Linux Today: Linux News On Internet Time.

Linux Protects Your Servers with Scapy (part 1)

Nov 18, 2010, 18:34 (0 Talkback[s])
(Other stories by Paul Ferrill)

"The best server and network security tools come from Linux and FOSS. Paul Ferrill introduces Scapy, a powerful Python-based networking protocol analysis and testing tool.

"Guarding your private network from the perils of the Internet is no easy task. The basics are pretty much the same from a defensive standpoint no matter how you slice it. Firewalls of one type or another protect an internal network by using two separate Ethernet connections with a software proxy filtering the traffic between the two ports. Linux serves as a great platform for this role with tools like netfilter/iptables.

"On the offensive side, the techniques most often used involve either a packet monitoring tool such as Wireshark or a port scanning tool like nmap. Both of these tools have a wide following and should be familiar to any network administrator. Scapy is somewhat of a hybrid between the packet capture and analysis capabilities of Wireshark and nmap's packet generation features. Both of these were covered in a recent Linux Planet article. In this two-part article we'll look first at the basics of Scapy including how to get up and running, how to capture and display specific types of Ethernet traffic and how to create a few simple scripts using Python. In part two, we'll go more in depth to look at using Scapy to test your Web server for possible vulnerabilities, how to track down a rogue DNS server, and how to scan a wireless network for potential security holes."

Complete Story

Related Stories: