Sam Spade 1.14 Open Source Security Tool by Steve Atkins

Similar documents
LevelOne FBR User s Manual. 1W, 4L 10/100 Mbps ADSL Router. Ver

inetquery 2005 User Guide

Nsauditor White Paper. Abstract

Session 16 Windows 7 Professional DNS & Active Directory

Visual WhoIs 2004 Manual Software River Solutions, Inc.

I m InTouch Installation Guide for the DSL/Cable environment with a Linksys router Models: BEFSRU31, BEFSR41 V.2, BEFSR11

1/18/13. Network+ Guide to Networks 5 th Edition. Objectives. Chapter 10 In-Depth TCP/IP Networking

CHAPTER 7 ADVANCED ADMINISTRATION PC

SolarWinds Engineer s Toolset Fast Fixes to Network Issues

and Web Site Tracing

Network+ Guide to Networks 5 th Edition. Chapter 10 In-Depth TCP/IP Networking

SolarWinds Engineer s Toolset Fast Fixes to Network Issues

Certified Vulnerability Assessor

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

Configuring IPv6 DNS. Introduction to IPv6 DNS. Configuring the IPv6 DNS client. Configuring static domain name resolution

General Network Troubleshooting

Franzes Francisco Manila IBM Domino Server Crash and Messaging

Fiery Network Controller for DocuColor 5065 SERVER & CONTROLLER SOLUTIONS. Printing from Windows

AccessEnforcer Version 4.0 Features List

LevelOne Broadband Routers

Where is Geolocation of an IP Address?

CCNA Exploration Network Fundamentals. Chapter 03 Application Functionality and Protocols

Network+ Guide to Networks 6 th Edition. Chapter 9 In-Depth TCP/IP Networking

CSC 5930/9010 Offensive Security: OSINT

IP806GA/GB Wireless ADSL Router

Broadband Router DC-202. User's Guide

A+ Guide to Managing & Maintaining Your PC, 8th Edition. Chapter 17 Windows Resources on a Network

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

The term "router" in this document refers to both routers and Layer 3 switches. Step Command Remarks. ipv6 host hostname ipv6-address

Troubleshooting Your Network

LevelOne WBR User s Manual. 11g Wireless ADSL VPN Router. Ver

Installation guide for Choic . Enterprise Edition. When Installing On The Same Server As: Microsoft s Exchange 2000 & 2003 Mail Servers

ADSL2+ 4-Port Modem Router Quick Setup Guide RTA1335

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

SMTP Sending s While on PureVPN

BraindumpsIT. BraindumpsIT - IT Certification Company provides Braindumps pdf!

LAB 1 HOW THE WEB WORKS

The Administration Tab - Diagnostics

Installation Guide For Choic . Enterprise Edition. When Installing On The Same Server As: Microsoft s Exchange 5.5 Mail Server

About MonitorWare Console 1.0

Windows Help document Part A

Using BiDiBLAH: Very concise getting started guide.

Troubleshooting SMTP Routing. Chris Miller Director of Messaging/Collab Connectria

Microsoft Windows Server 2003 Administration Fundamentals

Guide to TCP/IP, Third Edition. Chapter 8: The Dynamic Host Configuration Protocol

Scan to Quick Setup Guide

DC-228. ADSL2+ Modem/Router. User Manual. -Annex A- Version: 1.0

BiPAC 8501/8521. SHDSL.bis (VPN) Firewall Bridge/Router. Quick Start Guide

TCP/IP Fundamentals. Introduction. Practice Practice : Name. Date Period

DHCP and DDNS Services

TCP/IP Diagnostic Utilities on Windows 2008 Server

Computer Networks. More on Standards & Protocols Quality of Service. Week 10. College of Information Science and Engineering Ritsumeikan University

LAB 1 HOW THE WEB WORKS

This guide explains how to manage the network settings from your computer or your printer s control panel. See the appropriate section below.

Basics of executing a penetration test

APPLICATION NOTE. Subject: C-more setup and functionality Date Issued: C-more functionality

Tracking Packet Flow Using Path Analysis

Oversimplified DNS. ... or, even a rocket scientist can understand DNS. Step 1 - Verify WHOIS information

Agha Mohammad Haidari General ICT Manager in Ministry of Communication & IT Cell#

Lab 6.7.1: Ping and Traceroute

Wireless-G Router User s Guide

EventSentry Quickstart Guide

Attack Prevention Technology White Paper

Chapter 1. Footprinting: Knowing Where to Look IN THIS CHAPTER: Footprinting Explained Summary

ch02 True/False Indicate whether the statement is true or false.

MikroWall Hotspot Router and Firewall System

LevelOne. User's Guide. Broadband Router FBR-1402TX FBR-1403TX

TDTS06 Computer Networks Final Exam: 14:00-18:00, Friday, November 1, 2013

DHCP and DDNS Services for Threat Defense

Packet Tracer - Using Traceroute to Discover the Network (Instructor Version)

Two kinds of size notation are employed in this manual. With this machine refer to the metric version.

