
http://ftp.ntua.gr/pub/linux/las/ -HTTP Greece

http://ftp.lug.udel.edu/pub/iso-images/LAS -US Delaware
ftp://ftp.lug.udel.edu/pub/iso-images/LA S -US Delaware ::::: DOWNLOAD :::::

L.A.S. 0.4a Main with FluxBox MD5: 0939d7294035b5246bedbce1085bb1e1

http://lightning.chem.tue.nl/las/l.a.s_0.4a_MAIN .i so -The Netherlands

http://sarovar.org/mirrors/knoppix-las/l.a.s_0.4 a_ MAIN.iso -India/Asian Pacific

http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.4a_MA IN .iso -USA

L.A.S. 0.3b Main MD5: f47150d2458c78169a65458bcf8ebf96

http://lightning.chem.tue.nl/las/l.a.s_0.3b.iso

http://sarovar.org/mirrors/knoppix-las/l.a.s_0.3 b. iso

http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.3b.is o

L.A.S. 0.3b SECSERV MD5: ff412734492e39d1d084ced556a47493

http://lightning.chem.tue.nl/las/l.a.s_0.3b_SECS ER V.iso

http://sarovar.org/mirrors/knoppix-las/l.a.s_0.3 b_ SECSERV.iso

http://psifertex.nerdc.ufl.edu/iso/l.a.s_0.3b_SE CS ERV.iso

Help Me!

[suwain_2]

I downloaded (via bittorrent), and burned an ISO, booting it on my laptop, figuring it'd be a great combo. But whenever I try to boot it, I get this error:

WARNING: Autodetection seems to hang, please check your computers [sic] BIOS settings. Please check.

It pauses for a bit (minutes), does some stuff (seemingly with success), and finally gets into an infinite loop of trying to use my CD, with these errors:

hdc: status error: status=0x20 { Device Fault } ide-sci: Strange, packet command initiated yet DRQ isn't asserted hdc: ATAPI reset complete

It repeats this infinitely. What's going on, and how can I stop it?

Re:Jon Katz

Cool. Thanks

Not entirely useless

I think this is can be a great tool for learning different tools and techniques like computer forensics. Not all schools have the cash to go out and buy the big name Forensics utilities. Neither does local law enforcement for that matter. They can go download it to CD, through it in, and boom instant forensics analysis, without having to go through the red tape or budget hassles of buying an expensive package.

Re:Really?

It can't That's why we have windows...
Doesn't the the job correctly, complains alot and flips out at least 1ce a month!

Windows is a bitch

- lures men by trying to look good on the outside
- is damn expansive to maintain and requires a lot of time
- can not be possibly understood

Security Risks of USB

[billstewart]

If you've got a USB memory frob with a hardware write-protect, fine. But remember that one of the reasons you might want a "Security Boot CDROM" is that you might suspect that your network is insecure and that Bad Things are happening. That's a Really Really Good Time to Use Read-Only Media.

Also, mounting writable media is a good way to pass infections between your machines. Much safer not to do that.

rh8 on 1.2g

[jonnyfivealive]

ive gotten rh8 on a 1.2g. it might have even been a 1.0g, im not sure. took me forever, tho. talk about package dependency nightmares, good lord. i have vowed never to try that again