Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Dvorak Takes On The Crackers

CmdrTaco posted more than 14 years ago | from the stuff-to-read dept.

Technology 123

rozerumn sent us linkage to another fun and exciting Dvorak column. In this weeks episode he takes on the crackers. Offers views on whats happening in the area. Flamboyant as always.

cancel ×

123 comments

Sorry! There are no comments related to the filter you selected.

Good Article (1)

CelestialWizard (13685) | more than 14 years ago | (#1634587)

As always, Dvorak writes well and concisly. and it definately looks like we will be needing Black ICE Defender in the near future when we finally get dsl here in oz
\\||//
----ooo00ooo----

Me too. (4)

rde (17364) | more than 14 years ago | (#1634588)

In fact, I suspect one is underway already, although I have no evidence of it. It's just a sense I have.
I had the same feeling. It's like millions of port scanners were logging hackable ports, and then were suddenly silent.

Re:Good Article (1)

Blade (1720) | more than 14 years ago | (#1634589)

I had already started wondering about what to do when (A)DSL finally gets to be widespread in the UK.

I'm already sharing several machines across my dial-up access, but I'm on for such short periods and at such odd times, that I've never really been too worried about any kind of firewall.

However, (A)DSL is going to change things rather quickly I would have thought - time to start collecting lists of GPL'ed or Freeware firewall products me thinks.

What really is needed (0)

Anonymous Coward | more than 14 years ago | (#1634590)

is that people start looking at hacking as informative, not something to do pranks... I think hacking is a good thing... but I hate script kiddies

Think about it.. (2)

Ice_Hole (87701) | more than 14 years ago | (#1634591)

What punishment would be appropriate for these "kids" who get their hands on some programs and start mesing around? How far is too far? Try catching everyone that has ever used a ping attack. Would their be a fair way to bust people? Could you arrest somon because they were "at the wrong place at the right time"? I don't think that their is a way to control what is happening. At least not from the standpoint of some sort of law enforcement. The internet by nature will be hard to regulate, but do we want to regulate it the same way we regulate laws such as J-walking? If it possible to enforce laws about the internet the same way as we would try to enforce laws that can be physically proven? What kind of investigations would we conduct and what kind of evidence would we use to prove a case?

This is why the internet will never be (completely) regulated.. At least not in the forseeable future. Do we really want to have everything we do watched? I think not..

((Mark this what you will.. I just went off and it is late))

Does he have a clue!? (1)

Anonymous Coward | more than 14 years ago | (#1634592)

Why publications let articles in, writen by people that have NO CLUE what they are talking about!?

The suspected Smurf attack came from an @Home user.

If this moron knows how smurf works, he would know that the IP address of 'attacker' can not be seen - because it does NOT exist. You send a spoofed request to 'amplifiers', that then respond (those are just broadcast addresses) to the spoofed IP - which is the 'target' IP.

So, if I 'smurf' him, how is he going to get my IP address, when it's not sent to him?! What a moron... And then some people will read this crappy article, say "God, this man is so knowledgable", and follow the 'instructions'; but won't realize that all they see is - misinformation.

Usual crappy writing by Dvorak... That man should kill himself - he's really clueless.

Why can't Cisco et. al. (2)

JoeShmoe (90109) | more than 14 years ago | (#1634593)

...invent some router or switch that can be programmed with some kinda of connection login?

IE...wouldn't DoS attacks become impossible if routers could be programmed with somethink like "if number of packets from A to B on port X > Y, drop connection A". Sorta like how most IRC servers have flood protection, where if you try to flood the IRC server with information requests (in an attempt to split that server from the network), the server simply disconnects you. Or how mail servers that detect you are sending "too much mail" can drop your connection until they can see if you are a potential spammer"

The technology clearly exists to cap transfer rate (as @Home does with my connection) so why can't it simply have a quote assigned to abused ports like what ping, tracert, NetBios, and the various trojans use?

Blocking the traffic at the endpoint slows down every connection along the way. Internet service providers who don't want to support this kind of traffic should be able to automatically disconnect
you if are being abusive. It might also be possible to monitor WHAT is being sent (multiple packets that contain the exact same thing). This forces the attacker to generate some kinda of random information...which increases the size of the connection transmission and slows them down.

I clearly know nothing about this, or I'm sure someone would have such a device already, so I'm interested in seeing why this type of protection is not possible.

- JoeShmoe

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-

!Hacker (1)

frederik (86671) | more than 14 years ago | (#1634594)

This man does not know the difference between Script Kiddies, $%! Crackers and Hackers, does he?

details details... (2)

AdamT (7312) | more than 14 years ago | (#1634595)

"Smurf attack came from an @Home user. I have his IP address..."
Correct me if I'm wrong but... the IP address of a smurfed packet show the targets IP address rather than the attackers. Bad Person A sends an ICMP Ping packet to an broadcast address with the packets source address spoofed to look like it came from victem B. So all the (broken/misconfigured) hosts on the network respond to the broadcast ping and send their reply to the victem. A sends 1 packet, B gets (up to) 254 packets and dies.
Just worries me that some (possibly) innocent user is now going to get hasseled becasuse Dvorak put the hard word on @Home (and maybe @Home listened to save embarasment on Dvorak's website.) Actually I doubt it would really come to that in this case but it's a distrubing notion. Yes crackers/script kiddies are bad. But theres no TurnKey solution to them like BlackICE(what ever that is). If you don't know what your security monitor is telling or what to about it you're no better off. Maybe worse of for thinking yourself safe when you're not.

Re:Good Article (1)

jemhddar (53448) | more than 14 years ago | (#1634596)

I am unfamiliar with BlackICE beyond the fact that it is a firewall program... I am planning to run my DSL thru a linux system at my home. I assume if I use private IP addresses for my other computers they will be safe unless my router/proxy server gets rooted. Beyond the security updates, what do I need to do to secure my home network?