Steps for Gathering Information

Configuring SharePoint 2007

Hands-on Networking Fundamentals. Chapter 12 Maintaining and Troubleshooting Your Network

Downloaded from manuals search engine

EXAM - HP0-Y52. Applying HP FlexNetwork Fundamentals. Buy Full Product.

Using ICMP to Troubleshoot TCP/IP Networks

Analyzer Quick Start Guide

Objectives. Connecting with Computer Science 2

Locating Users in the Network with User Tracking

Configuring a Microsoft Windows 2000 DHCP and DNS Server

1 Hardware Installation

CCNA Exploration1 Chapter 3: Application Layer Functionality and Protocols

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 9 Networking Practices

Abusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side)

Principles of ICT Systems and Data Security

If you have a computer enabled with Intel Active Management Technology

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Lecture (08) Internetwork Layer II

CTS2134 Introduction to Networking. Module : Troubleshooting

Features of Netcat. Abstract. Keywords. I. Introduction. II. History. Jeffrey Kurcz School of Computer Science University of Windsor

Installation instructions for Choic Enterprise.

Application Level Protocols

Using Diagnostic Tools

! " Lecture 5: Networking for Games (cont d) Packet headers. Packet footers. IP address. Edge router (cable modem, DSL modem)

Netcat Scanning to Backdoors

GreenEye Monitor. GEM Communication Setup Manual. For GEM model: GEM-W. (Wifi Only Option)

BIPAC-645 DSL/Cable Router Plus ISDN Router With 4-Port 10/100M LAN Switch

Supporting Networked Computers

Transcription:

CS 413 Spring 2005 Max Konovalov Sam Spade 1.14 Open Source Security Tool by Steve Atkins University of Alaska Anchorage Department of Mathematical Sciences

This paper describes Sam Spade 1.14 open source security tool and covers the following topics: The main purpose of the software; Licensing and installation; Setup and configuration; Overview of the main features; Conclusion. The software contains numerous useful tools and utilities; however, I covered only the main and the most important features of the software in this paper. The Main Purpose The main purpose of Sam Spade 1.14 is to provide a set of network management and analysis tools for network administrator. Every administrator s computer contains a toolbox full of useful utilities for network management. These can include performance and diagnostic counters, network packet analyzers, remote control programs, administration modules for server software, and a variety of other tools. One of the most important features of Sam Spade is that the software contains most of those popular, commonly used, and helpful tools. Sam Spade is especially useful if a network has a permanent Internet connection. Sam Spade for Windows offers a suite of tools for protecting against spam on mail servers, analyzing and troubleshooting Web servers, and gathering information on Internet hosts. Many of these utilities were previously available only on UNIX machines. Most are aimed at stopping and tracking down spammers. Nevertheless, it is also possible to use Sam Spade to gather some general information about a network. This information helps network administrators to identify areas where hackers can gather too much information about network hosts. Network administrators, IT specialists, system analysts, and system security experts will find Sam Spade 1.14 very helpful and easy to use. Licensing and Installation Sam Spade 1.14 is General Public License (GPL) software. In other words, it is free. Sam Spade 1.14 can be run under Windows 95, 98, ME, NT, 2000, and XP. The installation package is available either from the CD, which comes with the book, or from the Sam Spade Website (http://www.samspade.org/ssw/), where it can be downloaded freely. The installation process is very simple: all it takes is to doubleclick on the spade114.exe file and follow the on-screen instructions. The setup program will do all the work. Setup and Configuration After the installation is complete, it is recommended to adjust a few settings. It is possible to run the software without any specific configuration; however, some of the features will be available only if some values are configured. The setup and configuration is very simple and usually do not take more than couple of minutes. To perform the settings adjustments, open Sam Spade and click Edit Options. This will bring up Options window, as shown on Picture 1. In the Basics tab, enter 2

your default DNS server (or use DHCP), your e-mail address, so that you can do SMTP relay checking, and your ISP s Web server, so that you can use the Awake feature to have Sam Spade send out periodic packets to keep a dial-up connection from being dropped (if you are using a dial-up connection). Picture 1: Basics tab of the Options dialog box After that, click on OK button to save the changes. The basic setup is complete. The Main Features Sam Spade has a nice user interface, as shown on Picture 2. It combines many of the traditional TCP/IP tools with some unique tools that give an administrator a great look at a network. Best of all, these tools are combined in one package. A network administrator will find versions of ping, nslookup, and traceroute. Those Sam Spade versions are intuitive and flexible, especially when compared to the Windows versions of these TCP/IP tools. For example, with the ping feature, you can set the number of echo requests you prefer on the toolbar; then, every time you use ping, it will use that setting. At the command line, you have to use a switch such as ping -n 2 each time you want to set the echo number. 3

Picture 2: Sam Spade user interface Another useful utility of the software is traceroute feature. It is possible to do a fast traceroute or a slow traceroute. The fast traceroute outputs the quick list of hops the packet makes from the originating machine to a designated host. The slow traceroute is more like the traditional traceroute utility. However, both traceroute options provide a nice graph to accompany the information, as shown on Picture 3. 4

