Hacking

SEMINAR
ON

SUBMITTED BY : NAMAN CHOPRA

Page 1

Hacking

ABSTRACT

Hacking is the process of attempting to gain, or successfully gaining, unauthorized access to computer resources for the purpose of mischievous or malicious use, modification, destruction or disclosure of those resources Hacking & hacker are terms that generally tend to have negative effect on people. Most people think of hackers as computer vandals they straight way start associating hackers with computer criminals or people also cause harm to system release viruses etc.Hacker is not computer criminals. People are holding such a negative opinion ecause of media. Media is responsi le for this erroneous assumption .they fail to recognize that hackers & criminals are totally distinct term .people have to think twice efore elieve in anything. Media should descri e properly that what hacker actually stand for hackers in reality are actually good, pleasant & e!tremely intelligent people who y using their knowledge in constructive manner help organization to secure documents & company secretes, help the govt. to protect national documents. "hey are the people who help to keep computer criminal on the run. #eal hackers like to call people who reak into system.infact people who code & release viruses are not necessarily hackers .they are virii coders. "raditionally hackers are computer geeks who knew almost everything a out computers. Hackers know everything a out the way of s$w & its application work. they have this a ility of finding out way of doing the impossi le .they do not accept s$w application in the form they are meant to e in ut more often then not fine way of making s$w work the way they want it to .they de ug code & use trial and error method to discover unknown, new tricks & secretes .they do try to reak system and give the whole report to the administrator. they try to reak free system .you see, hacking is a out Page 2

Hacking knowledge .hackers are those really intelligent people who have e!tra it knowledge they know of things normal people would only dream of real hackers are normally always helpful & really really intelligent and knowledgea le person. for that hackers have to learn a lot . %ut the person who doing something mischievous things in other computer, delete data, damage &' & steal password is called (cracker not (hacker. there is thin line etween hackers & crackers . ut sometime for get popularity hackers cross this line and ecome crackers ut they forget that this popularity is not much longer ut haltered .)t is not ig deal to reak system and create havoc .doing such stupid stuff might you popular in the hacking and underground work ut this respect is short lived .today the num er of hackers has increased .so much that people very *uickly tend to forget what they did.+ "he hackers are use sun, ,-)., windows .here descri e different tools for hacking .like scanners, telnet, file transfer protocol etc. how scanners work+ How it gets )P address and list open port+ "elnet command, /"P command etc. )t all descri e later .there are different type of hackers like software hackers ,password hackers ,we hackers etc. they are doing different 0o on their field .password hackers know all a out different encryption algorithm and how it can reak+ 1e hackers know all things that how connect with internet server and access documents. -ow there are different type of attacks Mail om s ,list linking ,2o' etc. mail om s and list linking are one type of attack which close your e3mail account .2o' 4deniel of service5 attacks are most favorite among hackers .2o' attacks are more accurate. another attacks are remote attack .remote attack is done y the person who is sitting in anywhere in the world ut he has a power to access your system without your permission .it is very dangerous attack .then spoofing attack . 'poofing attack is the )P address ased attack in which the cracker hide his identity y changing his )P address so you can not find the )P address of that person .telnet ased attack means to connect computer with different port and access service which is not permitted y the system administrator. Page 3

Hacking

'ecurity is most important factor in networking .your network must e strong .so that you have solid security .here we descri e different level of security .like "ro0an program ,firewalls ,pro!y severs ,sniffers ,antivirus s$w 6 "ro0an is a program that does something more than the user was e!pecting, and that e!tra function is damaging .it is e!ecuted automatically within the system .firewalls is any device used to prevent outsiders from gaining access to your network .pro!y severs are devices which hide your )P address from internet users .sniffers are s$w that protect your system from port surfing and catch that person who surf your ports .antivirus s$w keep your system from different harmful viruses .these are the different way y use that you can secure your system . -ow ,in the present time crackers are increased day y day and they are very intelligent so that security is most important .this security is provide y the hackers ecause they are only know the weakness of the system .at the time of security hacking will help us which type of security is provide . 6ll laws in the world can not & will not discourage computer criminal .crackers are getting real smart this way and it is ecoming increasingly easily for them to reak into system ,create havoc and escape without trace ehind .laws are a solutely useless when system administrators themselves are ecoming ignorant of computer security and dismissing all hackers as people elonging to the dark side of society .it has ecome a solutely necessary to teach people as to how crackers work ,how cracking is e!ecuting and how to protect your system from crackers. if this is not done soon ,then crackers will get ahead in security race so people should have to learn a out hacking .

Page 4

Hacking

INDEX
SR.NO TOPICS PAGE NO

7. Introduction to hac in! what is hacking+ "he history of hacking Hacker 8racker 1hy do crackers e!ist+ 2ifference etween hackers & crackers 1hich operating system crackers use+ 1hy do people hack+ 9 Hac in! too"# $ ho% th&' ar& u#&.

7:

'canners Password crackers ;3mail om s & list linking /lash om s & war script < Attac # 7= 2efination 2eveloping an attack strategy "ypes of attack #emote attack 'poofing attack "elnet ased attack > "ro0an /irewall ? = S&)&n %a'# to *rot&ct 'our #'#t&+ (ro+ hac in! B&n&(it# o( hac in! <9 <> Page 5 N&&d (or #&curit' 9= "ypes of security

Hacking @ A B Th& *#'cho"o!' o( hac in! $ *ro!ra++in! ,hat hac &r# can #t&a" (ro+ 'our co+*ut&r Conc"u#ion <? <= <@

-. Bi/"io!ra*h'

-. INTRODUCTION TO HAC0ING
"he term ChackingC in the 7BA:Ds ecame a uzzword in the media which was taken to e derogatory and which y misuse and overuse was attached to any form of socially non3accepta le computing activity outside of polite society. 1ithin this conte!t ChackersC were assumed to e the fringe society of the computing fraternity, mainly characterized as CyoungstersC who did not know any etter and who had o tained access to a technology with which they terrorized the world of communications and computing. "o e tagged as a ChackerC was to portray a person as mem er of a less than accepta le group of near criminals whose activities were not e to e undertaken y the upright citizenry. "hese connotations are in contrast to the use of the term in the 7B?:Ds and 7B=:Ds when hackers were at least to e tolerated for their potential, though not necessarily displayed in pu lic. )n many ways the early use of the term held a connotation similar to that of a C offinC during 1orld 1ar )) who was characterized as a ackroom activist who when left to their own devices could produce some wonderful inventions. 'cientists such as ;dison 4electric light ul , phonograph, etc.5, /leming 4penicillin5, %arnes31allis 4the ouncing om and swept wing aircraft5, 1atson31att 4radar5 and possi ly even %a age 4the difference and analytical engines5, may have een honored to e identified as hackers. &nly in more recent times has there een confusion etween the terms ChackerC, Cpetty criminalC and possi ly CnerdC. -.- ,hat i# hac in!1 "he process of attempting to gain, or successfully gaining, unauthorized access to computer resources for the purpose of mischievous or malicious use, modification, destruction or disclosure of those resources. "he concept of hacking as a methodology to achieve some particular goal has the allusion of working at something y e!perimentation or empirical means, learning a out the process under review or development y ad hoc mechanisms. "his may have had an origin from the use of the term Cv.t. to chop or cut roughly. v.i. to make rough cutsC as in the process of empirical development where numerous different routes are e!plored in a search for the most effective approach to a solution, ut without necessarily having planned a prearranged ordering of search or necessarily a methodology for evaluation. "o chance upon a solution through Chacking Page 6