Repression is escalation (3)

jflynn (61543) | more than 14 years ago | (#1634597)

I thought Dvorak made one good point. Making examples of script kiddies will reduce their numbers but transform the remainder into really angry and careful hackers.

This situation isn't much different from drugs, as long as people want to do them, a way will be found. All law enforcement can do is arrest the least talented and make the rest more cautious and better armed.

I'd prefer to see hacking winked at, but actual damage responded to in a proportionate matter. If someone hacks a hospital and someone dies, that's murder, laws exist. If someone brings a financial system down, that's war or terrorism, call out the troops. We need to get across the idea that stupid hackers are those that damage, not those that can simply be caught.

kiddies hacking your PC (4)

MrDelSarto (95771) | more than 14 years ago | (#1634598)

hacking is the under-age drinking for geeks. practically everyone has had a go at it (how many people can honestly say they've never even had a guess at a root password?) but how can you stop it? well, i don't think this is rethorical. i'm only a lowly undergraduate, but in my younger years i've spent many hours trying to break my highschools lousy nt network (they give me too much work at uni to have time now). i never bothered outside school, but others i know did (playing the same old tricks with port scanners, etc..) here are some ideas i've had and would have liked to and most probably particpated in:

* an online programming comp : sure schools run them, but it often takes teams of four or five and you have to travel and have a teacher in on it, etc etc. often, at a small school like mine it's hard to find 5 friends who know enough/care enough to enter with you. if you could do it online, by yourself, you could really test yourself against some challenging problems and peers. i did a fantastic uni assignment where we wrote java robots that played against each other in a constant battle ; everyone was ranked by how much money they made ...something like that maybe?

*a teengnu project, or something like that. sure, at highschool i didn't know about good programming techniques, oo theory, data structures, etc ... but i would have loved to learn. we don't know enough to start contributing to kernal code, but surely there is something we could put together?

*a online buddy system with undergraduates or something, passing on linux/programming tips to a new generation. if someone had of told me about, for example, binary trees, i'm sure i could have researched and implemented them in highschool (maybe to kick ass in the online programming comp battle thing!)

* put your ideas here! you've all been (or are, bored teenagers, what would you have liked?

I'm waiting for a big sting. (2)

yorkie (30130) | more than 14 years ago | (#1634599)

Many organisations are very lax on security, mostly due to the fact that management are clueless.

The site I currently contracting for will soon be rolling out an internet based financial system, which is planned to go live next month. (I won't give too many details).

The specifications for both the OS of the web server and the intrusion detection systems have changed this week. The whole system has been badly planned from the outset.

The intrusion detection systems are of the hardware only system - how the hell are they going to keep them up-to-date with the latest attacks?

I hope that they get stung badly when it goes live, and I hope that leads to dimissals of many of the complacent management here.

More problems... (2)

Yeshua (93307) | more than 14 years ago | (#1634600)

Other problems come into the issue of prosectuing hackers (read crackers) when you consider the very nature of the system used by them, the internet. That is, the hacker does not need to be in the same place (or even country) as the system they are trying to hack/crack/infiltrate, so if they are to be prosecuted for any damage done, whos laws are followed? The country in which the damage was done, they country the hacker is in, or should new provisions in international laws be made? And what about countries that are hostile, or simply decide not to submit to the system used? Should the prosecuting country invade them (being ofcourse the extreme case). Then we run into the problems of wrongful prosecution, which although provided for in conventional law, is a much easier mistake to make in an online environment when the hacker is good and decides to take adequate precautions against getting caught. Electronic fingerprints are much easier to fake than real ones...

Re:I'm waiting for a big sting. (0)

Vlad_the_Inhaler (32958) | more than 14 years ago | (#1634601)

Complacent / Inept managers *never* get sacked, the ones who should be sacking them are the ones who promoted them in the first place.
The ones who get landed in it are the guys who implemented it - especially if they are contract programmers. THIS MEANS YOU :-(
You will have to move south for a new job (or across the Pennines!)

Re:Why can't Cisco et. al. (2)

Alex Belits (437) | more than 14 years ago | (#1634602)

IE...wouldn't DoS attacks become impossible if routers could be programmed with somethink like "if number of packets from A to B on port X > Y, drop connection A". Sorta like how most IRC servers have flood protection, IE...wouldn't DoS attacks become impossible if routers could be programmed with somethink like "if number of packets from A

If this ever will be used, "reverse" DoS attacks will be rampant -- it will be enough to pretend that victim's address is trying to do something "bad" (and it will be easy because checks can't implement complex checks against spoofing because then they will become CPU-intensitive and will be a victims for DoS against them), and legitimate packets from that address will be blocked by "secure" router.

Re:Why can't Cisco et. al. (2)

cg (18840) | more than 14 years ago | (#1634603)

Skimming traffic isn't that hard to do, and is already available. The issue with that is along the lines of purpose of engineering. Routers are designed to do one thing (series of things) and to do them fast and well with little overhead. As you add more and more "functionality", the device becomes more and more of a server that routes, and resource costs become more intensive.

The trip to stopping/paring this down is not to make better defenses, rather to make it more difficult to get away with. Any bank can be robbed, but with good logging and attentive surveilance, less will get away with it. Then of course laws and punishment come into play...yada yada yada...

Re:I'm waiting for a big sting. (1)

yorkie (30130) | more than 14 years ago | (#1634604)

This system has nothing to do with me, except that our team is tasked with monitoring it.

Unfortunatly due to a complete lack of knowledge throughout the departments, we still do not know exactly WHAT we have to monitor. For example, all we have been told about the intrusion detector is that it supports SNMP. They expect us to be able to instantaneously alert someone if anything goes wrong.

This job is down south, and I hate it. I'm living in lodgings all week, and desparatly need to get back up north.

