Dvorak Takes On The Crackers 123
rozerumn sent us linkage to another fun and exciting Dvorak column. In this weeks episode he takes on the crackers. Offers views on whats happening in the area. Flamboyant as always.
This discussion has been archived.
No new comments can be posted.
Dvorak Takes On The Crackers
Related Links Top of the: day, week, month.
I have hardly ever known a mathematician who was capable of reasoning. -- Plato
Good Article (Score:1)
\\||//
----ooo00ooo----
Me too. (Score:4)
I had the same feeling. It's like millions of port scanners were logging hackable ports, and then were suddenly silent.
Re:Good Article (Score:1)
I'm already sharing several machines across my dial-up access, but I'm on for such short periods and at such odd times, that I've never really been too worried about any kind of firewall.
However, (A)DSL is going to change things rather quickly I would have thought - time to start collecting lists of GPL'ed or Freeware firewall products me thinks.
Think about it.. (Score:2)
This is why the internet will never be (completely) regulated.. At least not in the forseeable future. Do we really want to have everything we do watched? I think not..
((Mark this what you will.. I just went off and it is late))
Does he have a clue!? (Score:1)
The suspected Smurf attack came from an @Home user.
If this moron knows how smurf works, he would know that the IP address of 'attacker' can not be seen - because it does NOT exist. You send a spoofed request to 'amplifiers', that then respond (those are just broadcast addresses) to the spoofed IP - which is the 'target' IP.
So, if I 'smurf' him, how is he going to get my IP address, when it's not sent to him?! What a moron... And then some people will read this crappy article, say "God, this man is so knowledgable", and follow the 'instructions'; but won't realize that all they see is - misinformation.
Usual crappy writing by Dvorak... That man should kill himself - he's really clueless.
Why can't Cisco et. al. (Score:2)
IE...wouldn't DoS attacks become impossible if routers could be programmed with somethink like "if number of packets from A to B on port X > Y, drop connection A". Sorta like how most IRC servers have flood protection, where if you try to flood the IRC server with information requests (in an attempt to split that server from the network), the server simply disconnects you. Or how mail servers that detect you are sending "too much mail" can drop your connection until they can see if you are a potential spammer"
The technology clearly exists to cap transfer rate (as @Home does with my connection) so why can't it simply have a quote assigned to abused ports like what ping, tracert, NetBios, and the various trojans use?
Blocking the traffic at the endpoint slows down every connection along the way. Internet service providers who don't want to support this kind of traffic should be able to automatically disconnect
you if are being abusive. It might also be possible to monitor WHAT is being sent (multiple packets that contain the exact same thing). This forces the attacker to generate some kinda of random information...which increases the size of the connection transmission and slows them down.
I clearly know nothing about this, or I'm sure someone would have such a device already, so I'm interested in seeing why this type of protection is not possible.
- JoeShmoe
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
!Hacker (Score:1)
details details... (Score:2)
Correct me if I'm wrong but... the IP address of a smurfed packet show the targets IP address rather than the attackers. Bad Person A sends an ICMP Ping packet to an broadcast address with the packets source address spoofed to look like it came from victem B. So all the (broken/misconfigured) hosts on the network respond to the broadcast ping and send their reply to the victem. A sends 1 packet, B gets (up to) 254 packets and dies.
Just worries me that some (possibly) innocent user is now going to get hasseled becasuse Dvorak put the hard word on @Home (and maybe @Home listened to save embarasment on Dvorak's website.) Actually I doubt it would really come to that in this case but it's a distrubing notion. Yes crackers/script kiddies are bad. But theres no TurnKey solution to them like BlackICE(what ever that is). If you don't know what your security monitor is telling or what to about it you're no better off. Maybe worse of for thinking yourself safe when you're not.
Re:Good Article (Score:1)
Repression is escalation (Score:3)
This situation isn't much different from drugs, as long as people want to do them, a way will be found. All law enforcement can do is arrest the least talented and make the rest more cautious and better armed.
I'd prefer to see hacking winked at, but actual damage responded to in a proportionate matter. If someone hacks a hospital and someone dies, that's murder, laws exist. If someone brings a financial system down, that's war or terrorism, call out the troops. We need to get across the idea that stupid hackers are those that damage, not those that can simply be caught.
kiddies hacking your PC (Score:4)
* an online programming comp : sure schools run them, but it often takes teams of four or five and you have to travel and have a teacher in on it, etc etc. often, at a small school like mine it's hard to find 5 friends who know enough/care enough to enter with you. if you could do it online, by yourself, you could really test yourself against some challenging problems and peers. i did a fantastic uni assignment where we wrote java robots that played against each other in a constant battle ; everyone was ranked by how much money they made ...something like that maybe?
*a teengnu project, or something like that. sure, at highschool i didn't know about good programming techniques, oo theory, data structures, etc ... but i would have loved to learn. we don't know enough to start contributing to kernal code, but surely there is something we could put together?
*a online buddy system with undergraduates or something, passing on linux/programming tips to a new generation. if someone had of told me about, for example, binary trees, i'm sure i could have researched and implemented them in highschool (maybe to kick ass in the online programming comp battle thing!)
* put your ideas here! you've all been (or are, bored teenagers, what would you have liked?
I'm waiting for a big sting. (Score:2)
The site I currently contracting for will soon be rolling out an internet based financial system, which is planned to go live next month. (I won't give too many details).
The specifications for both the OS of the web server and the intrusion detection systems have changed this week. The whole system has been badly planned from the outset.
The intrusion detection systems are of the hardware only system - how the hell are they going to keep them up-to-date with the latest attacks?
