Links for Securing Crystallographic (UNIX) Computers on the internet.

Lachlan Cranswick l.cranswick at
Sun Aug 15 00:18:45 EST 1999

As part of the IUCr Glasgow Congress Software Fayre:
A demo of how hackers probe and get into crystallographic servers 
and the software that can defend against this was demonstrated.
Following is some good software links as after chatting to a few 
people, "default" setup crystallographic servers seem to be 
having their share of break-ins.

Summary is:  Providing the OS is kept up to date, unnecessary
services are disabled and programs such as secure shell (ssh) are 
installed; it doesn't seem that hard to keep hackers out of 
crystallographic systems.  The great majority of hackers are 
"script kiddies", who use canned software to identify and 
target "weak" computer systems without really knowing how the 
software they are using works.



Disabling un-necessary services:

Disable deamons you don't need, use or don't know about.
finger, rshd, rlogin, etc (in /etc/inetd.conf).   You will
find out if they are necessary if some things stop working.

TCP Wrappers around remaining services running in /etc/inetd.conf 
and around the portmapper if this is being used.


FBI NIPC Cybernotes (weekly updates of exploits and new programs)


Stealth Scanners:
(needs Libpcap at

Stealth Scan Detectors (work on Linux)

Abacus Sentry for UNIX:


Packet Sniffers:
(has a non-interactive mode for picking up plain ASCII
passwords travelling over the network)

New Remote Sniffer Detector (needs to be on same network segment)
ANTISNIFF for Windows:


Secure Shell 1.2.27 for UNIX (client and deamon) 
(just don't rely on TCP Wrappers - and gives
the option of elliminating the Telnet and FTP deamons)
(To install, just do  ./configure ; make ; make install  - then 
edit the /etc/sshd_config, and create an init script
for the sshd deamon)

TeraTerm for Windows (telnet program)
ttsh (Secure Shell Plugin for Teraterm for Windows)


Deception Toolkit for UNIX:
(installs fake deamons so you can detect exploits before
they can cause any damage)


Backing up hard-disks/information via the network.

Rsync (high efficiency algorithms that can work 
through Secure-Shell)  (by the people who wrote Samba)


>200kB of anti-hacker links and resources in no particular


Lachlan M. D. Cranswick

Collaborative Computational Project No 14 (CCP14)
    for Single Crystal and Powder Diffraction
Daresbury Laboratory, Warrington, WA4 4AD U.K
Tel: +44-1925-603703  Fax: +44-1925-603124
E-mail: l.cranswick at  Ext: 3703  Room C14

More information about the Xtal-log mailing list