Hmmm... grab all Slashdot participants? (5)

knarf (34928) | more than 14 years ago | (#1634605)

From the Talkback section:


Name: D.C. Sessions
Location: Tempe, AZ
Occupation: Engineer

So what's the problem? If anyone wants to round up most of the world's hackers, all they need to do is grab the participants on Slashdot and the various open-source developers' lists.

Hey, if that sounds expensive I'll bet that at least one corporation would be willing to pony up a billion or so for the Cause.

phear us?

The shot that you can hear, missed you (1)

Alex Belits (437) | more than 14 years ago | (#1634606)

This is true for almost everything that is supposed to run on "protected" host that is supposed to have insecure software at the same time. So Dvorak should be advised to put his "firewall" and his stories about corageously thwarted probes to his telnet and ident ports into the place that deserves them. Wait, isn't zdnet publication one of such places? Um.. nevermind.

Skriptz Kiddiez... (1)

Anonymous Coward | more than 14 years ago | (#1634607)

...wouldn't be quite such a problem if the masses (and the corporates) weren't being advised by those who: 1) Don't know a Smurf from a Clanger (or US equivalent) and 2) Recommend a $39.95 commercial firewall with a straight face. Bored Pinetop

what to do (2)

pixel fairy (898) | more than 14 years ago | (#1634608)

eaasiest thing for you is to learn IP chanins and
and make yourself a nice paranoid firewall.

Re:Why can't Cisco et. al. (2)

JoeShmoe (90109) | more than 14 years ago | (#1634609)

If this ever will be used, "reverse" DoS attacks will be rampant -- it will be enough to pretend that victim's address is trying to do something "bad"

Perhaps you misunderstand...how would this be possible since, even if you spoof an IP address, the connection still has to be received and forwarded by the router attached to the REAL address?

I'm suggesting the problem needs to be attacked well below the application layer. The data should not be processed, it should simply be compared to other data in some kinda of buffer.

IE...a single connection, like FTP, would generate a huge amount of traffic, but it would all be unique (it's safe to say no one would be downloading the same file over and over 100 times a minute). Therefore, if the router buffered the traffic, there would be no match between packets and the stream would continue.

But...multiple connection (real or spoofed, valid or incomplete) would also generate a huge amount of traffic...but there would be an obvious pattern. The router would see the same size packets with the same destination many times in a row and then simply refuse to route traffic for that REAL connection. Therefore, no routers upstream would be affected and the only thing the attacker would be DoSing is his own connection.

It's like...comparing the waveforms of a sound file and an EKG. You can easily spot the repeating pattern in an EKG by buffering just a few miliseconds. And, if the attacker enlarges the repeating portion to escape detection, he is also decreasing the number of connections per second...down to the point where a decently fast server can handle them.

IT would kill programs like GetRight with rely on hammering to get their target information AS SOON AS POSSIBLE, but really...this is software we can live without.

- JoeShmoe

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-

Re:More problems... (1)

NettRom (39971) | more than 14 years ago | (#1634610)

That is, the hacker does not need to be in the same place (or even country) as the system they are trying to hack/crack/infiltrate, so if they are to be prosecuted for any damage done, whos laws are followed? The country in which the damage was done, they country the hacker is in, or should new provisions in international laws be made?
I bet the politicians and beaurocrats can spend years trying to figure it out. But maybe they won't. Earlier this year a Norwegian got sentenced after a watch-scam using Internet watch-trading sites. His buyers where in the US and Hong Kong as far as I remember. He got caught here in Norway, and the trial and everything took place here. Therefore, maybe local laws will precide?

I'm not saying that using local laws & trials is the best way to do it, that's not for me to decide. Just thought an example would be nice.

Re:Repression is escalation (1)

SamBeckett (96685) | more than 14 years ago | (#1634611)

I think the *only* real way out of this is a major push to IP6 so we can actually get some real identities..

Granted, someone might break IP6, too-- but, that's the same as someone burning their fingerprints off to foil the fingerprint identification system (spoofing ip).

Oh, and if the internet weren't global, this might be all possible. If a random Japan native nuked my house, would the FBI *really* care?

No.

But its just something we'll all have to live with- to each his own, I guess. It's time we all stopped thinking about the "internet" as one giant computer that can be controlled;

IT CAN'T!

Can your phone company stop a prank call before you complain about it?

Does the pizza delivery place still ask you for your phone number EVEN THOUGH they have it on caller-ID ?

Does this make sense at all?

Re:Why can't Cisco et. al. (1)

xQx (5744) | more than 14 years ago | (#1634612)

Why can't Cisco et. al. Create a router which finds uneducated users running software they don't completely understand, and immediatly drop their connection to the internet.
This would leave only the people who actually know what they are doing, making a much nicer internet for all. It would even solve his problem, he would be kicked off his e-commerce network for his own protection.

That is, until someone passes a law allowing us to ban people like him from using anything more technical than a typewriter.

A word of advice for his kind:

"If you don't know what it does, DON"T FUCKING TOUCH IT"

Definitely got the right idea (2)

mischief (6270) | more than 14 years ago | (#1634613)

Yup, he's right - we need a massive worldwide sting to wipe crackers off the face of the planet. In fact, I think we should go a step further, and introduce an international key escrow system whereby we all have to hand over private keys for encryption to the government so that they can have access to all of our data at any time. Even better, we should probably all have barcodes tattooed on our wrists that get scanned every time we log onto the internet, so that our activities are logged and there's no way anybody could make any kind of security breach without the people who control the traffic lights knowing about it.

--

Re:Repression is escalation (2)

dingbat_hp (98241) | more than 14 years ago | (#1634614)

> Making examples of script kiddies will reduce their numbers > but transform the remainder into really angry and careful hackers.

I doubt this. The script kiddies I've met didn't have the brains (or more importantly, the obsessional dedication) to invent an original exploit. Capable hackers are born, not made, and although many will use a script that's there and freely available, they have even more disdain for the kiddies than most sysadmins do. You can't turn a kiddie into an inventive hacker, just by pissing them off.

3l33t d00dz are like British Admirals - we should hang the occasional one, pour encourager les autres. I don't think they should be Mitnicked into oblivion, but a good full-blown public trial, confiscation of kit and a fine is going to send a clear message that hacking is for real. Hack if you want, join the Mafia if you want, but don't think that either of these is just some new sort of RPG that's socially acceptable.

"FBI" scripts (2)

Anonymous Coward | more than 14 years ago | (#1634615)

Don't know about the FBI, but I've always suspected that the real hackers use the script kiddies to test out some of their alledged exploits, especially if testing it out yourself could be dangerous.

Re:Why can't Cisco et. al. (4)

JoeShmoe (90109) | more than 14 years ago | (#1634616)

Routers are designed to do one thing (series of things) and to do them fast and well with little overhead. As you add more and more "functionality", the device becomes more and more of a server that routes, and resource costs become more intensive.

I disagree. First of all, I think a simple comparison of an incoming packet to a previously stored packet in a buffer somewhere is not really a significant overhead. It doesn't need to check every single packet (since odds are there will be identical ones under legitamate usage) but if some kiddie tries "ping a zillion times with 32000 bytes of data as fast as possible" surely some router should be smart enough to say "uh, no" if that is it's owners wish. Operating systems don't enforce any limits on the quality and quantity of data they send, therefore I say that it is the job of the router to make that determination. If there is a valid use for "ping a zillion times with 32000 bytes of data as fast as possible" then let it find some other route, because I don't want to lose my bandwidth because of it.

Second of all...even if there is overhead, it's only price. So you have to pay for a 100Mbit router to get 10Mbit performance...costs always go down over time and the difference is that you may only have 10Mbit worth of actual data after you are able to block out abusing users absorbing data with meaningless attacks.

I've seen water valves where there is a object set perpendicular to the flow of water in the value. Water rushing over the object decreases the pressure over it, causing the object to rise and block part of the flow. Thus, a slow, steady stream can pass through but sudden spikes of high pressure will be bouced back as the value slams shut on it. Once the pressure has reduced, the flow continues as normal. Also a good comparision, I guess, would be surge suppressors.

What's my point with those two comparisons? In both cases the control is done at a VERY low level. Similarly, since there has to be a set bit format for a valid IP packet, I fail to see why it would take serious overhead to tabulate what source is sending the most packets per second and drop packets from excessively high connections so that upstream bandwidth is shared equally and abusive connections slow to a crawl.

If I understand correctly, it's not just the target server that loses in a DoS situation...it's every router along the way. Therefore I think it would be an incentive for people to pony up the resource cost so that abusers would have to route their traffic somewhere else...no?

- JoeShmoe

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-

Reverse DoS (1)

cg (18840) | more than 14 years ago | (#1634617)

Attacker wants to limit traffic coming out of target through a certain point. Attacker formats packets to spoof source as target on port X, then fires off a salvo. This router, which by now is a bulkier piece of machinery, determines that the target is abusing its transfer priveledges and is probably up to something bad.

Either traffic is halted, slowed as packets are analyzed, or these routers are amazingly epensive.

Wow. This reads like a 7th grade book report. (4)

nyet (19118) | more than 14 years ago | (#1634618)

Why does this thing seem like it took him 30 seconds to whip out?

I mean talk about content free, not to mention completely unresearched.

"I have the feeling theres, like, this sting or something, whoa."

"Like those kiddie porn rings, yah they stopped those, dude, all right!"

"No operating system is, like, invulnerable, like."

"OMG! Like there was this one dude, he like, tried to telnet to my machine, but fortunately it was a windows box, and thats, like, secure, because i have this firewall and stuff and doesn't let people telnet like into it."

Another GREAT article from that bastion of cluelessness that is Dvorak. God, if it wasn't for journalists like him, how WOULD we get our mass-market news?

Oh no (1)

majere (82696) | more than 14 years ago | (#1634619)

Uh oh,
Dvorak used the word "hacker" in the context of "cracker"

I can hear it now
the fists beating loudly against the chests of all
self righteous slashdotters out there.

just quit it, it's annoying, yes we all know that
they mean "cracker" it's been debated numerous times
we don't need to be reminded again

please? :)
----------

Dvorak's use of the term 'hackers' (3)

the_tsi (19767) | more than 14 years ago | (#1634620)

Guess what, guys: dictionaries (and Jargon Files) don't define language. Usage does.

Years of the media using hackers as a synonym for "someone who cracks systems" has made it an acceptable use. Stop fighting it and deal.

Of anyone in the media, Dvorak knows this. He's started using hacker because it's the only word most of the Real World understand. This guy HAS been in the industry longer than you. Don't pull the argument that "when I was young we just had [mechanical relays | punch cards | TRS-80 | IBM XT | iMac ]."

I just wanted to post before someone else bitched about it.

-Chris

*YAWN* (0)

Anonymous Coward | more than 14 years ago | (#1634621)

Oh please is language so static that you can't use a word that has two meanings?

To me I know that a Hacker and Cracker is different, but also know that your average muppet doesn't so I make allowances.

And big deal he was around the industry longer, doesn't make him an expert.

Re:what to do (0)

Anonymous Coward | more than 14 years ago | (#1634622)

Or, you can just use FreeBSD. Remember, it has a multithreaded network stack and would be a lot more robust than Linux as a firewall. :)

Only 10 probes and a DoS attack? (1)

stx23 (14942) | more than 14 years ago | (#1634623)

I run a windows based firewall at home on a POTS dial up, and in the space of an hour, I normally have attempts at telnet, ICQ, NetBIOS, NetBus, NetBusPro, BO & BO2K made, in addition to seemingly random ports.This of course not counting DoS floods and Christmas packets. If my forthcoming (A)DSL connection has as little attempts at a hack as Dvoraks, then I'll be happy.

Clueless. (1)

jcr (53032) | more than 14 years ago | (#1634624)

The man exposes Windoze to the net, and he thinks that the Script Kiddies are the problem?

If you use an unsecurable OS on a machine exposed to the net, and anyone wants in, it *will* be cracked.

Someone needs to fill this guy in on how to configure a router.

-jcr

Re:Hmmm... grab all Slashdot participants? (1)

akeep (62690) | more than 14 years ago | (#1634625)

Seriously... as if Slashdot was a hacking site... the only hackers that hang out here are the type the right code and work to secure there own machine... there is not a scrap of information here that I know of that would help a script kiddie anyway...

Re:Me too. (2)

A Big Gnu Thrush (12795) | more than 14 years ago | (#1634626)

They [sic] key to stopping all this hacking is a massive worldwide sting. In fact, I suspect one is underway already, although I have no evidence of it. It's just a sense I have.

The key to stopping all this bad writing on the internet is a massive worldwide clue-by-four. In fact, I suspect one is hurtling toward my head right now, although I have no evidence of it. It's just a sense I have. Maybe I should ask my editor. Nevermind, he's been fired and replaced by Word 2000.

Re:I'm waiting for a big sting. (1)

gdon (27012) | more than 14 years ago | (#1634627)

>Many organisations are very lax on security,
>mostly due to the fact that management are
>clueless

That's a pretty good point. I work as a security engineer and I have to deal with people who only consider security as something really annoying, not allowing them to use the latest trendy technique. This is valid for management and for some techies too, as long as security is seen as a completely separated discipline. Thus my position is often incomfortable. I sometimes would like to send a Usenet message saying : "Hey guys, here is an IP (xx.yy.zz.tt), crack this box just to make everyone conscious !". But I won't, I don't want to loose my job. Nevertheless, this kind of violent electroshock may be needed...

A+

Re:Why can't Cisco et. al. (1)

jsm2 (89962) | more than 14 years ago | (#1634628)

"If you don't know what it does, DON"T FUCKING TOUCH IT"

Well that's my sex life finished then.

jsm

Don't click that link. (1)

Hobbex (41473) | more than 14 years ago | (#1634629)


Dvorak has expended all his credibility a long time ago. The guy just trolls, and gets away with it because he writes for a "respected" (yeah right) source.

Stop bothering with him. Just moderate him down and go elsewhere.

-
/. is like a steer's horns, a point here, a point there and a lot of bull in between.

Dvorak going fishing? (1)

kmcardle (24757) | more than 14 years ago | (#1634630)

Does it sound like he's trying to get people to crack his home net?

If there is no news happening, you should try to make some? This sounds pretty fishy. Of course, he's going to get what he wants.

Publicity. Book deal.

Re:Me too. (1)

Anonymous Coward | more than 14 years ago | (#1634631)

No, that's just perfectly normal paranoia. And everyone in the universe has that.

Re:Clueless. (1)

Mithy (30439) | more than 14 years ago | (#1634632)

I must admit I am rather confused by all this. The idea of giving permanent Internet connections to people with absolutely no idea about Internet security - I don't know whether I should be amused or horrified.

--
"I am Blair of EU^H^HBorg. Surrender your currency and prepare to be assimilated."

Re:Think about it.. (0)

Anonymous Coward | more than 14 years ago | (#1634633)

For those "kids" an email should do, maybe from the provider. Knowing they are known and let it be at that.

I do not like the idea of someone fiddling around with my cars' locks though and the same goes for my machines, whether it is less physical or not must not matter.

It is a provider thing too though and here I am afraid there is not much to expect from the "Free Internet Access" kind. I am paying for mine but they do something already to prevent certain attacks.

Wrong title (0)

Anonymous Coward | more than 14 years ago | (#1634634)

More like "Dvorak puts on some more pounds". Whee. Johnnie found a new toy with a cool name. Does he know how to use it? Probably not. But he'll pretend he does and make some "insightful" and "witty" comments about it. This guy is pathetic.

Re:Clueless. (1)

grumpy_geek (97488) | more than 14 years ago | (#1634635)

Would you like to name a single securable OS out there? Linux? nope, OpenBSD? nope, Trusted Solaris? (what the NSA uses) nope.

People need to realise that NO OS is secure and that NO OS can be made secure (alla all OS's suck). Look how many security fixes have gone into Linux the past year alone (probably the first OS people think of when think of alternative to Windows). People have started believing that the OS alone can stop crackers, hackers and other wannabees and then whine when their "secure" system is cracked.

Do _YOU_ have a clue ? (0)

Anonymous Coward | more than 14 years ago | (#1634636)

I suggest you read things more carefully. He wrote:
and finally, one Smurf attack, which would use my system along with many others to ping a target server to death. The suspected Smurf attack came from an @Home user. I have his IP address (although this could be spoofed) and other information on him, too, if the @Home folks are interested in hearing more.

I think you want to be slightly less quick onto the bash-the-journalist-for-being-an-idiot band wagon. If you still don't get it, he was saying that someone was trying to use his system as part of a smurf attack on someone else. Just because you spoof an ip for the return ping to go doesnt mean that he cant find out where the actual 'inducement' ping really came from.

wait you forgot something.... (1)

g-penguin (99205) | more than 14 years ago | (#1634637)

summary execution! all real americans love summary execution and peanut butter sandwiches with their network security!

Re:"FBI" scripts (1)

georgeha (43752) | more than 14 years ago | (#1634638)

Don't know about the FBI, but I've always suspected that the real hackers use the script kiddies to test out some of their alledged exploits, especially if testing it out yourself could be dangerous.

Hey Bobby,

Two-A-Day and Ihad a big laugh over this,

Lucas

Re:kiddies hacking your PC (1)

QuMa (19440) | more than 14 years ago | (#1634639)

>* put your ideas here! you've all been (or are, bored teenagers, what would you have liked?