I hope that they get stung badly when it goes live, and I hope that leads to dimissals of many of the complacent management here.
More problems... (Score:2)
Re:Why can't Cisco et. al. (Score:2)
IE...wouldn't DoS attacks become impossible if routers could be programmed with somethink like "if number of packets from A to B on port X > Y, drop connection A". Sorta like how most IRC servers have flood protection, IE...wouldn't DoS attacks become impossible if routers could be programmed with somethink like "if number of packets from A
If this ever will be used, "reverse" DoS attacks will be rampant -- it will be enough to pretend that victim's address is trying to do something "bad" (and it will be easy because checks can't implement complex checks against spoofing because then they will become CPU-intensitive and will be a victims for DoS against them), and legitimate packets from that address will be blocked by "secure" router.
Re:Why can't Cisco et. al. (Score:2)
The trip to stopping/paring this down is not to make better defenses, rather to make it more difficult to get away with. Any bank can be robbed, but with good logging and attentive surveilance, less will get away with it. Then of course laws and punishment come into play...yada yada yada...
Re:I'm waiting for a big sting. (Score:1)
Unfortunatly due to a complete lack of knowledge throughout the departments, we still do not know exactly WHAT we have to monitor. For example, all we have been told about the intrusion detector is that it supports SNMP. They expect us to be able to instantaneously alert someone if anything goes wrong.
This job is down south, and I hate it. I'm living in lodgings all week, and desparatly need to get back up north.
Hmmm... grab all Slashdot participants? (Score:5)
phear us?
The shot that you can hear, missed you (Score:1)
Skriptz Kiddiez... (Score:1)
what to do (Score:2)
and make yourself a nice paranoid firewall.
Re:Why can't Cisco et. al. (Score:2)
Perhaps you misunderstand...how would this be possible since, even if you spoof an IP address, the connection still has to be received and forwarded by the router attached to the REAL address?
I'm suggesting the problem needs to be attacked well below the application layer. The data should not be processed, it should simply be compared to other data in some kinda of buffer.
IE...a single connection, like FTP, would generate a huge amount of traffic, but it would all be unique (it's safe to say no one would be downloading the same file over and over 100 times a minute). Therefore, if the router buffered the traffic, there would be no match between packets and the stream would continue.
But...multiple connection (real or spoofed, valid or incomplete) would also generate a huge amount of traffic...but there would be an obvious pattern. The router would see the same size packets with the same destination many times in a row and then simply refuse to route traffic for that REAL connection. Therefore, no routers upstream would be affected and the only thing the attacker would be DoSing is his own connection.
It's like...comparing the waveforms of a sound file and an EKG. You can easily spot the repeating pattern in an EKG by buffering just a few miliseconds. And, if the attacker enlarges the repeating portion to escape detection, he is also decreasing the number of connections per second...down to the point where a decently fast server can handle them.
IT would kill programs like GetRight with rely on hammering to get their target information AS SOON AS POSSIBLE, but really...this is software we can live without.
- JoeShmoe
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re:More problems... (Score:1)
I'm not saying that using local laws & trials is the best way to do it, that's not for me to decide. Just thought an example would be nice.
Re:Repression is escalation (Score:1)
I think the *only* real way out of this is a major push to IP6 so we can actually get some real identities..
Granted, someone might break IP6, too-- but, that's the same as someone burning their fingerprints off to foil the fingerprint identification system (spoofing ip).
Oh, and if the internet weren't global, this might be all possible. If a random Japan native nuked my house, would the FBI *really* care?
No.
But its just something we'll all have to live with- to each his own, I guess. It's time we all stopped thinking about the "internet" as one giant computer that can be controlled;
IT CAN'T!
Can your phone company stop a prank call before you complain about it?
Does the pizza delivery place still ask you for your phone number EVEN THOUGH they have it on caller-ID ?
Does this make sense at all?
Re:Why can't Cisco et. al. (Score:1)
This would leave only the people who actually know what they are doing, making a much nicer internet for all. It would even solve his problem, he would be kicked off his e-commerce network for his own protection.
That is, until someone passes a law allowing us to ban people like him from using anything more technical than a typewriter.
A word of advice for his kind:
"If you don't know what it does, DON"T FUCKING TOUCH IT"
Definitely got the right idea (Score:2)
--
Re:Repression is escalation (Score:2)
> Making examples of script kiddies will reduce their numbers > but transform the remainder into really angry and careful hackers.
I doubt this. The script kiddies I've met didn't have the brains (or more importantly, the obsessional dedication) to invent an original exploit. Capable hackers are born, not made, and although many will use a script that's there and freely available, they have even more disdain for the kiddies than most sysadmins do. You can't turn a kiddie into an inventive hacker, just by pissing them off.
3l33t d00dz are like British Admirals - we should hang the occasional one, pour encourager les autres. I don't think they should be Mitnicked into oblivion, but a good full-blown public trial, confiscation of kit and a fine is going to send a clear message that hacking is for real. Hack if you want, join the Mafia if you want, but don't think that either of these is just some new sort of RPG that's socially acceptable.
"FBI" scripts (Score:2)
Re:Why can't Cisco et. al. (Score:4)
I disagree. First of all, I think a simple comparison of an incoming packet to a previously stored packet in a buffer somewhere is not really a significant overhead. It doesn't need to check every single packet (since odds are there will be identical ones under legitamate usage) but if some kiddie tries "ping a zillion times with 32000 bytes of data as fast as possible" surely some router should be smart enough to say "uh, no" if that is it's owners wish. Operating systems don't enforce any limits on the quality and quantity of data they send, therefore I say that it is the job of the router to make that determination. If there is a valid use for "ping a zillion times with 32000 bytes of data as fast as possible" then let it find some other route, because I don't want to lose my bandwidth because of it.
