Slashdot Mirror
Dvorak Takes On The Crackers
rozerumn sent us linkage to another fun and exciting Dvorak column. In this weeks episode he takes on the crackers. Offers views on whats happening in the area. Flamboyant as always.
← Back to Stories (view on slashdot.org)
In fact, I suspect one is underway already, although I have no evidence of it. It's just a sense I have.
I had the same feeling. It's like millions of port scanners were logging hackable ports, and then were suddenly silent.
What punishment would be appropriate for these "kids" who get their hands on some programs and start mesing around? How far is too far? Try catching everyone that has ever used a ping attack. Would their be a fair way to bust people? Could you arrest somon because they were "at the wrong place at the right time"? I don't think that their is a way to control what is happening. At least not from the standpoint of some sort of law enforcement. The internet by nature will be hard to regulate, but do we want to regulate it the same way we regulate laws such as J-walking? If it possible to enforce laws about the internet the same way as we would try to enforce laws that can be physically proven? What kind of investigations would we conduct and what kind of evidence would we use to prove a case?
This is why the internet will never be (completely) regulated.. At least not in the forseeable future. Do we really want to have everything we do watched? I think not..
((Mark this what you will.. I just went off and it is late))
"I couldn't give him (Bill Gates) advice in business and he couldn't give me advice in technology." Linus Torvalds
...invent some router or switch that can be programmed with some kinda of connection login?
= -=-=-=-=-=-=-=-
IE...wouldn't DoS attacks become impossible if routers could be programmed with somethink like "if number of packets from A to B on port X > Y, drop connection A". Sorta like how most IRC servers have flood protection, where if you try to flood the IRC server with information requests (in an attempt to split that server from the network), the server simply disconnects you. Or how mail servers that detect you are sending "too much mail" can drop your connection until they can see if you are a potential spammer"
The technology clearly exists to cap transfer rate (as @Home does with my connection) so why can't it simply have a quote assigned to abused ports like what ping, tracert, NetBios, and the various trojans use?
Blocking the traffic at the endpoint slows down every connection along the way. Internet service providers who don't want to support this kind of traffic should be able to automatically disconnect
you if are being abusive. It might also be possible to monitor WHAT is being sent (multiple packets that contain the exact same thing). This forces the attacker to generate some kinda of random information...which increases the size of the connection transmission and slows them down.
I clearly know nothing about this, or I'm sure someone would have such a device already, so I'm interested in seeing why this type of protection is not possible.
- JoeShmoe
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
"Smurf attack came from an @Home user. I have his IP address..."
Correct me if I'm wrong but... the IP address of a smurfed packet show the targets IP address rather than the attackers. Bad Person A sends an ICMP Ping packet to an broadcast address with the packets source address spoofed to look like it came from victem B. So all the (broken/misconfigured) hosts on the network respond to the broadcast ping and send their reply to the victem. A sends 1 packet, B gets (up to) 254 packets and dies.
Just worries me that some (possibly) innocent user is now going to get hasseled becasuse Dvorak put the hard word on @Home (and maybe @Home listened to save embarasment on Dvorak's website.) Actually I doubt it would really come to that in this case but it's a distrubing notion. Yes crackers/script kiddies are bad. But theres no TurnKey solution to them like BlackICE(what ever that is). If you don't know what your security monitor is telling or what to about it you're no better off. Maybe worse of for thinking yourself safe when you're not.
... with eskimo chains i tatto my brain all the way...
I thought Dvorak made one good point. Making examples of script kiddies will reduce their numbers but transform the remainder into really angry and careful hackers.
This situation isn't much different from drugs, as long as people want to do them, a way will be found. All law enforcement can do is arrest the least talented and make the rest more cautious and better armed.
I'd prefer to see hacking winked at, but actual damage responded to in a proportionate matter. If someone hacks a hospital and someone dies, that's murder, laws exist. If someone brings a financial system down, that's war or terrorism, call out the troops. We need to get across the idea that stupid hackers are those that damage, not those that can simply be caught.
* an online programming comp : sure schools run them, but it often takes teams of four or five and you have to travel and have a teacher in on it, etc etc. often, at a small school like mine it's hard to find 5 friends who know enough/care enough to enter with you. if you could do it online, by yourself, you could really test yourself against some challenging problems and peers. i did a fantastic uni assignment where we wrote java robots that played against each other in a constant battle ; everyone was ranked by how much money they made ...something like that maybe?