Hacking through a pro lemC is often as educational as structured learning, and thus it is not nreasona le to approach a pro lem in a field which is devoid of structure and methodology y ChackingC. -.2 Th& hi#tor' o( hac in! $ ho% it ha# !ro%n (ro+ o)&r ti+& 7B==, #o ert Morris 'r., the future -'6 chief scientist, decides to mutate these early hacker wars into the first Csafe hackingC environment. He and the two friends who code it call their game C2arwin.C Eater C2arwinC ecomes C8ore 1ar,C a free3form computer game played to this day y some of the erets of u erhackers. 7B=B turns out to e the most portent3filled year yet for hacking. )n that year the 2efense 2epartmentDs 6dvanced #esearch Pro0ects 6gency funds a second pro0ect to hook up four mainframe computers so researchers can share their resources. "his system doesnDt oast the vector graphics of the Plato system. )ts terminals 0ust show 6'8)) charactersF letters and num ers. 7B=B Gohn Holtz teams up with a money man to found 8ompu'erve using the new packet switched technology eing pioneered y 6#P6net. 6lso in 7B=B we see a remarka le irth at %ell Ea s as Ien "hompson invents a new operating systemF ,-).. )t is to ecome the gold standard of hacking and the )nternet, the operating system with the power to form miracles of computer legerdemain. 7B@A, 1ard 8hristenson and #andy 'uess create the first personal computer ulletin oard system. 'oon, linked y nothing more than the long distance telephone network and these ulletin oard nodes, hackers create a new, private cy erspace. Phreaking ecomes more important than ever to connect to distant %%'s. 7BA> ;mmanuel Holdstein launches 9=::F "he Hacker Juarterly and the Eegion of 2oom hacker gang forms. 8ongress passes the 8omprehensive 8rime 8ontrol 6ct giving the ,' 'ecret 'ervice 0urisdiction over computer fraud. /red 8ohen, at 8arnegie Melon ,niversity writes his Ph2 thesis on the rand new, never heard of thing called computer viruses. Gune 7BB: Mitch Iapor and Gohn Perry %arlow react to the e!cesses of all these raids to found the ;lectronic /rontier /oundation. )ts initial purpose is to protect hackers. "hey succeed in getting law enforcement to ack off the hacker community )n 7BB<, Marc 6ndreesson and ;ric %ina of the -ational 8enter for 'upercomputing 6pplications release Mosaic, the first 111 rowser that can show graphics. /inally, after the fade out of the Plato of twenty years past, we have decent graphicsK "his time, however, these graphics are here to stay. 'oon the 1e ecomes the num er one way that hackers oast and spread the codes for their e!ploits. %ulletin oards, with their tightly held secrets, fade from the scene.

Page 7

Hacking )n 7BBA, 6nti3hacker ad runs during 'uper %owl ...)). "he -etwork 6ssociates ad, costing L7.<3million for <: seconds, shows two #ussian missile silo crewmen worrying that a computer order to launch missiles may have come from a hacker. "hey decide to low up the world anyway. )n Ganuary, the federal %ureau of Ea or 'tatistics is inundated for days with hundreds of thousands of fake information re*uests, a hacker attack called Cspamming.C Hackers reak into ,nited -ationDs 8hildren /und 1e site, threatening a CholocaustC if Ievin Mitnick is not freed.

-.3 Hac &r 6 hacker is a person intensely interested in the arcane and recondite workings of any computer operating system. Most often, hackers are programmers. 6s such, hackers o tain advanced knowledge of operating systems and programming languages. "hey may know of holes within systems and the reasons for such holes. Hackers constantly seek further knowledge, freely share what they have discovered, and never, ever intentionally damage data. -.4 Crac &r 6 cracker is a person who reaks into or otherwise violates the system integrity of remote machines, with malicious intent. 8rackers, having gained unauthorized access, destroy vital data, deny legitimate users service, or asically cause pro lems for their targets. 8rackers can easily e identified ecause their actions are malicious. -.5 ,h' do crac &r# &6i#t#1 8rackers e!ist ecause they must. %ecause human nature is 0ust so, fre*uently driven y a desire to destroy instead of create. -o more comple! e!planation need e given. "he only issue here is what type of cracker we are talking a out. 'ome crackers crack for profit. "hese may land on the attlefield, s*uarely etween two competing companies. Perhaps 8ompany 6 wants to disa le the site of 8ompany %. "here are crackers for hire. "hey will reak into almost any type of system you like, for a price. 'ome of these crackers get involved with criminal schemes, such as retrieving lists of "#1 profiles. "hese are then used to apply for credit cards under the names of those on the list. &ther common pursuits are cell3phone cloning, piracy schemes, and garden3 variety fraud. &ther crackers are kids who demonstrate an e!traordinary a ility to assimilate highly technical computer knowledge. "hey may 0ust e getting their kicks at the e!pense of their targets.

-.7 Di((&r&nc& /&t%&&n hac &r and crac &r.

Page 8

Hacking Modern hackers, however, reach deeper still. "hey pro e the system, often at a microcosmic level, finding holes in software and snags in logic. "hey write programs to check the integrity of other programs. "hus, when a hacker creates a program that can automatically check the security structure of a remote machine, this represents a desire to etter what now e!ists. )t is creation and improvement through the process of analysis. )n contrast, crackers rarely write their own programs. )nstead, they eg, orrow, or steal tools from others. "hey use these tools not to improve )nternet security, ut to su vert it. "hey have techni*ue, perhaps, ut seldom possess programming skills or imagination. "hey learn all the holes and may e e!ceptionally talented at practicing their dark arts, ut they remain limited. 6 true cracker creates nothing and destroys much. His chief pleasure comes from disrupting or otherwise adversely affecting the computer services of others. "his is the division of hacker and cracker. %oth are powerful forces on the )nternet, and oth will remain permanently. 6nd, as you have pro a ly guessed y now, some individuals may *ualify for oth categories. "he very e!istence of such individuals assists in further clouding the division etween these two odd groups of people. -ow, ) know that real hackers reading this are saying to them C"here is no such thing as this creature you are talking a out. &ne is either a hacker or a cracker and thereDs no more to it.

-.8 ,hich o*&ratin! #'#t&+ crac &r# u#&1

&perating systems used y crackers vary. Macintosh is the least likely platform for a crackerM there simply arenDt enough tools availa le for Mac&', and the tools needed are too much trou le to port. ,-). is the most likely platform and of that class, pro a ly /ree%'2 or Einu!. "he most o vious reason for this is cost. /or the price of a L<B ook on Einu! 4with the accompanying 823#&M5, a cracker gets everything he could ever need in the way of toolsF 8, 8NN, 'malltalk, Perl, "8P$)P, and much more. Moreover, he gets the full source code to his operating system. "his cost issue is not trivial. ;ven older workstations can e e!pensive. Oour money will uy more computing power if you stay with an )%M compati le. "oday, you can get a 7::MHz P8 with AM% of #6M for L<::. Oou can put either /ree%'2 or Einu! on that machine and suddenly, you have a powerful workstation. 8onversely, that same L<:: might uy you a 9?MHz 'P6#8station 7 with a disk, monitor, and key oard kit. &r perhaps an ;E8 with an e!ternal disk and 7=M% of #6M. 8ompounding this is the pro lem of software. )f you get an old 'un, chances are that you will also e receiving 'un&' >.7.!. )f so, a 8 compiler 4cc5 comes stock. However, if you uy an #'$=::: with 6). >.7.!, you get a etter deal on the machine ut you are forced to get a 8 compiler. "his will pro a ly entail getting H88 from the )nternet. 6s you might guess, a 8 compiler is imperative. 1ithout it, you cannot uild the ma0ority of tools distri uted from the void. "his is a ig consideration and one reason that Einu! is ecoming much more popular. Page 9

Hacking ) should mention that professional crackers 4those who get paid for their work5 can pro a ly afford any system. Oou can et that those forces in 6merican intelligence investigating cy er war are using some e!treme computing power. /or these individuals, licensing and cost are not issues.