Second of all...even if there is overhead, it's only price. So you have to pay for a 100Mbit router to get 10Mbit performance...costs always go down over time and the difference is that you may only have 10Mbit worth of actual data after you are able to block out abusing users absorbing data with meaningless attacks.
I've seen water valves where there is a object set perpendicular to the flow of water in the value. Water rushing over the object decreases the pressure over it, causing the object to rise and block part of the flow. Thus, a slow, steady stream can pass through but sudden spikes of high pressure will be bouced back as the value slams shut on it. Once the pressure has reduced, the flow continues as normal. Also a good comparision, I guess, would be surge suppressors.
What's my point with those two comparisons? In both cases the control is done at a VERY low level. Similarly, since there has to be a set bit format for a valid IP packet, I fail to see why it would take serious overhead to tabulate what source is sending the most packets per second and drop packets from excessively high connections so that upstream bandwidth is shared equally and abusive connections slow to a crawl.
If I understand correctly, it's not just the target server that loses in a DoS situation...it's every router along the way. Therefore I think it would be an incentive for people to pony up the resource cost so that abusers would have to route their traffic somewhere else...no?
- JoeShmoe
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Reverse DoS (Score:1)
Either traffic is halted, slowed as packets are analyzed, or these routers are amazingly epensive.
Wow. This reads like a 7th grade book report. (Score:4)
I mean talk about content free, not to mention completely unresearched.
"I have the feeling theres, like, this sting or something, whoa."
"Like those kiddie porn rings, yah they stopped those, dude, all right!"
"No operating system is, like, invulnerable, like."
"OMG! Like there was this one dude, he like, tried to telnet to my machine, but fortunately it was a windows box, and thats, like, secure, because i have this firewall and stuff and doesn't let people telnet like into it."
Another GREAT article from that bastion of cluelessness that is Dvorak. God, if it wasn't for journalists like him, how WOULD we get our mass-market news?
Oh no (Score:1)
Dvorak used the word "hacker" in the context of "cracker"
I can hear it now
the fists beating loudly against the chests of all
self righteous slashdotters out there.
just quit it, it's annoying, yes we all know that
they mean "cracker" it's been debated numerous times
we don't need to be reminded again
please?
----------
Dvorak's use of the term 'hackers' (Score:3)
Years of the media using hackers as a synonym for "someone who cracks systems" has made it an acceptable use. Stop fighting it and deal.
Of anyone in the media, Dvorak knows this. He's started using hacker because it's the only word most of the Real World understand. This guy HAS been in the industry longer than you. Don't pull the argument that "when I was young we just had [mechanical relays | punch cards | TRS-80 | IBM XT | iMac ]."
I just wanted to post before someone else bitched about it.
-Chris
Only 10 probes and a DoS attack? (Score:1)
Re: (Score:1)
Re:Hmmm... grab all Slashdot participants? (Score:1)
Re:Me too. (Score:2)
The key to stopping all this bad writing on the internet is a massive worldwide clue-by-four. In fact, I suspect one is hurtling toward my head right now, although I have no evidence of it. It's just a sense I have. Maybe I should ask my editor. Nevermind, he's been fired and replaced by Word 2000.
Re:I'm waiting for a big sting. (Score:1)
>mostly due to the fact that management are
>clueless
That's a pretty good point. I work as a security engineer and I have to deal with people who only consider security as something really annoying, not allowing them to use the latest trendy technique. This is valid for management and for some techies too, as long as security is seen as a completely separated discipline. Thus my position is often incomfortable. I sometimes would like to send a Usenet message saying : "Hey guys, here is an IP (xx.yy.zz.tt), crack this box just to make everyone conscious !". But I won't, I don't want to loose my job. Nevertheless, this kind of violent electroshock may be needed...
A+
Re:Why can't Cisco et. al. (Score:1)
Well that's my sex life finished then.
jsm
Don't click that link. (Score:1)
Dvorak has expended all his credibility a long time ago. The guy just trolls, and gets away with it because he writes for a "respected" (yeah right) source.
Stop bothering with him. Just moderate him down and go elsewhere.
-
Dvorak going fishing? (Score:1)
If there is no news happening, you should try to make some? This sounds pretty fishy. Of course, he's going to get what he wants.
Publicity. Book deal.
Re:Me too. (Score:1)
Re:Clueless. (Score:1)
--
"I am Blair of EU^H^HBorg. Surrender your currency and prepare to be assimilated."
Re:Clueless. (Score:1)
People need to realise that NO OS is secure and that NO OS can be made secure (alla all OS's suck). Look how many security fixes have gone into Linux the past year alone (probably the first OS people think of when think of alternative to Windows). People have started believing that the OS alone can stop crackers, hackers and other wannabees and then whine when their "secure" system is cracked.
wait you forgot something.... (Score:1)
Re:"FBI" scripts (Score:1)
Hey Bobby,
Two-A-Day and Ihad a big laugh over this,
Lucas
Re:kiddies hacking your PC (Score:1)
I think I can safely say that no teenager who is 'into computers' is bored.... There's just mind-boggling numbers of things to do with computers, as most of the slashdot readers know.
New Acronym... (Score:1)
Or : Yet Another Disgustingly lame Dvorak Article.
Mr Dvorak, please don't put your nice little Windoze machine on *any kind* of permanent 'net connection (cable, ADSL or other) -- or you will get it hammered by every single script kiddie out there . Use a *real* operating system if you want to keep it uncracked. Oh, and, please, please, please avoid pointless exercices in intellectual masturbation, such as "I feel like a huge crackdown is coming for those no-good kids! And about time, too!". You either have some sort of *fact* or insider info or you don't. In your case, you don't: yadda, yadda, yadda.
I am not even going to comment on the "cracker vs hacker" debate. This guy is pathetic and clueless beyond belief. Commercial firewall? Yeah, sure.
Re:what not to do (Score:1)
logan
Re:Dvorak's use of the term 'hackers' (Score:1)
And this makes it right?
By your words then we as Linux users should stop fighting M$ and bow down to the masters. Hogwash!
Dvorak may have been around the industry but he konws dick about it. His articles prove that!
He is just another mindless fool.
You might try reading Steven Levy's book, you might othen get a feel for the REAL term "Hacker".
I consider myself a hacker of the old school and have no problems admitting it, even in the business world. In fact my employer liked the idea of having a "hacker" around to solve the problems their normal IT staff couldn't handel.
Dvorak discovers Firewalls. Film at 11. (Score:3)
Seriously, people should assume that port scans are headed their way on a regular basis - and anyone who doesn't at least have a NAT router (I know NAT isn't a real firewall, but it'll beat 99.9% or the script kiddies out there) between themselves and the Internet should go out and get _some_ kind of firewall - the cable and DSL providers should be recommending these to all their customers, or at least implementing basic firewalls within the cable/DSL modems. At this point, everyone should implement some form of packet filtering - there's just too many script kiddies out there to assume any trust at all.
Sucks, don't it?
- -Josh Turiel
Is BlackICE good or not? (Score:1)
This is at least the second recommendation I've read for this product. Is any slashdotter using it and do they recommend it? Is BlackICE available for Linux? I'm looking for a product like this that's affordable (i.e., cheap or free) for both Windows and Linux. At $39.95 BlackICE seems like a good deal. (I want an all-in-one firewall product for Linux.) Please comment.
Re:Dvorak's use of the term 'hackers' (Score:1)
NO!!!!!!
Will years of M$ using 'innovation' to describe its business practices make this acceptable:
"You hit the guy with the baseball bat, and I'll innovate his wallet."
All humor aside, we are in the midst of an Orwellian nightmare. The clueless media feeds mountains of mis/disinformation to the even more clueless masses. Never before in the history of this country has there been such an overwhelmingly sheeplike public. People rarely read. When they read, they do not comprehend. A generation raised on television and RPG's and techno-fairytales cannot distinguish between the real world and the one they desperately wish they lived in.
Do NOT stop fighting against Orwellian revisionism. Do NOT surrender to the lowest common denominator. 50 million people CAN be wrong. Hell, how many million people think AOL is the internet?
If we allow an ignorant unthinking mob to define the language for us, how far are we from allowing them to 'innovate' our very freedom of expression right out from under us?
Bite My Ziff, Davis!
======
"Cyberspace scared me so bad I downloaded in my pants." --- Buddy Jellison
Re:Repression is escalation (Score:1)
I have a close contact in the Computer Crimes division in the Atlanta, GA FBI office. She has explained to me that the FBI (at least the GA office) has been focusing a considerable amount of attention on the small-time hackers. The script kiddies.
Unfortunately, the FBI is unwilling to assist in a reported incident unless they "hacker" (and I use that term loosely) damaged a system/network or stole confidential information.
It's a step.
Re:Oh no (Score:1)
CmdrTaco used the word "columnist" in the context of "Dvorak"
---
Re:Reverse DoS -- still not getting it (Score:2)
If attacker formats packets to spoof the source as IP 1.2.3.4 then it still has to come from somewhere. IF it comes from another router, then the first router is simply ignoring packets with IP 1.2.3.4 from that router. It has no effect on the data flowing from the REAL 1.2.3.4 many many hops away.
So if you wanted to truly reverse DoS 1.2.3.4 then you would either have to A) spoof the attack to a huge number of routers that you know 1.2.3.4 connects through...in which case your attack has been diluted and unlikely to truly work or B) attack the one or two routers that serve as 1.2.3.4's entry point...which is basically the very kind of DoS attack the routers are now trained to block.
At some point...it all tracks back to a unique MAC address so there is at least ONE router in the whole world that can stop an abusive stream at the source...witout even looking at IP information at all.
And again...in case I haven't made it clear...
YES the extra thinking will slow down the routing of packets but DoS attacks are already slowing down that same routing of packets. If you spend a couple extra milisecond of thinking to decide to exclude DoS information that can last minutes or even hours there is going to be an increase.
Script kiddies love to attack EFNet servers to split them off the network and gain ops in a popular channel. So IRC server started using a policy where no ops are giving during a split. Thus, they are no longer a target because there is no reason to attack those servers and quality of service increases.
Likewise, if script kiddies find that a certain route point drops their ping flood, they have to find another route until eventually no routers will carry that traffic at all.
- JoeShmoe
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re:Is BlackICE good or not? - duh - IPCHAINS (Score:1)
Then you can use another tool like portsentry which detects portscans, and can be set up to use ipchains rules to automatically drop packets of anyone portscanning you (including your ISP
Then secure your box by removing all services except ssh.
It isn't too hard.
Confession of an ex-scriptkiddie (Score:1)
>"kids" who get their hands on some programs and >start mesing around? How far is too far?
Speakin for myself, all it takes was a polite phonecall from a sysadmin who's box you've just attempted to crack. I haven't "attacked" any systems (well, except helping check some security things on my roommate's box) since then. For the young or stupid, a good scare will set them on the right side of the law. Fear can be a good weapon against the script-kiddie, especially if you catch 'em small, and scare the hell out of them by mentioning the FBI.
