[ Pobierz całość w formacie PDF ]

Protocol attacks. Use ping only as a diagnostic tool, OK? Please? Or else!
3) Excessive Port Surfing
Port surfing is telnetting to a specific port on another computer. Usually you are OK if you just briefly visit
another computer via telnet, and don't go any further than what that port offers to the casual visitor. But if
you keep on probing and playing with another computer, the sysadmin at the target computer will probably
email your sysadmin records of your little visits. (These records of port visits are stored in "messages," and
sometimes in "syslog" depending on the configuration of your target computer -- and assuming it is a Unix
system.)
Even if no one complains about you, some sysadmins habitually check the shell log files that keep a record
of everything you or any other user on the system has been doing in their shells. If your sysadmin sees a
pattern of excessive attention to one or a few computers, he or she may assume you are plotting a break-in.
Boom, your password is dead.
4) Running Suspicious Programs
If you run a program whose primary use is as a tool to commit computer crime, you are likely to get kicked
off your ISP. For example, many ISPs have a monitoring system that detects the use of the program
SATAN. Run SATAN from your shell account and you are history.
**********************************************************
Newbie note: SATAN stands for Security Administration Tool for Analyzing Networks. It basically works
by telnetting to one port after another of the victim computer. It determines what program (daemon) is
running on each port, and figures out whether that daemon has a vulnerability that can be used to break into
that computer. SATAN can be used by a sysadmin to figure out how to make his or her computer safe. Or it
may be just as easily used by a computer criminal to break into someone else's computer.
***********************************************************
5) Storing Suspicious Programs
It's nice to think that the owners of your ISP mind their own business. But they don't. They snoop in the
directories of their users. They laugh at your email. OK, maybe they are really high-minded and resist the
temptation to snoop in your email. But chances are high that they will snoop in your shell log files that
record every keystroke you make while in your shell account. If they don't like what they see, next they will
be prowling your program files.
One solution to this problem is to give your evil hacker tools innocuous names. For example, you could
rename SATAN to ANGEL. But your sysdamin may try running your programs to see what they do. If any
of your programs turn out to be commonly used to commit computer crimes, you are history.
Wait, wait, you are saying. Why get a shell account if I can get kicked out even for legal, innocuous
hacking? After all, SATAN is legal to use. In fact, you can learn lots of neat stuff with SATAN. Most hacker
tools, even if they are primarily used to commit crimes, are also educational. Certainly if you want to become
a sysadmin someday you will need to learn how these programs work.
Sigh, you may as well learn the truth. Shell accounts are kind of like hacker training wheels. They are OK for
beginner stuff. But to become a serious hacker, you either need to find an ISP run by hackers who will
accept you and let you do all sorts of suspicious things right under their nose. Yeah, sure. Or you can install
some form of Unix on your home computer. But that's another Guide to (mostly) Harmless Hacking (Vol. 2
Number 2: Linux!).
If you have Unix on your home computer and use a PPP connection to get into the Internet, your ISP is
much less likely to snoop on you. Or try making friends with your sysadmin and explaining what you are
doing. Who knows, you may end up working for your ISP!
In the meantime, you can use your shell account to practice just about anything Unixy that won't make your
sysadmin go ballistic.
************************************************************
Would you like a shell account that runs industrial strength Linux -- with no commands censored? Want to
be able to look at the router tables, port surf all.net, and keep SATAN in your home directory without
getting kicked out for suspicion of hacking? Do you want to be able to telnet in on ssh (secure shell)so no
one can sniff your password? Are you willing to pay $30 per month for unlimited access to this hacke r
playground? How about a seven day free trial account? Email haxorshell@techbroker.com for details.
************************************************************
In case you were wondering about all the input from jericho in this Guide, yes, he was quite helpful in
reviewing this and making suggestions. Jericho is a security consultant and also runs his own Internet host,
obscure.sekurity.org. Thank you, jericho@dimensional.com, and happy hacking!
_________________________________________________________
Subscribe to our discussion list by emailing to hacker@techbroker.com with message "subscribe"
Want to share some kewl stuph with the Happy Hacker list? Correct mistakes? Send your messages to
hacker@techbroker.com. To send me confidential email (please, no discussions of illegal activities) use
cmeinel@techbroker.com and be sure to state in your message that you want me to keep this confidential. If
you wish your message posted anonymously, please say so! Direct flames to dev/null@techbroker.com.
Happy hacking!
Copyright 1997 Carolyn P. Meinel. You may forward or post this GUIDE TO (mostly) HARMLESS
HACKING on your Web site as long as you leave this notice at the end.
________________________________________________________
___________________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Beginners' Series Number 4
How to use the Web to look up information on hacking.
This GTMHH may be useful even to Uberhackers (oh, no, flame alert!)
____________________________________________________________
Want to become really, really unpopular? Try asking your hacker friends too many questions of the wrong
sort.
But, but, how do we know what are the wrong questions to ask? OK, I sympathize with your problems [ Pobierz całość w formacie PDF ]