I think I can safely say that no teenager who is 'into computers' is bored.... There's just mind-boggling numbers of things to do with computers, as most of the slashdot readers know.

New Acronym... (1)

Noryungi (70322) | more than 14 years ago | (#1634640)

YADDA

Or : Yet Another Disgustingly lame Dvorak Article.

Mr Dvorak, please don't put your nice little Windoze machine on *any kind* of permanent 'net connection (cable, ADSL or other) -- or you will get it hammered by every single script kiddie out there . Use a *real* operating system if you want to keep it uncracked. Oh, and, please, please, please avoid pointless exercices in intellectual masturbation, such as "I feel like a huge crackdown is coming for those no-good kids! And about time, too!". You either have some sort of *fact* or insider info or you don't. In your case, you don't: yadda, yadda, yadda.

I am not even going to comment on the "cracker vs hacker" debate. This guy is pathetic and clueless beyond belief. Commercial firewall? Yeah, sure.


AntiOnline just recommended BlackICE... (0)

Anonymous Coward | more than 14 years ago | (#1634641)

JP of AntiOnline was recommending BlackICE just a couple weeks ago. Coincidence? No, I think it's evidence that Dvorak reads AntiOnline...and trusts JP. Idiot. That gives him ZERO credibility right there. We all know what scum AntiOnline really is...

~~~~~~~~~~
How do you titillate an Ocelot? Oscillate her titalot.

Re:what not to do (1)

Logan (7529) | more than 14 years ago | (#1634642)

Isn't it a bit elitist to rag on someone for elitism? Oops, I must be an elitist now.

logan

Re:Dvorak's use of the term 'hackers' (1)

gabrieltss (64078) | more than 14 years ago | (#1634643)

>Years of the media using hackers as a synonym for >"someone who cracks systems" has made it an >acceptable use. Stop fighting it and deal.

And this makes it right?
By your words then we as Linux users should stop fighting M$ and bow down to the masters. Hogwash!

Dvorak may have been around the industry but he konws dick about it. His articles prove that!
He is just another mindless fool.

You might try reading Steven Levy's book, you might othen get a feel for the REAL term "Hacker".
I consider myself a hacker of the old school and have no problems admitting it, even in the business world. In fact my employer liked the idea of having a "hacker" around to solve the problems their normal IT staff couldn't handel.

Dvorak discovers Firewalls. Film at 11. (3)

jht (5006) | more than 14 years ago | (#1634644)

Tune into next week's episode, where the fearless Dvorak discovers the woes of Windows 95 file sharing!

Seriously, people should assume that port scans are headed their way on a regular basis - and anyone who doesn't at least have a NAT router (I know NAT isn't a real firewall, but it'll beat 99.9% or the script kiddies out there) between themselves and the Internet should go out and get _some_ kind of firewall - the cable and DSL providers should be recommending these to all their customers, or at least implementing basic firewalls within the cable/DSL modems. At this point, everyone should implement some form of packet filtering - there's just too many script kiddies out there to assume any trust at all.

Sucks, don't it?

- -Josh Turiel

Is BlackICE good or not? (1)

Anonymous Coward | more than 14 years ago | (#1634645)

This is at least the second recommendation I've read for this product. Is any slashdotter using it and do they recommend it? Is BlackICE available for Linux? I'm looking for a product like this that's affordable (i.e., cheap or free) for both Windows and Linux. At $39.95 BlackICE seems like a good deal. (I want an all-in-one firewall product for Linux.) Please comment.

Re:Dvorak's use of the term 'hackers' (1)

quonsar (61695) | more than 14 years ago | (#1634646)

Guess what, guys: dictionaries (and Jargon Files) don't define language. Usage does. Years of the media using hackers as a synonym for "someone who cracks systems" has made it an acceptable use. Stop fighting it and deal.

NO!!!!!!

Will years of M$ using 'innovation' to describe its business practices make this acceptable:

"You hit the guy with the baseball bat, and I'll innovate his wallet."

All humor aside, we are in the midst of an Orwellian nightmare. The clueless media feeds mountains of mis/disinformation to the even more clueless masses. Never before in the history of this country has there been such an overwhelmingly sheeplike public. People rarely read. When they read, they do not comprehend. A generation raised on television and RPG's and techno-fairytales cannot distinguish between the real world and the one they desperately wish they lived in.

Do NOT stop fighting against Orwellian revisionism. Do NOT surrender to the lowest common denominator. 50 million people CAN be wrong. Hell, how many million people think AOL is the internet?

If we allow an ignorant unthinking mob to define the language for us, how far are we from allowing them to 'innovate' our very freedom of expression right out from under us?

Bite My Ziff, Davis!

======
"Cyberspace scared me so bad I downloaded in my pants." --- Buddy Jellison

Re:Repression is escalation (1)

mulan (84969) | more than 14 years ago | (#1634647)

I'd prefer to see hacking winked at, but actual damage responded to in a proportionate matter.

I have a close contact in the Computer Crimes division in the Atlanta, GA FBI office. She has explained to me that the FBI (at least the GA office) has been focusing a considerable amount of attention on the small-time hackers. The script kiddies.

Unfortunately, the FBI is unwilling to assist in a reported incident unless they "hacker" (and I use that term loosely) damaged a system/network or stole confidential information.

It's a step.

Re:Oh no (1)

Stavr0 (35032) | more than 14 years ago | (#1634648)

Uh oh,
CmdrTaco used the word "columnist" in the context of "Dvorak"
---

Re:AntiOnline... go back to your basement kiddie (0)

grumpy_geek (97488) | more than 14 years ago | (#1634649)

*Thwack*

Kiddie go home, I bet JP recommends OpenBSD over Windows, and I guess that's a bad choice too.

BlackICE has been around for quite some time, CNN, Wired, NWFusion, etc. have all done reviews on them (I've never even touched the product myself). I guess all the companies who ever did a review on BlackICE are all scum too now, and I guess that JP has just also been named ruler of the world; my god everyone but me is under the thumb of JP... You consipiracy junkies need to really get a clue (life).

Note: I personally think someone needs to shut JP up, but I think conspiracy freaks like your are an even worse ilk (you look like an idiot, and JP looks like a martyr).

Moderators: You may now mark this and the original message as flamebait.

Re:Reverse DoS -- still not getting it (2)

JoeShmoe (90109) | more than 14 years ago | (#1634650)

Get IPs out of the argument. We all know how easy it is to spoof IP information. The issue here is the physical connection.

If attacker formats packets to spoof the source as IP 1.2.3.4 then it still has to come from somewhere. IF it comes from another router, then the first router is simply ignoring packets with IP 1.2.3.4 from that router. It has no effect on the data flowing from the REAL 1.2.3.4 many many hops away.

So if you wanted to truly reverse DoS 1.2.3.4 then you would either have to A) spoof the attack to a huge number of routers that you know 1.2.3.4 connects through...in which case your attack has been diluted and unlikely to truly work or B) attack the one or two routers that serve as 1.2.3.4's entry point...which is basically the very kind of DoS attack the routers are now trained to block.

At some point...it all tracks back to a unique MAC address so there is at least ONE router in the whole world that can stop an abusive stream at the source...witout even looking at IP information at all.

And again...in case I haven't made it clear...

YES the extra thinking will slow down the routing of packets but DoS attacks are already slowing down that same routing of packets. If you spend a couple extra milisecond of thinking to decide to exclude DoS information that can last minutes or even hours there is going to be an increase.

Script kiddies love to attack EFNet servers to split them off the network and gain ops in a popular channel. So IRC server started using a policy where no ops are giving during a split. Thus, they are no longer a target because there is no reason to attack those servers and quality of service increases.

Likewise, if script kiddies find that a certain route point drops their ping flood, they have to find another route until eventually no routers will carry that traffic at all.

- JoeShmoe

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-

Re:Is BlackICE good or not? - duh - IPCHAINS (1)

cthonious (5222) | more than 14 years ago | (#1634651)

use ipchains to set up a simple masquerading firewall. It needn't have a ton of complex rules (but that's OK if you want).

Then you can use another tool like portsentry which detects portscans, and can be set up to use ipchains rules to automatically drop packets of anyone portscanning you (including your ISP :). Nice program. Another program, logcheck, will scan you rlogs and report (email) all suspicious activity. Look for them on freshmeat.

Then secure your box by removing all services except ssh.

It isn't too hard.

Confession of an ex-scriptkiddie (1)

Cid Highwind (9258) | more than 14 years ago | (#1634652)

>What punishment would be appropriate for these
>"kids" who get their hands on some programs and >start mesing around? How far is too far?

Speakin for myself, all it takes was a polite phonecall from a sysadmin who's box you've just attempted to crack. I haven't "attacked" any systems (well, except helping check some security things on my roommate's box) since then. For the young or stupid, a good scare will set them on the right side of the law. Fear can be a good weapon against the script-kiddie, especially if you catch 'em small, and scare the hell out of them by mentioning the FBI.

So, you want to be a real hacker? (2)

Robert Link (42853) | more than 14 years ago | (#1634653)

I have to say that I'm less than impressed with the "bored teenager" excuse that seems to crop up whenever cracking is mentioned. There are plenty of interesting problems you can work on.


Take a classic board game and write your own computer version of it. Program "perfect" play for the computer player. Write a program to "solve" checkers through brute force. Write a fractal viewer with a cool zoom-in feature. Write a dense linear algebra package. Write a sparse linear algebra package. Get the edition of Numerical Recipes without the code and implement all the algorithms therein. Get the NR code and time test your implementations against theirs. Beat the times of the NR algorithms.


Still bored? Write a fluid dynamics code. Add viscosity. Add MHD. Add self-gravity. Add adaptive grids.


Download all the cracking scripts and figure out how and why they work. Fix the holes they exploit. Find a missing feature in Linux that really annoys you and add it. If you are at a loss I have a couple of suggestions.


Download the Infocom engine and write your own adventure. Write your own MUD or chat program.


That's just off the top of my head, but I think you get the idea. Any teen who is so "bored" with computers that he can think of nothing better to do than to break into other people's machines and cause trouble is either pathetically uncreative or just plain ornery. Which one are you?


(Sigh. Not even 30 and already an "old fart". That's got to be some kind of record.)
-r

Wow (2)

coyote-san (38515) | more than 14 years ago | (#1634654)

Wow. You rarely see anyone invite slander and defamation suits from tens of thousands of people at one time.

But what I find *really* interesting is his "Cause" . What "Cause" is this, exactly?

Prosecuting people for lawful assembly?

Prosecuting people for encouraging meaningful and fair competition in a major economic sector?

Prosecuting people for daring to say that the Emperor has no clothes?

Mr/Ms Sessions, if that's your name, exactly what crime is it you're alleging me of committing by frequenting SlashDot and the development mailing lists? My lawyer *really* wants to know....

Re:Do _YOU_ have a clue ? (1)

AdamT (7312) | more than 14 years ago | (#1634655)

"Just because you spoof an ip for the return ping to go doesnt mean that he cant find out where the actual 'inducement' ping really came from."
Actually that is exactly what it means. There is very little information in an ICMP ping. There the IP header which basically conists of the target address (a broadcast address for smurf) and the source address (spoofed) and a flag to say "this packet is an icmp message" and some bits and pieces like TTL and TOS. That's the IP header - wrapped up in that is the ICMP header. It just contains flags to say "I am a Ping message" and a check sum and a few more mechanical bits and peices. Inside the ICMP header is the payload and it's arbitrary - anything we want just make it big so the target dies. (But not too big or else we'll get filtered out.) No where in there is there even the slightest trace of the true source of the packet. The only way to track down a smurf'er is by working your way backup the route and finding out at each step what the next hop is. This is a complicated process requiring the co-operation of many admins across many networks and ussually can only be done while the attack is