So, you want to be a real hacker? (Score:2)
Take a classic board game and write your own computer version of it. Program "perfect" play for the computer player. Write a program to "solve" checkers through brute force. Write a fractal viewer with a cool zoom-in feature. Write a dense linear algebra package. Write a sparse linear algebra package. Get the edition of Numerical Recipes without the code and implement all the algorithms therein. Get the NR code and time test your implementations against theirs. Beat the times of the NR algorithms.
Still bored? Write a fluid dynamics code. Add viscosity. Add MHD. Add self-gravity. Add adaptive grids.
Download all the cracking scripts and figure out how and why they work. Fix the holes they exploit. Find a missing feature in Linux that really annoys you and add it. If you are at a loss I have a couple of suggestions.
Download the Infocom engine and write your own adventure. Write your own MUD or chat program.
That's just off the top of my head, but I think you get the idea. Any teen who is so "bored" with computers that he can think of nothing better to do than to break into other people's machines and cause trouble is either pathetically uncreative or just plain ornery. Which one are you?
(Sigh. Not even 30 and already an "old fart". That's got to be some kind of record.)
-r
Wow (Score:2)
But what I find *really* interesting is his "Cause" . What "Cause" is this, exactly?
Prosecuting people for lawful assembly?
Prosecuting people for encouraging meaningful and fair competition in a major economic sector?
Prosecuting people for daring to say that the Emperor has no clothes?
Mr/Ms Sessions, if that's your name, exactly what crime is it you're alleging me of committing by frequenting SlashDot and the development mailing lists? My lawyer *really* wants to know....
Re:Do _YOU_ have a clue ? (Score:1)
Actually that is exactly what it means. There is very little information in an ICMP ping. There the IP header which basically conists of the target address (a broadcast address for smurf) and the source address (spoofed) and a flag to say "this packet is an icmp message" and some bits and pieces like TTL and TOS. That's the IP header - wrapped up in that is the ICMP header. It just contains flags to say "I am a Ping message" and a check sum and a few more mechanical bits and peices. Inside the ICMP header is the payload and it's arbitrary - anything we want just make it big so the target dies. (But not too big or else we'll get filtered out.) No where in there is there even the slightest trace of the true source of the packet. The only way to track down a smurf'er is by working your way backup the route and finding out at each step what the next hop is. This is a complicated process requiring the co-operation of many admins across many networks and ussually can only be done while the attack is
in progress. Some smurf attacks have been known to go on for hours and hours so this can happen - but as I am sure you can imagine, not very often. This is the main reason why smurfing remains such a popular peice of mischief amongst the script kiddes and such a pain for the rest of us - even though it's been public for over 2 years. (Thankfully not too many exploits survive that long in the wild.) The best chance for catching someone doing this is for their ISP to notice the packet as it goes out. But - if the ISP had a clue in they wouldn't be routing packets with a non-local source address out onto the internet in the first place.
Dvorak is on crack. (Score:1)
I find his suggestions deeply disturbing. Am I naive to hope that policy makers are better informed than he?
Eliminating SMURF and similar DOS attacks (Score:1)
More information on Sessions (Score:1)
1) He's active in the area of spam control on the Usenet. In this regard, I agree with him because spammers are evil, and they have destroyed some of the usefulness of the Usenet. He goes way overboard in my opinion, because he's a monitor of what the *appropriate use* of the internet is. In other words, he's not just against spammers, he's against those who use the internet to further their political goals. And that's where I ran into him when I was arguing a particular topic.
2) And that topic was circumcision. There's a lot of people who are opposed to it, and they argue on the usenet about it. I think he'd just like to shut that idea down entirely, because, well, he's in favor of performing surgery on infants without a medical diagnosis. He doesn't see the usenet as a valid medium for radical political organization. No matter what a person thinks on an issue, I think the usenet is there for everyone to argue all day long if that's what they want to do, and to organize grassroots political support if they can.
Re:Play on Words? (Score:1)
hacker types on
--joe
"I have done nearly everything at one time or another."
--My Manager
mmm, crackers (Score:1)
How Dvorak and ZDNet's business works (Score:2)
- Dvorak writes an inflamatory article (aka: Troll).
- The link to the article spreads amongst the target community (ie: Unix/MacOS/BeOS users, hackers, people of intelligence.)
- Everyone in the targeted audience clicks on the link to the article, sometimes more than once.
- ZDNet counts every time Dvorak's page is served.
- ZDNet sends a bill to the owners of the ad banners on Dvorak's page.
- ZDNet and Dvorak are swimming in money.
- Dvorak decides he needs a new car, and composes his next inflamatory article.
Thus the circle is complete again. And ZDNet is a bit more richer.Why else would Dvorak have a job?
--
Re:So, you want to be a real hacker? (Score:1)
If you knew about game theory, NR, and linear algebra you must have had a pretty nice high school, and most likely it wasn't a standard public one. I was lucky to have an AP CS class at mine.
I think the point is that a lot of kids don't know what cool stuff is out there, like free development tools, Linux, and the like. That is changing, but much too slowly. We have to be a bit more active than osmisis...
An ex-bored teenager...
Re:kiddies hacking your PC (Score:2)
p.s. Is "teengnu" more like the Young Pioneers or the Campus Crusade?
arrogant sob (Score:1)
abuse@home.com
I've dealt with them before. They seemed competant enough.
Re:How Dvorak and ZDNet's business works (Score:1)
--
"New worlds are not born in the vacuum of abstract ideas, but in the fight for daily bread..."
I've used it and it's not yet available for Linux (Score:2)
BlackICE was designed for multiple platforms, but currently does not run on Linux. However, it detects many attacks directed against Linux machines, such as the rpc.mountd overflow.
