OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archives: Re: new topic-professional hacking tecniq

Re: new topic-professional hacking tecniques

REID FOX (reidfoxdirect.ca)
Wed, 3 Nov 1999 10:29:26 -0800

-----Original Message-----
From: Steven M. Bellovin <smbresearch.att.com>
To: REID FOX <reidfoxdirect.ca>
Cc: firewall-wizardsnfr.net <firewall-wizardsnfr.net>
Date: Wednesday, November 03, 1999 7:13 AM
Subject: Re: new topic-professional hacking tecniques

>In message <007901bf255e$5ecfe660$>In message <007901bf255e$5ecfe660$1753f4ccreidfox>, "REID FOX" writes:
>
>>On a cable system where they are assigned a static IP and when their
system
>>will tend to be online more often however you may trace directly to their
>>"parents" PC .
>>Therefore it may be possible to resolve the problem directly without even
>>bothering to notify ISP's who im sure have better things to do.
>>Basically my statement says there are certain advantages to a static IP
>>system over a dynamicly assighned IP system for non-spoofing hackers.
>>So in some cases this may be easier than dealing with an ISP and his IP
pool
>>who has better things to do.
>>>One note: if the source IP is recorded along with a timestamp, an ISP
should
>have logs indicating which account was using that IP at that time. There
>are of course instances where the source IP doesn't show up (from a
slightly
>more intelligent attack), but these instances would not reveal a cablemodem
>IP either.
>
>Sean
>
I was simply stating that with a static IP system it would be possible to
identify an individual customer without aid from the ISP Reid
>>
>First, don't assume that all cable systems assign static IP addresses --
some
>don't. Some even use NAT, so that you can only reach someone more or less
>contemporaneously with the time they're annoying you.
>
>Besides -- what can you do to them that is legal and ethical?
>
> --Steve Bellovin
>
>Legal and Ethical ? Right now there are only two choices .
1: e-mail the ISP and ask them to deal with it
2:block that ISP from access.
>
However if say ISP's start to use static IP addresses for their client's
then perhaps the ISP's could post a directory (a whois) not with any
sensitive personal info but maybe just an e-mail and a name. That would make
users more accountable just as Domains are accountable (or known) on the
net. I cant see any honest client having a big problem with that. Like I
said before this is no security cure but it is however a step in the right
direction.
eg. Your getting some degree of attack from a certain IP regularly.
You trace it back to an ISP look it up in the ISP's whois list
e-mail the person "are you aware of ......? If this continues your ISP will
be notified ...."
the next day you get a reply from a parent of some script kid "I use this
PC for business ..... dont know whats happening"
send reply "If you have portscan , crackers. BO Netbus etc on your system
then someone is using your PC unethically, you should uninstall these
applications otherwise your system has been compromised etc etc.."
I am sure that an honest person wether they know computers or not would
promptly deal with it and if your lucky and the person does know a little
bit about these things then now the seasoned hacker is unaware that his mask
is off.
The advantage of this is
1: If it's a teen then the parents are informed without getting into trouble
with their ISP (ISP dont need to be involved)
2: Also the parents do not allow this to continue because they now know what
certain apps are. (cracker BO Netbus etc) where before they had no idea
what their kids were capable of doing with these strange programs.
3: The new ISP when the parents get sucked into thinking that they were
wrongfully cut off, does not have to deal with it.
4: One more future hacker on the road to ethics.
Now the question is who has to deal with this growing problem?
The ISP's or the Parents?

This archive was generated by hypermail 2.0b3 on Fri Nov 05 1999 - 01:15:33 CST