SUN
)t is fairly common to see crackers using either 'olaris.A= or '8& as a platform. "his is ecause even though these products are license ware, they can easily e o tained. "ypically, crackers using these platforms know students or are students. "hey can therefore take advantage of the enormous discounts offered to educational institutions and students in general. "here is a radical difference etween the price paid y a student and the price paid y the average man on the street. "he identical productDs price could differ y hundreds of dollars. 6gain, ecause these operating systems run on P8 architecture, they are still more economical alternatives. 4'olaris.A= 9.> ecame enormously popular after support was added for standard )2; drives and 823#&M devices. Prior to the 9.> driver update, the system supported only '8') drivesF a slightly more e!pensive proposition.5 6nd of course, one can always order demo disks from 'un and simply keep the distri ution, even though you are in violation of the license.

UNIX
,-). platforms are popular ecause they generally re*uire a low overhead. 6 machine with 1indows B? and all the trimmings re*uires a lot of #6MM in contrast, you can run Einu! or /ree%'2 on a paltry <A= and gain good performance 4provided, of course, that you do not use .5. "his is reasona le, too, ecause even tools that have een written for use in the . environment usually have a command3line interface as well 4for e!ample, you can run '6"6- in 8E)5.

MICROSO9T
"he Microsoft platform supports many legitimate security tools that can e used to attack remote hosts. &f that class, more and more crackers are using 1indows -". )t outperforms B? y a wide margin and has advanced tools for networking as well. 6lso, 1indows -" is a more serious platform in terms of security. )t has access control as well, so crackers can safely offer remote services to their uddies. )f those CfriendsC log in and attempt to trash the system, they will e faced with the same controls as they would on a non3cracker3friendly o!. Moreover, -" is ecoming more popular ecause crackers know they must learn this platform. 6s -" ecomes a more popular platform for )nternet servers 4and it will, with the recent commitments etween 2;8 and Microsoft5, crackers will need to know how to crack these machines. Moreover, security professionals will also develop tools to test internal -" security. "hus, you will see a dramatic rise in the use of -" as a cracking platform. Page 10

Hacking -.: ,h' do *&o*"& hac 1 "here is an on3going de ate a out the definition of the word hacker. 6 hacker can e anyone with a deep interest in computer3 ased technologyM it does not necessarily define someone who wants to do harm. "he term attacker can e used to descri e a malicious hacker. 6nother term for an attacker is a lack hat. 'ecurity analysts are often called white hats, and white3hat analysis is the use of hacking for defensive purposes. 6ttackersD motivations vary greatly. 'ome of the most notorious hackers are high school kids in their asements planted in front of their computers looking for ways to e!ploit computer systems. &ther attackers are disgruntled employees seeking revenge on a company. 6nd still other attacks are motivated y the sheer challenge of penetrating a well3secured system. Gust for fun 'how off Hack other systems secretly -otify many people their thought 'teal important information 2estroy enemys computer network during the war. 'pite33Plainly stated, the cracker may dislike you. Perhaps he is a disgruntled employee from your company. Perhaps you flamed him in a ,senet group. &ne common scenario is for a cracker to crack an )'P with which he once had an account. Perhaps the )'P discovered the cracker was cracking other networks or storing warez on its o!. /or whatever reason, the )'P terminated the crackerDs account, and now the cracker is out for revenge. 'port33Perhaps you have een ragging a out the security of your system, telling people itDs impenetra le. &r worse, you own a rand3spanking3new system that the cracker has never dealt with efore. "hese are challenges a cracker cannot resist. Profit33'omeone pays a cracker to ring you down or to get your proprietary data. 'tupidity33Many crackers want to impress their friends, so they purposefully undertake acts that will ring the /%) to their door. "hese are mostly kids. 8uriosity33Many crack purely for sake of curiosity, simple en0oyment of the process, or out of oredom. Politics336 small 4 ut significant5 percentage of crackers crack for political reasons. "hat is, they seek press coverage to highlight a particular issue. "his could e animal rights, arms control, free speech, and so forth. "his phenomenon is much more common in ;urope than in the ,.'. 6mericans fall victim to pride or avarice far more often than they do to ideology. Page 11

Hacking

2. HAC0ING TOO;S AND HO, THEY ARE USED.

2.- Scann&r# :<
)nternet security, no hacking tool is more cele rated than the scanner. )t is said that a good "8P port scanner is worth a thousand user passwords. %efore ) treat the su 0ect of scanners in depth, ) want to familiarize you with scanners. ,hat i# a Scann&r1 6 scanner is a program that automatically detects security weaknesses in a remote or local host. %y deploying a scanner, a user in Eos 6ngeles can uncover security weaknesses on a server in Gapan without ever leaving his or her living room. Ho% Do Scann&r# ,or 1 "rue scanners are "8P port scanners, which are programs that attack "8P$)P ports and services 4"elnet or /"P, for e!ample5 and record the response from the target. )n this way, they glean valua le information a out the target host 4for instance, 8an an anonymous user log in+5. &ther so3called scanners are merely ,-). network utilities. "hese are commonly used to discern whether certain services are working correctly on a remote machine. "hese are not true scanners, ut might also e used to collect information a out a target host. 4Hood e!amples of such utilities are the rusers and host commands, common to ,-). platforms.5 On ,hat P"at(or+# Ar& Scann&r# A)ai"a/"&1 6lthough they are commonly written for e!ecution on ,-). workstations, scanners are now written for use on almost any operating system. -on3,-). scanning tools are ecoming more popular now that the rest of the world has turned to the )nternet. "here is a special push into the Microsoft 1indows -" market, ecause -" is now ecoming more popular as an )nternet server platform. Ho% to !&t th& IP addr&##

Page 12

Hacking "here are different ways of getting )P address 75 "he only way ) know to do that is to send to the contact a file while he is online, send him$her a photo or something else , doing that a peer3to3peer connection opens while your friend gets the file$photo no matter what it is , make sure that you have a 2&' Prompt open 4located atF start P programs P M'32&' Prompt5 and type the commandF netstat while sending them the file and you will see a list in the 2&' Prompt of all the connections your computer has that time , one of them must e your friend that is receiving the file. )f ) hear a out an other easier way that you get it without sending files e sure ) will post it here. /ind an )P though m)#8 chat channels "here is the $dns nickname command in )#8 ut some people use pro!ies or shells and you cant see their real address, how do you know if the user uses a we 3shell or a pro!y+ well... guess that yourself while looking the ip you got from the $dns nickname command , make sure you check out )#8 'canner v7.: y #H in our programming section and in )P scanners section , its the est and fastest way to scan the users in )#8 channels. <5 Het your friends )P address y sending them to your page %uild a simple site in geocities or anywhere else , then go t httpF$$www.stats>all.com and create an account , they provide free we site statistics , add their code to your site and tell your friend to check out a cool page you 0ust made , when he visits the page his )P will e logged in stats>all.com so after your friend visits your page check out your stats in stats>all.com and you will find the last ? visitors at the left of the stats page , your friends )P included.