DETAILS We plan to support UNIX platforms, especially Linux, in the future. This page will be updated in the future as we get more information.
I installed it on a Windoze and found it useful. I watched it detect a NetBus probe-- the icon flashes and you are given the date, time, info, and IP address. When you select the attack for more info it brings up a web page telling you what the attack is, how common it is, not to panic, what you can do about it, including a submit-the-IP address option that tells you to what ISP the attacker's IP (theoretically) belongs to. The info was easy-to-understand and direct so that non-techies won't panic if they read it-- and that's obviously who the product is geared towards.
Overall, it has an intuitive GUI, logical tracking methodology, and is a thorough product.
Good for them (although I concurr that they REALLY should remove an enorsement from JP)...
Re:So, you want to be a real hacker? (Score:1)
As a teenager (10 years ago), I can remember first reading about the Mandelbrot Set in Scientific American. They gave the formula by which it was created, but no actual code to do it yourself.
Some number of hours later, I had a QB program (ya, I know, I didn't have a DOS C compiler yet) that could generate a fractal. Then I had to create a viewer to see it. After about 3 hours of crunching (I went to see a movie) on my poor 386-20, I was amazed to be looking at the Mandelbrot set.
I agree that boredom is one damn poor excuse to start cracking. Many more will be impressed by a hacking effort than a cracking effort.
GRH
Terminology (Score:1)
It'd be a different manner if you wanted to round up the malicious crackers who attack sites though...
Forgive me Father, for I have sinned . . . (Score:1)
His jacket had been thrown off at the first exchange of words with the three stern men. Dvorak had rolled up his sleeves and was tightly gripping the Cross sterling-silver pen from the inside lapel pocket of his cast-away jacket.
Cletis spoke in a steady, slow, but menacing drawl, "What was that y'all said about my mother and my Apache Server?"
That was an excerpt from my new novel "Dvorak Takes on the Crackers". What do you think?
I disagree (Score:1)
> It's a mess, and no operating system is immune.
Exactly. Which means BUILD A BETTER OPERATING SYSTEM. Linux and other freely available OSes are immune to many, if not all, of the attacks with proper setup and filtering.
These journalists should stop touting NT as the holy grail of server OSes when it has gaping security and DOS problems.
I suppose I'm getting into the holy war regarding who gets blamed, the software companies or the people that exploit them. My opinion is that the blame should go on the software companies and implementers.
> This is where teenagers go to grab a quick
> attack package to harass people who won't date
> them.
Puh-lease, that's so stereotypical. If there's any reason you're going to get targeted for an attack, it will be because you're making inflammitory statements such as that one.
> Making an example out of a few punks can have
> two effects: It can cut down on the number of
> casual attacks, but it may also improve the
> hiding skills of more serious hackers.
I disagree. If you start going after script kiddies on the Internet you're going to not only seriously piss them off, but the younger generation of script kiddies, and the more serious and skilled crackers.
If anything, that methodology is going to provoke more hacking similiar to how the drug war actually increases drug usage.
> And if law enforcement doesn't step in to stop
> the little guys, there are two results as well:
> One is the capture of hackers, of course, but
> the other is the encouragement of sites such as
> CyberArmy and WarForge to flourish and to make
> low-end hacking seem like an acceptable hobby.
> It's obvious that the second, lax approach, is
> in effect today.
I have trouble comprehending his point here. If law enforcement steps in to stop the little guys I seriously doubt sites like "CyberArmy" and "WarForge" are going to change their views and stop posting these kinds of materials.
What then? Censor this kind of information? Make the manufacturing and distribution of exploits illegal?
> They key to stopping all this hacking is a
> massive worldwide sting.
Not only could you not catch every cracker/script kiddie in a massive worldwide sting, but it would cost billions of dollars in manpower and technology to operate a high-tech sting of this magnitude. Furthermore (like I said above), this is just going to aggrivate all the crackers who don't go to jail (majority of the juvinilles and all the ones not convicted due to the inevitable lack of evidence).
> The guys who were recently busted for trying to
> run off with 13-year-olds were caught by agents
> posing as teenage girls in a chat room.
This is a different kind of crime though. Trying to meet up with 13-year-olds for molestation/kidnapping is dissimiliar to cracking/DOS attacking. While they both take place online, one involves a hard physical subject (a person, kiddie porn), while cracking/DOSing involves breaking or entering a VIRTUAL environment.
I'm not sure how to really drive home my point that they are very different crimes, but I think anyone who is in the "technological know" can see my point here.
> you can be certain that low-end hackers will
> start to be rounded up.
I doubt it. Good luck if you do FBI! The only thing that has really been like this is the raid on gH, but I bet most (if not all) of them will get off or just recieve very light sentences so they can go do some more damage.
It would be a waste of time to sit in IRC channels and try to bust entire groups for cracking/DOSing sites, and I think the feds know that.
The only time the feds get involved nowadays is if something major goes down, like the White House, the Army, or a coproration with enough money and will-power to prosecute...
> I'm sure their parents won't appreciate the
> legal bills. Maybe that will put a stop to it
> once and for all.
Again, an inflammatory and stereotypical statement. This is not like the 50s or 60s when parents had control over their children through beatings and derogation of self-esteem (yes this is inflammatory too, but it's how my parents explain it to me). Our current generation of kids (and I know because I'm not that old myself) are basically uncontrollable. Those of us who grew up with this technology KNOW there's a world out there that they can influence in one way or another. They can't be censored or "told" what to do other than to be reasoned with (or brainwashed
What do you do? Take away their computer? Kid will just go over to someone else's house, cafe, or computer lab and have fun.