Picture 3: Fast traceroute function Sam Spade also includes some traditional UNIX tools, such as whois and finger. Whois is actually the default tool. If you simply enter a domain such as google.com in the Sam Spade toolbar hostname field and hit Enter key, Sam Spade will return the whois information on who owns the domain name, as well as other registration information, such as the technical contact for the domain. In addition to nslookup, Sam Spade offers a more advanced DNS querying tool called dig, which requests all the DNS records for an individual host and/or a domain. An advanced whois tool, called IP block whois, tries to find who owns a block of IP addresses. Sam Spade also provides a set of spam tools: SMTP Verify: Checks to see whether an e-mail address is a true address or if it is being forwarded. SMTP relay check: Measures the security of a mail server. It attempts to relay mail externally. If it is successful, the mail server is vulnerable to being exploited by spammers looking for a third-party machine to relay their mail. E-mail header analysis: Allows you to paste an e-mail address from your mail client into the Sam Spade toolbar and analyze it with all of the standard tools. A sample output of the e-mail parser is shown on Picture 4. Blacklist lookups and Abuse.net query: Both allow you to interact with Web sites (and organizations) that track down and report known spammers. A sample output of the Blacklist lookup is shown on Picture 5. 5

Picture 4: E-Mail header parser output Picture 5: Blacklist lookup output The Sam Spade suite also provides some useful Web site tools. The Crawl Web tool, shown in Picture 6, allows searching a Web site based on specific query parameters you set. It also enables you to download all the documents of an entire Web site. The program includes a Web browser that offers a raw source-code view of a Web site rather than a graphical view. The browser doesn t send any identifying information to the host Web server. In addition, it doesn t support any plug-ins, scripting languages, or other browser add-ons, and it doesn t actually render the 6

HTML into a graphical format. As a result, it allows you to see meta fields, hidden form fields, white-on-white text, and other developer tricks for disguising information. Figure 6: Crawl Web tool Sam Spade also includes some security tools that could send up some red flags if you decide to use them to look at information on other companies, especially large multinational organizations. These tools include a port scanner, a DNS zone transfer tool, and the above-mentioned SMTP relay checker. The port scanner in Sam Spade provides scanning of the TCP/IP ports on computer. By default it scans six common ports; however, if you need to scan any other TCP/IP ports on your system, just click on Advanced button and select the ports you want to scan as shown on Picture 7. If you use the port scanner on another network, be aware that you can set off hacker detection programs. 7

Picture 7: Advanced TCP/IP port scanner The SMTP relay checker we discussed above can also set off alerts for companies that carefully guard against spamming. DNS Zone transfers are extremely useful for testing your own domain to make sure hackers can t gather valuable information about your systems architecture. Once you have enabled zone transfers, go to the fields at the top of the Sam Spade toolbar and enter your fully qualified domain name in the hostname field (on the left side) and enter the IP address of one of your DNS servers in the name server field (on the right side). Then click Tools Zone Transfer. If you see Query refused, you are in good shape. However, if you discover that Zone Transfer has provided a list of your DNS entries, your network is vulnerable. You ll need to disable zone transfers on your DNS servers if you are managing your own name servers, or you ll need to call your ISP and request that it disable zone transfers if it s doing DNS for your Internet servers. In order to use port scanning, SMTP relay checking, and zone transfers, you have to go to Edit Options and then click on the Advanced tab, shown on Picture 8. Here, you can select any of these tools you want to use. Picture 8: Choosing security tools in Advanced tab 8

Summary of the most useful Sam Spade functions is shown in the Table 1. Functions Descriptions This is the same as the built-in Windows and UNIX ping, except you Ping can easily configure the number of pings and the output is a little more verbose. Nslookup Similar to the UNIX command of the same name. Whois Similar to the UNIX command of the same name. IPBlock Trace Finger Blacklist Abuse Scan Addresses Crawl website This command checks the ARIN database for an IP address or set of IP addresses and generates some useful information on it. This data includes the organization that owns those IPs, where they were allocated from an ISP, and different contacts, including a contact to report abuse of they registered one. See figure 2.2 for an example output. Similar to the traceroute command. However, additional information is generated, such as any reverse DNS entry and a graphical display of the latency between hops. Similar to the UNIX command of the same name. Checks to see if your mail server is listed in any of the e-mail black hole lists (databases that contain the addresses of known spammers). If your address somehow gets in there (by leaving your server open to mail relays, for example), then some people won t be able to get mail from you. Looks up the official abuse contact for a set of IP addresses so you can register a complaint if you are having a problem with one of their addresses. Performs a basic port scan for a range of addresses. This very simple port scanner identifies open network ports. Takes a Web site and crawls it, identifying each link and page and any other forms or file it can reach. This is useful for finding all the pages that a Web site references and for looking for files that you weren t aware were there. Table 1: Sam Spade Main Functions Conclusion Sam Spade offers a great all-in-one security analysis suite of TCP/IP and networking tools. Although it is mostly useful for Internet Service Providers and security professionals, it can also be very valuable for network administrators who manage Internet servers and external security (including Firewalls and Access Control Lists on routers). It can also be useful for network consultants when evaluating sites and making recommendations for improving performance and security. 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback