DOS Attacks
A second type of hacker war is denial of service (DOS)attacks.
Because they harm many people other than the direct targets,
DOS may well be the most serious type of hacker war.
Spammers are a favorite target of DOS warriors. Spammers also,
if my sources are telling the truth, fight back. The weapon of
choice on both sides is the mail bomb.
Recently (June-Oct. 1997), hackers fought a massive war against
spammer kingdom Cyber Promotions, Inc. with the AGIS Internet
backbone provider caught in the middle. Cyberpromo went to court
to force AGIS to give it Internet access (AGIS eventually won
and kicked off Cyberpromo). But in the meantime it was seriously
hurt by a barrage of computer vandalism.
While the vandals who attacked AGIS probably think they have
a good cause, they have been doing more damage than any hacker
war in history, and harming a lot of innocent people and companies
in the process.
According one source on the AGIS attacks, "The person
who really did it 'owned' all of their machines, their routers,
and everything else inbetween (sic)." So, although the attacks
on AGIS apparently consisted of computer break-ins, the use of
the break-ins was to deny service to users of AGIS.
********************************************************
Newbie note: An Internet backbone is a super high capacity communications
network. It may include fiber optics and satellites and new protocols
such as Asynchronous Transfer Mode. An outage in a backbone provider
may affect millions of Internet users.
********************************************************
********************************************************
You can go to jail warning: Attacking an Internet backbone provider
is an especially easy way to get a long, long stay in prison.
********************************************************
Other DOS attacks include the ICMP (Internet Control Message
Protocol) attacks so familiar to IRC warriors; and an amazing
range of attacks on Windows NT systems. http://www.dhp.com/~fyodor/
has a good list of these NT DOS vulnerabilities, while Bronc
Buster's http://showdown.org is great for Unix DOS attacks. Please
note: we are pointing these out so you can study them or test
your own computer or computers that you have permission to test. (Carolyn's note: today check
out our links page for the best exploit
download sites.)
While Windows NT is in general harder for criminals to break
into, it is generally much easier to carry out DOS attacks against
them.
********************************************************
You can go to jail, get fired and/or get punched in the nose
warning: DOS attacks in general are pathetically easy to launch
but in some cases hard to defend against. So not only can one
get into all sorts of trouble for DOS attacks -- people will
also laugh at those who get caught at it. "Code kiddie!
Lamer!"
********************************************************
Sniffing
Sniffing is observing the activity of one's victim on a network
(usually the Internet). This can include grabbing passwords,
reading email, and observing telnet sessions.
Sniffer programs can only be installed if one is root on that
computer. But it isn't enough to make sure that your Internet
host computers are free of sniffers. Your email, telnet, ftp,
Web surfing -- and any passwords you may use -- may go through
20 or more computers on their way to a final destination. That's
a lot of places where a sniffer might be installed. If you really,
seriously don't want some cybernazi watching everything you do
online, there are several solutions.
The Eudora Pro program will allow you to use the APOP protocol
to protect your password when you download email. However, this
will not protect the email itself from snoopers.
If you have a shell account, Secure Shell (ssh) from Datafellows
will encrypt everything that passes between your home and shell
account computers. You can also set up an encrypted tunnel from
one computer on which you have a shell account to a second shell
account on another computer -- if both are running Secure Shell.
You may download a free ssh server program for Unix at ftp://sunsite.unc.edu/pub/packages/security/ssh/ssh-1.2.20.tar.gz,
or check out http://www.cs.hut.fi/ssh/#ftp-sites.
If you are a sysadmin or owner of an ISP, get ssh now! Within
a few years, all ISPs that have a clue will require ssh logins
to shell accounts.
For a client version that will run on your Windows, Mac or
any version of Unix computer, see the DataFellows site at http://www.datafellows.com/.
But remember, your shell account must be running the ssh server
program in order for your Windows ssh client to work.
To get on the ssh discussion list, email majordomo@clinet.fi
with message "subscribe ssh."
But ssh, like APOP will not protect your email. The solution?
Encryption. PGP is popular and can be purchased at http://pgp.com.
I recommend using the RSA option. It is a stronger algorithm
than the default Diffie-Hellman offered by PGP.
************************************************************
Newbie note: Encryption is scrambling up a message so that it
is very hard for anyone to unscramble it unless they have the
right key, in which case it becomes easy to unscramble.
************************************************************
************************************************************
Evil genius tip: While the RSA algorithm is the best one known,
an encryption program may implement it in an insecure manner.
Worst of all, RSA depends upon the unprovable mathematical hypothesis
that there is no polynomial time bounded algorithm for factoring
numbers. That's a good reason to keep up on math news! The key
plot element of the movie "Sneakers" was a fictional
discovery of a fast algorithm to factor numbers. Way to go, Sneakers
writer/producer Larry Lasker!
************************************************************
************************************************************
You can go to jail warning: In many countries there are legal
restrictions on encryption. In the US, the International Traffic
in Arms Regulations forbids export of any encryption software
good enough to be worth using. If we are serious about freedom
of speech, we must find ways to keep our communications private.
So fighting controls on encryption is a key part of winning the
battle against repression on the Internet.
************************************************************
More on hacker wars--->>