*a teengnu project, or something like that. sure, at highschool i didn't know about good programming techniques, oo theory, data structures, etc ... but i would have loved to learn. we don't know enough to start contributing to kernal code, but surely there is something we could put together?
*a online buddy system with undergraduates or something, passing on linux/programming tips to a new generation. if someone had of told me about, for example, binary trees, i'm sure i could have researched and implemented them in highschool (maybe to kick ass in the online programming comp battle thing!)
* put your ideas here! you've all been (or are, bored teenagers, what would you have liked?
Many organisations are very lax on security, mostly due to the fact that management are clueless.
The site I currently contracting for will soon be rolling out an internet based financial system, which is planned to go live next month. (I won't give too many details).
The specifications for both the OS of the web server and the intrusion detection systems have changed this week. The whole system has been badly planned from the outset.
The intrusion detection systems are of the hardware only system - how the hell are they going to keep them up-to-date with the latest attacks?
I hope that they get stung badly when it goes live, and I hope that leads to dimissals of many of the complacent management here.
Other problems come into the issue of prosectuing hackers (read crackers) when you consider the very nature of the system used by them, the internet. That is, the hacker does not need to be in the same place (or even country) as the system they are trying to hack/crack/infiltrate, so if they are to be prosecuted for any damage done, whos laws are followed? The country in which the damage was done, they country the hacker is in, or should new provisions in international laws be made? And what about countries that are hostile, or simply decide not to submit to the system used? Should the prosecuting country invade them (being ofcourse the extreme case). Then we run into the problems of wrongful prosecution, which although provided for in conventional law, is a much easier mistake to make in an online environment when the hacker is good and decides to take adequate precautions against getting caught. Electronic fingerprints are much easier to fake than real ones...
phear us?
--frank[at]unternet.org
eaasiest thing for you is to learn IP chanins and
and make yourself a nice paranoid firewall.
Yup, he's right - we need a massive worldwide sting to wipe crackers off the face of the planet. In fact, I think we should go a step further, and introduce an international key escrow system whereby we all have to hand over private keys for encryption to the government so that they can have access to all of our data at any time. Even better, we should probably all have barcodes tattooed on our wrists that get scanned every time we log onto the internet, so that our activities are logged and there's no way anybody could make any kind of security breach without the people who control the traffic lights knowing about it.
--
Everything I know in life I learnt from
Don't know about the FBI, but I've always suspected that the real hackers use the script kiddies to test out some of their alledged exploits, especially if testing it out yourself could be dangerous.
Why does this thing seem like it took him 30 seconds to whip out?
I mean talk about content free, not to mention completely unresearched.
"I have the feeling theres, like, this sting or something, whoa."
"Like those kiddie porn rings, yah they stopped those, dude, all right!"
"No operating system is, like, invulnerable, like."
"OMG! Like there was this one dude, he like, tried to telnet to my machine, but fortunately it was a windows box, and thats, like, secure, because i have this firewall and stuff and doesn't let people telnet like into it."
Another GREAT article from that bastion of cluelessness that is Dvorak. God, if it wasn't for journalists like him, how WOULD we get our mass-market news?
Guess what, guys: dictionaries (and Jargon Files) don't define language. Usage does.
Years of the media using hackers as a synonym for "someone who cracks systems" has made it an acceptable use. Stop fighting it and deal.
Of anyone in the media, Dvorak knows this. He's started using hacker because it's the only word most of the Real World understand. This guy HAS been in the industry longer than you. Don't pull the argument that "when I was young we just had [mechanical relays | punch cards | TRS-80 | IBM XT | iMac ]."
I just wanted to post before someone else bitched about it.
-Chris
Tune into next week's episode, where the fearless Dvorak discovers the woes of Windows 95 file sharing!
Seriously, people should assume that port scans are headed their way on a regular basis - and anyone who doesn't at least have a NAT router (I know NAT isn't a real firewall, but it'll beat 99.9% or the script kiddies out there) between themselves and the Internet should go out and get _some_ kind of firewall - the cable and DSL providers should be recommending these to all their customers, or at least implementing basic firewalls within the cable/DSL modems. At this point, everyone should implement some form of packet filtering - there's just too many script kiddies out there to assume any trust at all.
Sucks, don't it?
- -Josh Turiel
-- Josh Turiel
"2. Do not eat iPod Shuffle."
Get IPs out of the argument. We all know how easy it is to spoof IP information. The issue here is the physical connection.
