Cheops

From: Mark Spencer (marksterat_private)
Date: Mon Dec 07 1998 - 01:03:22 PST

Next message: Chip Christian: "Interesting bug in SecurID software (fwd)"

Previous message: Aleph One: "[Debian] Re: fte-console has root compromise bug]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I've been developing a new network administration and access tool for
Linux called Cheops.  From the README:

"Cheops is a network "swiss army knife".  It's `network neighborhood' done
right (or gone out of control, depending on your perspective).  It's a
combination of a variety of network tools to provide system adminstrators
and users with a simple interface to managing and accessing their
networks.  Cheops aims to do for the network what the file manager did for
the filesystem."

Now, while Cheops is designed to give the administrator and the user a
powerful view of their networks, but it could also be used to provide a
cracker with a view of your network as well.  The purpose of this message
is two fold:  (a) to inform of the availability of cheops, and encourage
people to see if it can help them with maintaining their network and (b)
to educate as to the methods employed by cheops to help preempt its
potential use as a "point-and-hack" interface.

Technologically, there is nothing new about cheops.  It uses techniques
from traceroute, queso, and halfscan to determine network topology,
operating systems, and services.  What is somewhat new about cheops is the
interface that it presents the user of the network, much like files are
represented with a file manager.  Right clicking on a host presents a menu
of services and easy point-and-click access to them.  Rudimentary mapping
functionality is also available.  So, signs that someone is using cheops
on your network would include:

* Ping activity (discovery)
* lots of traceroute activity (cheops uses the same ports as traceroute)
* TCP packets with unusual flags (queso-style OS detection)
* Half-scaning (for determining the menu, only when someone right-clicks a
  host)

For more information on Cheops, please see its web site at
http://www.marko.net/cheops or download it at
ftp://ftp.marko.net/pub/cheops.

Cheops builds on glibc Linux systems with the GTK (libc5 also works, but
you must edit the Makefile and possibly a header file) and is distributed
under GNU GPL.

I eagerly welcome any comments or suggestions regarding cheops from both a
user/administrator perspective and a security perspective.

Mark

Next message: Chip Christian: "Interesting bug in SecurID software (fwd)"
Previous message: Aleph One: "[Debian] Re: fte-console has root compromise bug]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:41 PDT