95

2.2 Pa##%ord crac &r

"he term password cracker can e misinterpreted, so ) want to define it here. 6 password cracker is any program that can decrypt passwords or otherwise disa le password protection. 6 password cracker need not decrypt anything. )n fact, most of them donDt. #eal encrypted passwords, as you will shortly learn, cannot e reverse3 decrypted. 6 more precise way to e!plain this is as followsF encrypted passwords cannot e decrypted. Most modern, technical encryption processes are now one3way 4that is, there is no process to e e!ecuted in reverse that will reveal the password in plain te!t5. )nstead, simulation tools are used, utilizing the same algorithm as the original password program. "hrough a comparative analysis, these tools try to match encrypted versions of the password to the original 4this is e!plained a it later in this chapter5. Many so3called password crackers are nothing ut rute3force engines33programs that try word after word, often at high speeds. "hese rely on the theory that eventually, you will encounter the right word or phrase. "his theory has een proven to e sound, primarily Page 13

Hacking due to the factor of human laziness. Humans simply do not take care to create strong passwords. However, this is not always the userDs faultF

How ;ncryption 1orks

"he concept ehind encryption is *uite simple 3 make the data ineligi le for everyone else e!cept those specified. "his is done using cryptography 3 the study of sending DmessagesD in a secret form so that only those authorized to receive the DmessageD is a le to read it. "he easy part of encryption is applying a mathematical function to the plainte!t and converting it to an encrypted cipher. "he harder part is to ensure that the people who are supposed to decipher this message can do so with ease, yet only those authorized are a le to decipher it. 1e of3course also have to esta lish the legitimacy of the mathematical function used to make sure that it is sufficiently comple! and mathematically sound to give us a high degree of safety. "he essential concept underlying all automated and computer security application is cryptography. "he two ways of going a out this process are conventional 4or symmetric5 encryption and pu lic key 4or asymmetric5 encryption. CRYPTOGRAPHY "his definition is wide, and ) want to narrow it. "he etymological root of the word cryptography can help in this regard. 8rypto stems from the Hreek word kryptos. Iryptos was used to descri e anything that was hidden, o scured, veiled, secret, or mysterious. Hraph is derived from graphia, which means writing. "hus, cryptography is the art of secret writing. 6n e!cellent and concise description of cryptography is given y Oaman 6kdeniz in his paper 8ryptography & ;ncryptionF 8ryptography defined as Cthe science and study of secret writing,C concerns the ways in which communications and data can e encoded to prevent disclosure of their contents through eavesdropping or message interception, using codes, ciphers, and other methods, so that only certain people can see the real message.

2.3 E<Mai" /o+/# $ "i#t "in in!

;3mail om ing is nothing more than nuisance material. "he cure is generally a kill file or an e!clusionary scheme. 6n e!clusionary scheme is where you ar entry of packets received from the source address. )f you maintain a site and malicious users from the void start om ing you, contact their postmaster. "his is usually *uite effectiveM the user will e counseled that this ehavior is unnecessary and that it will not e tolerated. )n most cases, this proves to e a sufficient deterrent. 4'ome providers are even harsh enough to terminate the account then and there.5 However, if you are faced with a more difficult situation 4for e!ample, Page 14

Hacking the )'P couldnDt care less if its users om ed the )nternet collectively5, you might have to take more aggressive measures. &ne such measure is to lock traffic from the originating network at the router level. 4"here are various packet3filtering techni*ues that you can apply.5 However, if this doesnDt suit your needs 4or your temperament5, there are other, more proactive solutions. &ne fine techni*ue thatDs guaranteed to work is thisF /ashion a script that catches the offending e3mail address each time it connects to your mail server. /or each such connection re*uest, terminate the connection and autorespond with a polite, 7:3page advisory on how such attacks violate accepta le use policies and that, under certain circumstances, they may violate the law. 6fter the offending party has received 7,::: or so returns of this nature, his previously unconcerned provider will ring the offender onto the carpet and promptly chop off his fingers.

2.4 9"a#h /o+/# $ %ar #cri*t#

/lash utilities 4also referred to as flash om s5 elong to a class of munitions that are used on )nternet #elay 8hat 4)#85. )#8 is the last free frontier ecause it is spontaneous and uncontrolla le. )t consists of people chatting endlessly, from virtual channel to virtual channel. "here is no time for advertisements, really, and even if you tried to push your product there, you would likely e lown off the channel efore you had a chance to say much of anything. )n this respect, )#8 is different from any other networked service on the )nternet. )#8 is grass roots and revolutionary )nternet at its est 4and worst5, and with all likelihood, it will remain that way forever. )#8 was developed in /inland in the late 7BA:s. 'ome suggest that its purpose was to replace other networking tools of a similar ilk 4for e!ample, the talk service in ,-).5. "alk is a system where y two individuals can communicate on te!t3 ased terminals. "he screens of oth users split into two parts, one for received te!t and one for sent te!t. )n this respect, talk operates a lot like a direct link etween machines using any of the popular communications packages availa le on the market 4Jmodem and Pro8omm Plus are good e!amples5. "he ma0or difference is that talk occurs over the )nternetM the connection is ound y e3mail address. /or e!ample, to converse with another party via talk, you issue a command as followsF ta" *&r#on=*ro)id&r.co+ "his causes the local talk program to contact the remote talk daemon. )f the person is availa le 4and hasnDt disa led incoming connections via talk5, the screen soon splits and the conversation egins. )#8 differs from talk in that many people can converse at the same time. "his was a ma0or innovation, and )#8 chatting has ecome one of the most popular methods of communication on the -et.

Page 15

Hacking

3. ATTAC0S
3.- D&(ination
6n attack is any unauthorized action undertaken with the intent of hindering, damaging, incapacitating, or reaching the security of your server. 'uch an attack might range from a denial of service to complete compromise and destruction of your server. "he level of attack that is successful against your network depends on the security you employ.

3.2 D&)&"o*in! $ attac #trat&!'

"he days of roaming around the )nternet, cracking this and that server are asically over. Oears ago, compromising the security of a system was viewed as a minor transgression as long as no damage was done. "oday, the situation is different. "oday, the value of data is ecoming an increasingly talked3a out issue. "herefore, the modern cracker would e wise not to crack without a reason. 'imilarly, he would e wise to set forth cracking a server only with a particular plan. "he only instance in which this does not apply is where the cracker is either located in a foreign state that has no specific law against computer intrusion 4%erferd again5 or one that provides no e!tradition procedure for that particular offense 4for e!ample, the -6'6 case involving a student in 6rgentina5. 6ll other crackers would e wise to tread very cautiously. Oour attack strategy may depend on what you want to accomplish. 1e will assume, however, that the task at hand is asically nothing more than compromise of system security. )f this is your plan, you need to lay out how the attack will e accomplished. "he longer the scan takes 4and the more machines that are included within it5, the more likely it is that it will e immediately discovered. 6lso, the more scan data that you have to sift through, the longer it will take to implement an attack ased upon that data. "he time that elapses etween the scan and the actual attack, as )Dve mentioned, should e short. 'ome things are therefore o vious 4or should e5. )f you determine from all of your data collection that certain portions of the network are segmented y routers, Page 16

Hacking switches, ridges, or other devices, you should pro a ly e!clude those from your scan. 6fter all, compromising those systems will likely produce little enefit. 'uppose you gained root on one such o! in a segment. How far do you think you could get+ 2o you think that you could easily cross a ridge, router, or switch+ Pro a ly not. "herefore, sniffing will only render relevant information a out the other machines in the segment, and spoofing will likewise work 4relia ly5 only against those machines within the segment. %ecause what you are looking for is root on the main o! 4or at least, within the largest network segment availa le5, it is unlikely that a scan on smaller, more secure segments would prove to e of great enefit.

