Bugtraq mailing list archives
Cheops
From: markster () MARKO NET (Mark Spencer)
Date: Mon, 7 Dec 1998 03:03:22 -0600
I've been developing a new network administration and access tool for Linux called Cheops. From the README: "Cheops is a network "swiss army knife". It's `network neighborhood' done right (or gone out of control, depending on your perspective). It's a combination of a variety of network tools to provide system adminstrators and users with a simple interface to managing and accessing their networks. Cheops aims to do for the network what the file manager did for the filesystem." Now, while Cheops is designed to give the administrator and the user a powerful view of their networks, but it could also be used to provide a cracker with a view of your network as well. The purpose of this message is two fold: (a) to inform of the availability of cheops, and encourage people to see if it can help them with maintaining their network and (b) to educate as to the methods employed by cheops to help preempt its potential use as a "point-and-hack" interface. Technologically, there is nothing new about cheops. It uses techniques from traceroute, queso, and halfscan to determine network topology, operating systems, and services. What is somewhat new about cheops is the interface that it presents the user of the network, much like files are represented with a file manager. Right clicking on a host presents a menu of services and easy point-and-click access to them. Rudimentary mapping functionality is also available. So, signs that someone is using cheops on your network would include: * Ping activity (discovery) * lots of traceroute activity (cheops uses the same ports as traceroute) * TCP packets with unusual flags (queso-style OS detection) * Half-scaning (for determining the menu, only when someone right-clicks a host) For more information on Cheops, please see its web site at http://www.marko.net/cheops or download it at ftp://ftp.marko.net/pub/cheops. Cheops builds on glibc Linux systems with the GTK (libc5 also works, but you must edit the Makefile and possibly a header file) and is distributed under GNU GPL. I eagerly welcome any comments or suggestions regarding cheops from both a user/administrator perspective and a security perspective. Mark
Current thread:
- bootpd remote vulnerability John McDonald (Dec 04)
- hping, a tcp pinger antirez (Nov 30)
- Re: bootpd remote vulnerability Irwin Tillman (Dec 04)
- <Possible follow-ups>
- Re: bootpd remote vulnerability Crispin Cowan (Dec 05)
- Cheops Mark Spencer (Dec 07)
- Re: bootpd remote vulnerability John McDonald (Dec 07)
- Security Bulletins Digest (fwd) Patrick Oonk (Dec 07)