Lock em inside? Ground them? Yeah right. The second you turn your back on that teen he's gonna be out going somewhere and being a teen. Even if you are successful, maybe the kid will just turn his attention to phone phreaking.
So my point? Patch the OSes, filter the offending packets, fix the protocols. Make Microsoft, Sun, & Cisco spend a couple billion to address these issues instead of making tax payers spend a couple billion to fight a losing cause.
Re:Reverse DoS -- still not getting it (Score:1)
Get IPs out of the argument. We all know how
easy it is to spoof IP information. The issue here
is the physical connection.
......At some point...it all tracks back to a unique MAC address....
The only router thats going to be dealing with a MAC address relevant to the source of said spoofed packets is going to be the connection from the sources ISP to the upstream provider. If this router is configured to drop outgoing packets with external source addresses it takes care of spoofing.
Consider the following:
(I'll use private IP's for demonstration purposes.
Assume for the sake of argument they are registered #'s)
Evile.net uses class C addresses on their internal system,
lets say 192.168.1.0 for customers and 192.168.100.0 for their internal backbone
User 31337GoD@Evile.net decides to launch a smurf attack using
The header of said packet says it originates @ 209.207.224.40
When the packet hits Evile.nets gateway to the rest of the world, the gateway, if its configured as a packet filter that checks for IP spoofing, will see an external IP addy on an _internal_ interface and drop said packet instead of pass it out of the world interface.
So if you wanted to truly reverse DoS 1.2.3.4 then you would either have to A) spoof the attack to a huge number of routers that you know 1.2.3.4 connects through...
Or use a source routed packet, of course you'd want to pick a route composed of improperly configured routers, but if you know what you're doing you would have a list of malconfigured routers.
Anyway the point being that if the present technology was used to its best potential the 'net would be a much better place.
Re:Why can't Cisco et. al. (Score:1)
I feel I know you somehow...
Re:Why can't Cisco et. al. (Score:1)
FBI sting unlikely (Score:1)
internationally or in the US. The FBI has no brief to investigate the
normal activities of script kiddies. It turns out that there is no
Federal law forbidding one from gaining unauthorized access to an
Internet host - all such laws in the US are *State* laws, which means
the FBI doesn't investigate violations.
The US Code only prohibits breaking in to so-called "protected
computers" (USC Title 18, Part I, Chapter 47, Section 1030), defined as
follows:
(2) the term ''protected computer'' means a computer -
(A) exclusively for the use of a financial institution or the
United States Government, or, in the case of a computer not
exclusively for such use, used by or for a financial
institution or the United States Government and the conduct
constituting the offense affects that use by or for the
financial institution or the Government; or
(B) which is used in interstate or foreign commerce or
communication;
(source: http://www4.law.cornell.edu/uscode/18/1030.html)
Clearly, this does not cover most of the activities of script kiddies
and other such pests, most of whom attack "unprotected" computers
(universities, ISPs, corporate web sites, non-US hosts, etc.). This
isn't that much of a surprise, I guess --- the FBI doesn't investigate
breaking-and-entering cases either, unless the burglars attack Federal
property.
I suppose that State District Attorneys could be getting together to
gang up on them, though. Short of Congress changing the law, I guess
that's the best we can hope for.
This is not a victimless crime. Hang'em high! (Score:1)
The difference from the drug situation is that these are not victimless crimes. As with any crime, some people will keep doing it despite efforts to stop it, but that is no reason to not go after the bastards.
I'd prefer to see hacking winked at, but actual damage responded to in a proportionate matter.
Just tampering with my computer is bad enough. There need not be any additional damage for it to be criminal than snooping through my files, or downgrading my internet connection. Stay off my stuff!
Re:Reverse DoS (Score:1)
Re:Dvorak's use of the term 'hackers' (Score:1)
This is mostly false. No matter how many jagoffs commit a solecism, it's still recognized as a solecism by people who actually know something about the language.
This isn't substantially different from a "First Post!" type of ambition.
--
Re:Does he have a clue!? (Score:1)
Probably beacuse his editors don't have a clue ether. He probably knows more then the people he's for. It's sad but true, One of the things that bugs me more then anything else is when people act like they understand somthing when they really don't. I always to point out things I'm not sure about when I write (though, I'm sure I miss somethings)
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"
Re:OT:More information on Sessions (Score:1)
>tone than "strident." Gonna have to work on
>that.
Crap! Did I miss something? I think I did indeed miss the sarchasm. Well, it *has* been a long time since we've knocked heads.
>It might be interesting to try to find an
>example of "him" arguing in favor of
>circumcision -- in any case you appear to be
>drawing rather sweeping conclusions from rather
>meager data.
Well this is entirely off topic for this forum, so this will drop.
>>He doesn't see the usenet as a valid medium for
>>radical political organization.
>And here I never knew that. The things you learn
>on
A couple of times you were ranting about how all the wackos discussing various topics were sending us all to Usenet hell, figuratively speaking of course. It's not your *primary* complaint by any means. The way I see it, as long as it's on topic for the group, even sort of marginally, then no problem. My memory may be bad, but I recall a lot of complaining about the tactics of a particular side in the very heated debate. I figure that as long as it's not spam, why worry? Smart people can sort that stuff out themselves.
>DCS does not suffer fools gladly, and has been
And that's why I included the phrase "not a nutbag by any means." It's an acknowlegement of that.
Mostly I was responding to the other guy who doubted your existence. Since I have some evidence, I thought I'd contribute it. I think I was nice to you though. Check out my flamage of Brett Glass a couple days ago for my mean side.
Gee...I've never been called a activist before... (Score:1)
I'm starting to think I live in China. Sorry, I guess I should say I mean the PRC.
Well, I better finish up this post so I can go sit by my window and wait for the tanks to roll in...
Re:Me too. (Score:1)
Re:Dvorak discovers Firewalls. Film at 11. (Score:1)
Covad (even though their own security policy says this is not to happen) plops down nearly every FlowPoint router with a very stupid and easy to guess password.
There was talk on bugtraq a few months ago about a telco (I think USWest) not even putting passwords on some ADSL routers. People telnetted to their routers and could do things unchallenged.
If you can't get DSL/cable companies to close the front gate properly, forget about having the fancy alarms in the house working or even getting installed.
Re:So, you want to be a real hacker? (Score:1)
Take a classic board game and write your own computer version of it. Program "perfect" play for the computer player.
Just remember that there are some games where "perfect" play is very difficult, if not impossible (Go springs to mind, as well as Chess).
Things like Othello and Checkers are do-able though.
Download the Infocom engine and write your own adventure. Write your own MUD or chat program.
Amen! Inform [demon.co.uk] and TADS [tela.bc.ca] are great starting points for those aspiring nonlinear writers out there...
Re:Oh no (Score:1)
Mr. D is going to open a whole new can of worms. (Score:1)
They'll arrest grandma on her AOL account and figure out that they were dupped by a IP spoofer right before grandma slaps the city with a wrongful prosecution suit.
** I don't want the script kiddies in jail. I want the guy that can shut down the pacific northwest's power grid sitting in a cell if anyone needs to be.
Or, maybe the terminally stupid could turn off file and print sharing, and stop installing things they don't understand, or resist running that latest app that was attached to their e-mail.
BTW I haven't read anything very on-the-ball from Mr. D since I stopped reading his cooking recipes in the back of Boardwatch.
I remember that article! (Score:1)
#begin recollection of silly fun projects
At the same point in time, a friend of mine was working on a crude (_CRUDE_) first person shooter called "Revenge of the Lagomorphs". You basically stood in 1 place while ascii rabbits came at you from all directions. The weapon of choice was a GAU-8 which shot a stream of uranium '.'s, IIRC.
I also did a planetary gravity simulator in 9th or 10th grade. It was fun to watch but i got tired of plain old gravity and added multiple planets, moons, and even took a shot at relativity (it only succeeded in making everything run slooowww).
other projects you might try--
+create your own ascii-art gui on an ancient computer
+emulate cryptography machines
+simulate plate tectonics
+make MUSIC!!
Re:Forgive me Father, for I have sinned . . . (Score:1)
A merger of home high tech and
the social elite.
Sounds great for the first chapter...
I, for one, would love to read a novel along those lines
Re:Dvorak's use of the term 'hackers' (Score:1)
> techno-fairytales cannot distinguish between the
> real world and the one
> they desperately wish they lived in.
While I partly agree with your assesment of television as contributing to the general apathy and cluelessness of society, I take offense at your mention of RPG's. Until a few years ago, RPGs were a very small sector of the total video game market (in the US that is; they were much more popular in Asia). In my experience, RPG players were much more intellgent, on average, than players of other genres of video games, and probably more intelligent that most average people. Perhaps it has to do with the similarity of the RPG form to fantasy and SF novels, which attract many of the more intellgent, less socially accepted "nerds" and the like. Whatever the reason, I would be much more comfortable with a populace of RPG players than players of mindless fighting games and other less intellectual genres. In the last few years (starting with the release of FF7), RPGs have become much mainstream and this generalization would probably fail to hold. As for your mention of "techno-fairytales," I'm not quite sure what you're referring to.
Re:I disagree (Score:1)
> different, but the motive is the same. The
> motive
Do not call me a child. I am neither legally or mentally a child.
The existance of "sin" is a religious term, being athiest I will not put it in terms of sin. What I will say is that potential child molestation is a much more serious crime in my eyes than potential script kiddie actions.
Re:I'm waiting for a big sting. (Score:1)
The NT security in this organisation is a joke. One domain for the entire building, and until the obvious password was changed last week, everyone knew it. Now that the password is secure, no-one can get on with their work as a lot of tasks require domain admin privaledges.
I've worked in other simillar organisations before, and never has security been such a mess as this one. And NT is so insecure - anyone with a sniffer (Ethereal!) can grab the SID of the adminstrator, and bombard the account until they crack it.
I just hope that this UNIX based system here is looked after a bit better, but judging by the knowledge of some members of the UNIX support team, this fills me with dread.
Re:Dvorak's use of the term 'hackers' (Score:1)
techno-fairytales. Well, there's HAL, theres the 'computer' on Star Trek, and the Jetsons, and then there are the recent Microsoft and Intel TV ads... :-)
======
"Cyberspace scared me so bad I downloaded in my pants." --- Buddy Jellison
oh, that dvorak (Score:1)
i thought it meant that dvorak key layouts
were taking on crackers. i have a dvorak
key map (sometimes), and a friend of mine does
always. he also has his telnet daemon hacked
to do dvorak.
thats a damn good defense system against anybody, and a formidable obstacle in the path of anyone who doesn't know dvorak
I hate to sound like the old man here... (Score:1)
Re:FBI sting unlikely (Score:1)
If you attack another node, and in the course of doing so your malicious packets cross a state or country border, then you're breaking the federal law. The FBI will investigate if the victim presses criminal charges, as a federal court will be used for judicial procedings on the matter.
Re:24/7 Win Machine (Score:1)
On certain IRC networks it's the IRC servers themselves which attempt to crack. Claiming they are doing it to find "unsecure proxies" and sometimes mentioning "Nukenabber" (presumably that's some piece of Windows software.)