= -=-=-=-=-=-=-=-
If attacker formats packets to spoof the source as IP 1.2.3.4 then it still has to come from somewhere. IF it comes from another router, then the first router is simply ignoring packets with IP 1.2.3.4 from that router. It has no effect on the data flowing from the REAL 1.2.3.4 many many hops away.
So if you wanted to truly reverse DoS 1.2.3.4 then you would either have to A) spoof the attack to a huge number of routers that you know 1.2.3.4 connects through...in which case your attack has been diluted and unlikely to truly work or B) attack the one or two routers that serve as 1.2.3.4's entry point...which is basically the very kind of DoS attack the routers are now trained to block.
At some point...it all tracks back to a unique MAC address so there is at least ONE router in the whole world that can stop an abusive stream at the source...witout even looking at IP information at all.
And again...in case I haven't made it clear...
YES the extra thinking will slow down the routing of packets but DoS attacks are already slowing down that same routing of packets. If you spend a couple extra milisecond of thinking to decide to exclude DoS information that can last minutes or even hours there is going to be an increase.
Script kiddies love to attack EFNet servers to split them off the network and gain ops in a popular channel. So IRC server started using a policy where no ops are giving during a split. Thus, they are no longer a target because there is no reason to attack those servers and quality of service increases.
Likewise, if script kiddies find that a certain route point drops their ping flood, they have to find another route until eventually no routers will carry that traffic at all.
- JoeShmoe
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
Take a classic board game and write your own computer version of it. Program "perfect" play for the computer player. Write a program to "solve" checkers through brute force. Write a fractal viewer with a cool zoom-in feature. Write a dense linear algebra package. Write a sparse linear algebra package. Get the edition of Numerical Recipes without the code and implement all the algorithms therein. Get the NR code and time test your implementations against theirs. Beat the times of the NR algorithms.
Still bored? Write a fluid dynamics code. Add viscosity. Add MHD. Add self-gravity. Add adaptive grids.
Download all the cracking scripts and figure out how and why they work. Fix the holes they exploit. Find a missing feature in Linux that really annoys you and add it. If you are at a loss I have a couple of suggestions.
Download the Infocom engine and write your own adventure. Write your own MUD or chat program.
That's just off the top of my head, but I think you get the idea. Any teen who is so "bored" with computers that he can think of nothing better to do than to break into other people's machines and cause trouble is either pathetically uncreative or just plain ornery. Which one are you?
(Sigh. Not even 30 and already an "old fart". That's got to be some kind of record.)
-r
Wow. You rarely see anyone invite slander and defamation suits from tens of thousands of people at one time.
But what I find *really* interesting is his "Cause" . What "Cause" is this, exactly?
Prosecuting people for lawful assembly?
Prosecuting people for encouraging meaningful and fair competition in a major economic sector?
Prosecuting people for daring to say that the Emperor has no clothes?
Mr/Ms Sessions, if that's your name, exactly what crime is it you're alleging me of committing by frequenting SlashDot and the development mailing lists? My lawyer *really* wants to know....
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
- Dvorak writes an inflamatory article (aka: Troll).
- The link to the article spreads amongst the target community (ie: Unix/MacOS/BeOS users, hackers, people of intelligence.)
- Everyone in the targeted audience clicks on the link to the article, sometimes more than once.
- ZDNet counts every time Dvorak's page is served.
- ZDNet sends a bill to the owners of the ad banners on Dvorak's page.
- ZDNet and Dvorak are swimming in money.
- Dvorak decides he needs a new car, and composes his next inflamatory article.
Thus the circle is complete again. And ZDNet is a bit more richer.Why else would Dvorak have a job?
--
NetInfo connection failed for server 127.0.0.1/local
Says HERE
BlackICE was designed for multiple platforms, but currently does not run on Linux. However, it detects many attacks directed against Linux machines, such as the rpc.mountd overflow.
DETAILS We plan to support UNIX platforms, especially Linux, in the future. This page will be updated in the future as we get more information.
I installed it on a Windoze and found it useful. I watched it detect a NetBus probe-- the icon flashes and you are given the date, time, info, and IP address. When you select the attack for more info it brings up a web page telling you what the attack is, how common it is, not to panic, what you can do about it, including a submit-the-IP address option that tells you to what ISP the attacker's IP (theoretically) belongs to. The info was easy-to-understand and direct so that non-techies won't panic if they read it-- and that's obviously who the product is geared towards.
Overall, it has an intuitive GUI, logical tracking methodology, and is a thorough product.
Good for them (although I concurr that they REALLY should remove an enorsement from JP)...
diva Pasty Drone NewsTrolls, Inc.