3.3 T'*&# o( attac #

#;M&"; 6""68I' 'P&&/)-H 6""68I' ";E-;"3%6';2 6""68I'

3.3.- R&+ot& attac #

6 remote attack is any attack that is initiated against a machine that the attacker does not currently have control overM that is, it is an attack against any machine other than the attackerDs own 4whether that machine is on the attackerDs su net or 7:,::: miles away5. "he est way to define a remote machine is thisF 6 remote machine is any machine33other than the one you are now on33that can e reached through some protocol over the )nternet or any other network or medium. STEPS 9OR REMOTE ATTAC0S "he first steps, oddly enough, do not involve much contact with the target. 4"hat is, they wonDt if the cracker is smart.5 "he crackerDs first pro lem 4after identifying the type of network, the target machines, and so on5 is to determine with whom he is dealing. Much of this information can e ac*uired without distur ing the target. 41e will assume for now that the target does not run a firewall. Most networks do not. -ot yet, anyway.5 'ome of this information is gathered through the following techni*uesF #unning a host *uery. Here, the cracker gathers as much information as is currently held on the target in domain servers. 'uch a *uery may produce volumes of information or may reveal very little. Much depends on the size and the construct of the network. /or e!ample, under optimal circumstances of e!amining a large and well3 esta lished target, this will map out the machines and )Ps within the domain in a very comprehensive fashion. "he names of these machines may give the cracker a clue as to what names are eing used in -)' 4if applica le5. ;*ually, the target Page 17

Hacking may turn out to e a small outfit, with only two machinesM in that case, the information will naturally e sparse. )t will identify the name server and the )Ps of the two o!es 4little more than one could get from a 1H&)' *uery5. &ne interesting note is that the type of operating system can often e discerned from such a *uery. A ,HOIS >u&r'. "his will identify the technical contacts. 'uch information may seem innocuous. )t isnDt. "he technical contact is generally the person at least partially responsi le for the day3to3day administration of the target. "hat personDs e3mail address will have some value. 46lso, etween this and the host *uery, you can determine whether the target is a real o!, a leaf node, a virtual domain hosted y another service, and so on.5 Runnin! #o+& U#&n&t and ,&/ #&arch&#. "here are a num er of searches the cracker might want to conduct efore actually coming into contact with the target. &ne is to run the technical contactDs name through a search engine 4using a forced, case3sensitive, this3string3only conditional search5. "he cracker is looking to see if the administrators and technical contacts sport much traffic in ,senet. 'imilarly, this address 4or addresses5 should e run through searcha le archives of all applica le security mailing lists.

3.3.2 S*oo(in! attac #

6 spoofing attack involves nothing more than forging oneDs source address. )t is the act of using one machine to impersonate another. "o understand how this occurs, you must know a it a out authentication. ;very user has encountered some form of authentication. "his encounter most often occurs while connecting to a network. "hat network could e located in the userDs home, his office, or, as in this case, the )nternet. "he etter portions of authentication routines known to the average user occur at the application level. "hat is, these methods of authentication are entirely visi le to the user. "he typical e!ample is when a user is confronted with a password prompt on /"P or "elnet. "he user enters a username and a passwordM these are authenticated, and the user gains access to the resource. &n the )nternet, application3level authentication routines are the minority. ;ach second, authentication routines that are totally invisi le to the user occur. "he difference etween these routines and application3level authentication routines is fundamental. )n application3level authentication, a machine challenges the userM a machine re*uests that the user identify him. )n contrast, non3application3level authentication routines occur etween machines. &ne machine demands some form of identification from another. ,ntil this identification is produced and validated, no transactions occur etween the machines engaged in the challenge3response dialog. Page 18

Hacking 'uch machine3to3machine dialogs always occur automatically 4that is, they occur without human intervention5. )n the )P spoofing attack, the cracker attempts to capitalize on the automated nature of the dialog etween machines. "hus, the )P spoofing attack is an e!traordinary method of gaining access ecause in it, the cracker never uses a username or password.

,ho Can B& S*oo(&d1 "he )P spoofing attack is uni*ue in that it can only e implemented against a certain class of machines running true "8P$)P. "rue "8P$)P is any fully fledged implementation of "8P$)P, or one that33in its out3of3the3 o! state33encompasses all availa le ports and services within the "8P$)P suite. %y this, ) am referring almost e!clusively to those machines running certain versions of ,-). 4only a handful is easily spoofed5. P8 machines running 2&', 1indows, or 1indows B? are not included in this group. -either are Macintoshes running Mac&'. 4)t is theoretically possi le that Macs running 6$,. and P8s running Einu! could e vulnera le, given the right circumstances.5 ) cannot guarantee that other configurations or services will not later e proven vulnera le to )P spoofing, ut for the moment the list of vulnera le services is short indeedF 6ny configuration using 'un #P8 calls 6ny network service that utilizes )P address authentication "he . 1indow 'ystem from M)" "he # services Ho% S*oo(in! Attac # ,or 1 'poofing attacks differ from random scanning and other techni*ues used to ascertain holes in the system. 'poofing attacks occur only after a particular machine has een identified as vulnera le. %y the time the cracker is ready to conduct a spoofing attack, he or she knows the target network is vulnera le and which machine is to e attacked. Hardware address spoofing is, to a certain e!tent, also dependent upon the card. 8ards that do not allow for software3driven settings of the hardware address are generally useless in this regard. Oou might e a le to report an address, ut in most instances, the techni*ue does not actually work. &lder cards support software3driven alteration of the address, usually with a 0umper setting. 4"his is done y shorting out the 0umper pins on Page 19

Hacking the card.5 6 good e!ample is the old 1estern 2igital ;thernet card. -ewer cards are more likely to automatically allow software3driven changes, whereas )#J settings may still e a 0umper issue. )t is likely, however, that in the near future, ;thernet cards may not have 0umpers at all due to the fact that plug3and3play technology has emerged. "his type of spoofing works ecause each machine on a given network segment trusts its pals on that same segment. %arring the installation of a hu that hardwire3routes packets to each machine, at least a few trust relationships etween machines will e!ist within a segment. Most commonly, those machines know each other ecause their addresses are listed within some data ase on each machine. )n )P3 ased networks, this is done using the )P address33) hope33or with the hostname. 4,sing hostnames is a potential security pro lem in itself. 1henever possi le, hard numeric addresses should e used.5 Machines within a network segment that are aware of the addresses of their pals are referred to as machines that trust each other. 1hen such a trust relationship e!ists, these machines may remotely e!ecute commands for each other with no more authentication than is re*uired to identify the source address. 8rackers can determine trust relationships etween machines using a wide range of commands or, more commonly, using scanners. &ne can, for e!ample, scan a host and easily determine whether the # services are running. 1hatever method is used, the cracker will attempt to map the trust relationships within the target network. ,hat Can B& Don& to Pr&)&nt IP S*oo(in! Attac #1 )P spoofing attacks can e thwarted y configuring your network to re0ect packets from the -et that claim to originate from a local address 4that is, re0ect packets that purport to have an address of a workstation on your internal network5. "his is most commonly done with a router. #outers work y applying filters on incoming packetsM for e!ample, they can lock particular types of packets from reaching your network.

3.3.3 T&"<n&t /a#&d attac #

"he purpose of the "elnet protocol is to provide a fairly general, i3directional, eight3 it yte oriented communications facility. )ts primary goal is to allow a standard method of interfacing terminal devices and terminal3oriented processes to each other. )t is envisioned that the protocol may also e used for terminal3terminal communication 4ClinkingC5 and process3process communication 4distri uted computation5. "elnet is uni*ue in its design with the nota le e!ception of rlogin. "elnet is designed to allow a user to log in to a foreign machine and e!ecute commands there. "elnet 4like rlogin5 works as though you are at the console of the remote machine, as if you physically approached the remote machine, turned it on, and egan working.

Page 20

Hacking "elnet can also e used in a variety of ways to attack or otherwise cull information from a remote host. %y the time this ook is released, many more "elnet attack techni*ues will have surfaced. )f you run a network and intend to supply your users with "elnet access, eware. "his is especially so on new "elnet servers. "hese new servers may have ugs that have not yet een revealed. 6nd, ecause "elnet is so interactive and offers the user so much power to e!ecute commands on remote machines, any hole in a "elnet distri ution is a critical one. )t stands in the same category as /"P or H""P in this respect 4or is perhaps even worse5. "elnet is an interesting protocol. 6s e!plained earlier, one can learn many things using "elnet. /or e!ample, you can cull what version of the operating system is eing run. Most distri utions of ,-). will report this information on connection. )t is reported y at least one authoritative source that various scanners use the issue information at connect to identify the type of system 4'6"6- eing one such scanner5. "he operating system can generally e determined y attacking any of these portsF Port 97F /"P Port 9<F "elnet 42efault5 Port 9?F Mail Port @:F Hopher Port A:F H""P )n their now3famous paper, C)mproving the 'ecurity of Oour 'ite y %reaking into )t,C 2an /armer and 1ietse Qenema point out ports that can e attacked. 'pecifically, they address the issue of port =:::F . windows is usually on port =:::...)f not protected properly 4via the magic cookie or !host mechanisms5, window displays can e captured or watched, user keystrokes may e stolen, programs e!ecuted remotely, etc. 6lso, if the target is running . and accepts a "elnet to port =::: that can e used for a denial of service attack, as the targetDs windowing system will often Cfreeze upC for a short period of time. . "erminals are generally diskless clients. "hese are machines that have the are minimum of hardware and software to connect to an . server. "hese are most commonly used in universities and consist of a 7@C or 7BC screen, a ase, a key oard and a mouse. "he terminal usually supports a minimum of > mega yte of #6M ut some will hold as much as 79A mega ytes. . terminals also have client software that allows them to connect to the server. "ypically, the connection is via fast ;thernet, hardwired to the ack of the terminal. . "erminals provide high3speed connectivity to . servers, coupled with high3powered graphics. "hese machines are sold on the )nternet and make great CadditionalC terminals for use at home. 4"hey are especially good for training.5

Page 21

Hacking 6nother interesting thing that "elnet can e used for is to instantly determine whether the target is a real or virtual domain 4this can e done through other methods, ut none perform this function *uite as *uickly5. "his can assist a cracker in determining e!actly which machine he or she must crack to reach your resources or, more precisely, e!actly which machine he or she is engaged in cracking. ,nder normal circumstances, a real domain is a domain that has een registered with )nter-)8 and also has its own dedicated server. 'omewhere in the void is a o! with a permanent )P address, and that o! is attached permanently to the )nternet via 9A.AI ps modem, )'2-, ?=I ps modem, frame relay, "7, "<, 6"M, or perhaps, if the owner spares no e!pense, '&-;". 6s such, when you "elnet to such a real site, you are reaching that machine and no other. Qirtual domains, however, are simply directories on a real server, aliased to a particular domain name. "hat is, you pay some )'P to register your domain name and create a directory on its disk where your virtual domain e!ists. "his techni*ue allows yourRcompany.com to mas*uerade as a real server. "hus, when users point their rowsers to www.yourRcompany.com, they are reaching the )'PDs server. "he )'PDs server redirects the connection re*uest to your directory on the server. "his virtual domain scheme is popular for several reasons, including cost. )t saves your company the trou le of esta lishing a real server and therefore eliminates some of these e!pensesF Hardware 'oftware 9>3hour maintenance "ech support %asically, you pay a one3time fee 4and monthly fees thereafter5 and the )'P handles everything. "o crackers, this might e important. /or e!ample, if crackers are a out to crack your domain33without determining whether your machine is truly a server33they may get into trou le. "hey think they are cracking some little machine within your internal offices when in fact, they are a out to attack a large, well3known network provider. "elnet instantly reveals the state of your server. 1hen a cracker initiates a "elnet connection to yourRcompany.com 4and on connect, sees the name of the machine as a node on some other, large network5, he or she immediately knows that your address is a virtual domain. Moreover, "elnet can e used for other nefarious purposes. &ne is the ever3 popular rute3force attack. ) am not sure why rute3force attacks are so popular among young crackersM almost all servers do some form of logging these days. -evertheless, the techni*ue has survived into the 7BB:s. "hese attacks are most commonly initiated using Page 22

Hacking "elnet clients that have their own scripting language uilt in. "era "erm is one such application. "era "erm sports a language that allows you to automate "elnet sessions. "his language can e used to construct scripts that can determine valid usernames on a system that refuses to cough up information on finger or sendmail3e!pn *ueries. Qersions of "elnet reveal this information in a variety of ways. /or e!ample, if a ogus username is given, the connection will e cut. However, if a valid username is given, a new loginF prompt is reissued. Moreover, "elnet is a great tool for *uickly determining whether a particular port is open or whether a server is running a particular service. "elnet can also e used as a weapon in denial3of3service attacks. /or e!ample, sending gar age to certain ports on an -" 1e server under ))' can cause the targeted processor to 0ump to 7:: percent utilization. )nitiating a "elnet session to other ports on an -" 1e server can cause the machine to hang or crash. "his is particularly so when issuing a "elnet connection re*uest to port 7<?. &ne can also crash MicrosoftDs )nternet )nformation 'erver y "elnetting to port A: and issuing a H;"...$... re*uest. #eportedly, however, that pro lem was remedied with the Microsoft 1indows -" 'ervice Pack 9 for 1indows -" >.:. )f you do not have that patch$service pack, get it. 6 good treatment of this and other pro lems can e found in the 2enial of 'ervice )nfo post, posted y 8hris Ilaus of )nternet 'ecurity 'ystems. /inally, "elnet is often used to generate fake mail and fake news. 'pammers often use this option instead of using regular means of posting ,senet messages. "here are certain options that can e set this way that permit spammers to avoid at least some of the screens created y spam3killing ro ots on the ,senet network.

4. NEED 9OR SECURITY

4.- T'*&# o( #&curit' 4.-.-. Tro?an
"he tro0an horse, or tro0an. -o other device is more likely to lead to total compromise of a system, and no other device is more difficult to detect. ,hat I# a Tro?an1 %efore ) start, ) want to offer a definition of what a tro0an is ecause these devices are often confused with other malicious code. 6 "ro0an horse is an

Page 23

Hacking unauthorized program contained within a legitimate program. "his unauthorized program performs functions unknown 4and pro a ly unwanted5 y the user. 6 legitimate program that has een altered y the placement of unauthorized code within itM this code performs functions unknown 4and pro a ly unwanted5 y the user. 6ny program that appears to perform a desira le and necessary function ut that 4 ecause of unauthorized code within it that is unknown to the user5 performs functions unknown 4and pro a ly unwanted5 y the user. "he unauthorized functions that the tro0an performs may sometimes *ualify it as another type of malicious device as well. /or e!ample, certain viruses fit into this category. 'uch a virus can e concealed within an otherwise useful program. 1hen this occurs, the program can e correctly referred to as oth a tro0an and a virus. "he file that har ors such a tro0an$virus has effectively een tro0aned. "hus, the term tro0an is sometimes used as a ver , as in CHe is a out to tro0an that file.C 8lassic )nternet security documents define the term in various ways. Perhaps the most well known 4and oddly, the most li eral5 is the definition given in #/8 79>>, the 'ite 'ecurity Hand ookF 6 tro0an horse program can e a program that does something useful, or merely something interesting. )t always does something une!pected, like steal passwords or copy files without your knowledge. 6nother definition that seems *uite suita le is that given y 2r. 6lan 'olomon, an internationally renowned virus specialist, in his work titled 6ll a out QirusesF 6 tro0an is a program that does something more than the user was e!pecting, and that e!tra function is damaging. "his leads to a pro lem in detecting tro0ans. 'uppose ) wrote a program that could infalli ly detect whether another program formatted the hard disk. "hen, can it say that this program is a "ro0an+ & viously not if the other program was supposed to format the hard disk 4like /ormat does, for e!ample5, then it is not a tro0an. %ut if the user was not e!pecting the format, then it is a tro0an. "he pro lem is to compare what the program does with the userDs e!pectations. Oou cannot determine the userDs e!pectations for a program. ,h&r& Do Tro?an# Co+& 9ro+1 "ro0ans are created strictly y programmers. &ne does not get a "ro0an through any means other than y accepting a tro0aned file that was prepared y a programmer. "rue, it might e possi le for a thousand monkeys typing 9> hours a day to ultimately create a tro0an, ut the statistical pro a ility of this is negligi le. "hus, a tro0an egins with human intent or mens rea. 'omewhere on this planet, a programmer is creating a tro0an right now. "hat programmer knows e!actly what he or she is doing, and his or her intentions are malefic 4or at least, not altruistic5. Page 24

Hacking "he tro0an author has an agenda. "hat agenda could e almost anything, ut in the conte!t of )nternet security, a tro0an will do one of two thingsF Perform some function that either reveals to the programmer vital and privileged information a out a system or compromises that system. 8onceal some function that either reveals to the programmer vital and privileged information a out a system or compromises that system. 'ome tro0ans do oth. 6dditionally, there is another class of tro0an that causes damage to the target 4for e!ample, one that encrypts or reformats your hard disk drive5. 'o tro0ans may perform various intelligence tasks 4penetrative or collective5 or tasks that amount to sa otage. &ne e!ample that satisfies the sa otage3tool criteria is the P8 8O%&#H tro0an horse. 6s e!plained in a 2ecem er 7B, 7BAB 8)68 ulletin 4C)nformation a out the P8 8O%&#H 46)2'5 "ro0an HorseC5F "here recently has een considera le attention in the news media a out a new tro0an horse which advertises that it provides information on the 6)2' virus to users of )%M P8 computers and P8 clones. &nce it enters a system, the "ro0an horse replaces 6,"&;.;8.%6", and may count the num er of times the infected system has ooted until a criterion num er 4B:5 is reached. 6t this point P8 8O%&#H hides directories, and scram les 4encrypts5 the names of all files on drive 8F. "here e!ists more than one version of this tro0an horse, and at least one version does not wait to damage drive 8F, ut will hide directories and scram le file names on the first oot after the tro0an horse is installed. ,hat ;&)&" o( Ri# Do Tro?an# R&*r&#&nt1 "ro0ans represent a very high level of risk, mainly for reasons already statedF "ro0ans are difficult to detect. )n most cases, tro0ans are found in inaries, which remain largely in non3human3reada le form. "ro0ans can affect many machines. "ro0ans are a perfect e!ample of the type of attack that is fatal to the system administrator who has only a very fleeting knowledge of security. )n such a climate, a "ro0an can lead to total compromise of the system. "he "ro0an may e in place for weeks or even months efore it is discovered. )n that time, a cracker with root privileges could alter the entire system to suit his or her needs. "hus, even when the tro0an is discovered, new holes may e!ist of which the system administrator is completely unaware.

Ho% Do&# On& D&t&ct a Tro?an1 Page 25

Hacking 2etecting tro0ans is less difficult than it initially seems. %ut strong knowledge of your operating system is neededM also, some knowledge of encryption can help. )f your environment is such that sensitive data resides on your server 4which is never a good idea5, you will want to take advanced measures. 8onversely, if no such information e!ists on your server, you might feel comforta le employing less stringent methods. "he choice reaks down to need, time, and interest. "he first two of these elements represent cost. "ime always costs money, and that cost will rise depending on how long it has een since your operating system was installed. "his is so ecause in that length of time, many applications that complicate the reconciliation process have pro a ly een installed. /or e!ample, consider updates and upgrades. 'ometimes, li raries 4or 2EE files5 are altered or overwritten with newer versions. )f you were using a file3integrity checker, these files would e identified as changed. )f you were not the person who performed the upgrade or update, and the program is sufficiently o scure, you might end up chasing a phantom tro0an. "hese situations are rare, true, ut they do occur. Most forms of protection against 4and prevention of5 tro0ans are ased on a techni*ue sometimes referred to as o 0ect reconciliation. 6lthough the term might sound intimidating, it isnDt. )t is a fancy way of asking C6re things still 0ust the way ) left them+C Here is how it worksF & 0ects are either files or directories. #econciliation is the process of comparing those o 0ects against themselves at some earlier 4or later5 date. /or e!ample, take a ackup tape and compare the file P' as it e!isted in -ovem er 7BB? to the P' that now resides on your drive. )f the two differ, and no change has een made to the operating system, something is amiss. "his techni*ue is invaria ly applied to system files that are installed as part of the asic operating

4.-.2. 9ir&%a""
,hat I# a 9ir&%a""1 6 firewall is any device used to prevent outsiders from gaining access to your network. "his device is usually a com ination of software and hardware. /irewalls commonly implement e!clusionary schemes or rules that sort out wanted and unwanted addresses. "o understand how work firewallsM consider some of the su 0ects discussed earlier in this ook. /irst, most simple authentication procedures use the )P address as an inde!. "he )P address is the most universal identification inde! on the )nternet. "his address can e either a static or dynamic addressF 6 static )P address is permanentM it is the address of a machine that is always connected to the )nternet. "here are many classes of static )P addresses. &ne class can e discovered y issuing a whois *ueryM this class consists primarily of top3level machines in a network, such as domain name servers, 1e servers, and root3level machines. "hese actually have registered hostnames within the whois data ase at )nter-)8. Page 26

Hacking &ther classes of static )P addresses are addresses assigned to second3 and third3 level machines within networks dominated y domain name servers, root servers, 1e servers, and so on. "hese also have permanent physical addresses. However, these machines might or might not possess a registered hostname. )n any event, their addresses are registered as well. 6 dynamic )P address is one that is ar itrarily assigned to a different node each time it connects to a network. 2ynamic )P is often used y )'Ps for dial3up access33each time a node dials up, it is assigned a different )P address. 1hether your address is static or dynamic, it is used in all network traffic that you conduct. 6 1e server records your )P address when you re*uest a 1e page. "his is not to intrude on your privacyM it is done so that the server knows how to send you the re*uested data. )n a similar fashion, all network services capture your )P 4either temporarily or permanently5 so they can return data to your address. )n essence, it works much like the postal serviceF )magine if every letter mailed had a return address. &n the )nternet, things are 0ust so. "he )P is the return address.

TYPES O9 9IRE,A;;S
"here are four types of firewalls. Th& r&+ot& #&r)&r or Pro6' S&r)&r: )t is essentially a computer which checks the packets of information eing sent over the network to e certain they are safe. )t locks unsafe packets and allows those to pass that are safe. Scr&&nin! rout&r#F "hese connect two or more computers together to make a network, are the most asic type of firewall. Oour )nternet connection is attached to the router and you access the )nternet through your internal network. "wo or more computers can share the )nternet connection and e protected y the firewall, which is uilt into the router, at the same time. Hi!h #&curit' n&t%or "&)&" (ir&%a""# F "hese firewalls compare the it patterns of data packets eing sent over the network to data packets that are listed as eing CtrustedC or safe. "hese firewalls are used to help stop 2&' 4denial of service5 attacks. "hey also use dynamic packet filtering to automatically control the flow of data through the ports, to minimize the num er of open ports at any given time to help stop hackers from gaining access to the network. Th& #o(t%ar& (ir&%a"": )t is pro a ly the most common type. )t is a software program running on your computer that allows the data to pass through it, if you have programmed the software to allow it. Oou simply select which of your applications, like we rowsers, email client, m)#8, etc. you want the CfirewallC Page 27

Hacking to allow to access the )nternet. "hese firewalls are mainly designed to protect the single computer that is running the software.

5 . SE@EN ,AYS TO PROTECT SYSTEMS 9ROM HAC0ING

Here are seven simple, effective steps that network administrators can take to protect their systems. I+*"&+&nt a (ir&%a"" 33 6 firewall is a arrier that keeps hackers and viruses out of computer networks. /irewalls intercept network traffic and allow only authorized data to pass through. D&)&"o* a cor*orat& #&curit' *o"ic' 33 ;sta lish a corporate security policy that details practices to secure the network. "he policy should direct employees to choose uni*ue passwords that are a com ination of letters and num ers. Passwords should e changed every B: days to limit hackers a ility to gain possession of a functioning password. 1hen someone leaves company, immediately delete the user name and password. "he corporate policy should outline conse*uences for network tampering and unauthorized entry. In#ta"" anti<)iru# #o(t%ar& 33 6ll computers should run the most recent version of an anti3virus protection su scription. )deally a server should e configured to push virus updates out periodically to all client systems. ;mployees should e educated a out viruses and discouraged from opening e3mail attachments or e3 mail from unknown senders. 0&&* o*&ratin! #'#t&+# u* to dat& 33 ,pgrade operating systems fre*uently and regularly install the latest patches or versions of software, which are often free over the 1e . DonAt run unn&c&##ar' n&t%or #&r)ic&# 33 1hen installing systems, any non3 essential features should e disa led. )f a feature is installed ut not actively used, Page 28

Hacking it is less likely to e updated regularly, presenting a larger security threat. 6lso, allow only the software employees need to do their 0o effectively. Conduct a )u"n&ra/i"it' t&#t 33 8onducting a vulnera ility test is a cost3effective way to evaluate the current security program. "his test highlights flaws and limitations in the program, and e!perts can offer suggestions for improvement. "he est method for conducting a vulnera ility test is to contact a computer consulting company and provide access to your system for a day or two. "his will provide ample time for network appraisal and follow3up discussion and planning. 0&&* in(or+&d a/out n&t%or #&curit' 33 -umerous ooks, magazines and online resources offer information a out effective security tools and (lessons learned. 6lso, the 1e provides ample and very current information a out security S type in the key words (network security.

7. THE BENE9ITS O9 HAC0ING

6 enefit to the computer community is the free3wheeling e!ploration of systems y the enign hacker. /reedom and control may e incompati le attri utes of such an environment, ut it is clear that the tasks of program or system usage in a productive setting are not amena le to the recognition and acceptance of ugs and errors. &n the other hand the challenge of testing may e a logical outlet for hacking inclinations in the make3up of a programmer. )n several cases systems have een purposely e!posed to hackers to test their security and their ro ustness. )n 7BAB EeeMah 2ata8om 'ecurity 8orporation challenged hackers to retrieve a secret message hidden in a computer in 6tlanta. 6fter giving the potential intruders a phone num er and password, they were asked to retrieve a hidden message in the system. "he prize was to e an eight3day, seven night, all3e!penses paid trip for two to 't. Moritz or "ahitiK )n a seven3day period, with the rate of calls starting at 7:: calls per hour on the first day, @,>@= attempts to access the critical message were attempted. -ot one attempt succeededK "he company claimed to have Cproven that a system ... will effectively meet the needs of dial3up access systemsC and users Cneed not accept arduous, user3hostile telecommunications security plansC. "he challenge was repeated in 7BB: with two sites, with the same asic start3up information, ut with the challenge period e!tended to two weeks. &nce again the system resisted intrusion. Gohn "uomy stated Cthe pro lem with all the coverage of successful hacker reak3ins is that some people might get the impression that these hackers are invinci le, or that the /%) arrests of some of them will act as a deterrent. "he fact is that the government couldnDt possi ly arrest all the hackers out there, and certainly not guarantee the safety of the nationDs computers. 1e elieve strongly that computer crime can e prevented, ut that usinesses have to do it themselvesC.

Page 29

Hacking

8. THE PSYCHO;OGY O9 HAC0ING $ PROGRAMMING

"here is a certain allure to computing which is difficult to replicate in other environments. )n many respects computing is always CrealC rather than merely an e!ample or model, though there is e*ually always the hope for more power and greater facilities to do igger and etter hacks. 1hereas in other endeavors the development of a pro0ect such as a hot3rod car or a trip to Hawaii costs real dollars, computing costs nothing 3 it is a utility. 2riving a hot3rod on a dirt strip is also fraught with real physical danger, while hot3rodding a computer is safe. "he computer does not hit ack even when the worst of effects are programmed. ;ven the non3hacker and the non3programmer are affected y the computer. 1ith the advent of e3mail systems, one can easily recognize the change in personality with comes from a non3evasive form of communication. Persons who are puppy dogs in face3 to3face communication ecome wolves when they do not have to look into the eyes of the receiver and are not threatened physically y their te!tual com atant 6ccess to 8omputers 3 and anything which might teach you something a out the way the world work 3 should e unlimited and total. 6lways yield to the Hands3 &n )mperativeK 6ll information should e free. Mistrust 6uthority 3 Promote 2ecentralization. Hackers should e 0udged y their hacking, not ogus criteria such as degrees, age, race, or position. Oou can create art and eauty on a computer. 8omputers can change your life for the etter. Hacking, whether it is enign or felonious, is associated with learning and e!ploration. 1hile there are elder hackers, they grew up from the hacking covens of youngsters interested in e!ploring and e!ploiting the new ethereal world of electronic tripping. %ut like so many other new technologies, the growth of the amateur capa ilities and the sharing of findings, soon outgrows the normal and Page 30

Hacking the usefulM to find an area in which to make a mark re*uires an e!cursion into the not so accepta le domains.

:. ,HAT HAC0ERS CAN STEA; 9ROM YOUR COMPUTER

Personal information, names address, financial information, even the account information for your )'P and passwords, in short anything stored on your computer can e o tained y the hacker. "he "ro0an may even e a le to record each and every keystroke you make, save the info to a hidden file and then when you go online upload the file to the hackerDs computer. "his means that even if you donDt keep personal info or passwords on your computer the hacker can still o tain them from the keystroke log he uploaded. ) 0ust have one computer for my personal use, why would a hacker other with me+ "here are a num er of reasons why a hacker would want to ClookC at your computer. He may find your credit card num er stored there from uying online, or use the information gleaned from your computer to use your )'P account for illegal activity, like distri uting child pornography. &ne of the most recent uses of "ro0ans is to cause 22o' 4distri utive denial of service5 attacks. )n a 22o' attack, the client commands all of the CserversC located on individual P8s to attack a single we site. "housands of individual P8s can e commanded to access a we site like e%ay or Oahoo at the same time, clogging the siteDs andwidth and causing an interruption of service.

B. CONC;USION
Hacking is a very road discipline, which covers a wide range of topics. "he comple!ity of hacking allows us only to scratch the surface of it. 1ith increases in computer technology, as well as increases in integration of computers into everyday life, it is evident that there is a place for hackers in the future ut finding where they will stand is something that only time can tell. Hacking caused an international pro lem when the ,nited 'tates government thought a out using it as a weapon to derail Ougoslav war forces. -o international solution can e proposed ecause the nations of the world do not have the same ideas, laws and punishments governing hacking. Hacking has the potential to disrupt the economy, create international tension and ruin the lives of ordinary citizens world wide. "he very technology that rought the world together 4the computer5, is now the central focus in a plague tearing the world apart.

Page 31

Hacking

-.. BIB;IOGRAPHY
BOO0S
7.,nofficial Huide to ;thical Hacking y 6nkit /adia 9.-etwork 'ecurity y 6nkit /adia

,EBSITES
www.ask0eeves.com www.altalavista.com www.cert.org www.hackingtruth.com www.packetstroms.com

Page 32

Hacking

Page 33