in progress. Some smurf attacks have been known to go on for hours and hours so this can happen - but as I am sure you can imagine, not very often. This is the main reason why smurfing remains such a popular peice of mischief amongst the script kiddes and such a pain for the rest of us - even though it's been public for over 2 years. (Thankfully not too many exploits survive that long in the wild.) The best chance for catching someone doing this is for their ISP to notice the packet as it goes out. But - if the ISP had a clue in they wouldn't be routing packets with a non-local source address out onto the internet in the first place.

Dvorak is on crack. (1)

cananian (73735) | more than 14 years ago | (#1634656)

It's as simple as that. He really has very little clue what he's talking about, and apparently (from his proto-fascist suggestions) has lived in America too long with memory too short to remember what evils governments can get into if you let them.

I find his suggestions deeply disturbing. Am I naive to hope that policy makers are better informed than he?

Eliminating SMURF and similar DOS attacks (1)

Greyfox (87712) | more than 14 years ago | (#1634657)

Your ISP already has the capability of eliminating ICMP attacks where the originating address is spoofed. If your ISP would filter out any packets originating from inside their network with source addresses not in their address ranges, this problem would go away. If you E-Mail Cert with this idea, they'll tell you that they've been begging ISPs to do this for YEARS. Unfortunately, the people who run ISPs are such plonkers that they'll never get this, so the problem will remain. If you call up your ISP and try to talk to them about their router configuration, you can actually HEAR their eyes start to glaze over across the phone line. Give it a try, it's actually an interesting thing to hear.

More information on Sessions (1)

PD (9577) | more than 14 years ago | (#1634658)

D.C. Sessions is well known on the Usenet for a number of things, but I've dealt with him in two areas. He's not a total nutbag by any means, but he is extremely strident (a term applicable to myself as well!) in his views.

1) He's active in the area of spam control on the Usenet. In this regard, I agree with him because spammers are evil, and they have destroyed some of the usefulness of the Usenet. He goes way overboard in my opinion, because he's a monitor of what the *appropriate use* of the internet is. In other words, he's not just against spammers, he's against those who use the internet to further their political goals. And that's where I ran into him when I was arguing a particular topic.

2) And that topic was circumcision. There's a lot of people who are opposed to it, and they argue on the usenet about it. I think he'd just like to shut that idea down entirely, because, well, he's in favor of performing surgery on infants without a medical diagnosis. He doesn't see the usenet as a valid medium for radical political organization. No matter what a person thinks on an issue, I think the usenet is there for everyone to argue all day long if that's what they want to do, and to organize grassroots political support if they can.

no wonder why people try to hack his comp! (0)

Anonymous Coward | more than 14 years ago | (#1634659)

He wonders why people try to hack his network? Why doesn't he read /. posts about his articles?! That would tell him why! You don't go making an ass out of yourself at every turn, insulting every group you can without taking a beating. I can't wait till someone gets a cih on his machines that rips his BIOS to shreds. He deserves some humility. And to any Linux user who might support him, remember he proposed nationalizing the very organization most of us ***HATE***..... Microsoft. That's right check the online pc mag archives for feb 99!

Re:Dvorak's use of the term 'hackers' (0)

Anonymous Coward | more than 14 years ago | (#1634660)

While I know what you're saying, I have to disagree.

If a person who isn't in a field or a group misuses the words from that group, they only show that they don't know; they're square/clueless/ignorant.

If you talk to a doctor or nurse, you will hear terms used in unusual ways. Same if you go to a Jazz club and listen to the musicians between sets. Eskimos have dozens of words for snow. Do any of these words need to be dropped by those groups because you don't use them the same way? These words work perfectly well when you're not around because you aren't around much. If you were, you might choose to use what they use. After all, it is about usage.

As an atheist, I am very aware what most people think atheists are. To them, atheist = "person who hates god" or "bigoted person who doesn't want others to practice thier religion". While, to me, atheist = "not taking the actual existance of any gods seriously". The two sets of definitions aren't similar, and don't imply each other...

...and yet, if I mention that I'm not at all religious some people may be puzzled but most don't care. If I use atheist instead, I've usually got some explaining to do...even though I've said largely the same thing. I'm rarely in a position to mention this, and don't go out of my way to make a point of it.

Hacker vs. cracker fits in the same mold. Sure, you can be a hacker and a cracker, but one rarely is the other.

Having said all that, if you do have an alternate word to use that works as well as hacker, let me know. I don't think it would take too long before that is misunderstood, but I'd like to see what people come up with.

Personally, I'm quite happy with the labels "hacker" and "geek"; my peers know what I mean...even the religious ones.

Re:Clueless. (0)

Anonymous Coward | more than 14 years ago | (#1634661)

Excuse me, but I am genuinely curious. If I have a recent Linux or FreeBSD running as a client (i.e no ports open) or with all non-local connections refused, how is anyone short of the truly 3l33t even going to have a look in? This is before I even consider firewalling.

Servers are always vunerable but a client configuration with nothing stupid installed? Just wondering.

This is not a flame.... this is a flame "WWWWWOOOOOSSSSSSHHHHHH".

Re:Play on Words? (1)

joe_luser (12664) | more than 14 years ago | (#1634662)

Maybe our friend Mr. Sessions is playing on the whole hacker/cracker confusion. There are a lot of
hacker types on /. and OS mailing lists after all.
--joe

"I have done nearly everything at one time or another."
--My Manager

mmm, crackers (1)

heh2k (84254) | more than 14 years ago | (#1634663)

chesse crackers are ok, but i prefer peanut butter. wow, dvorak really is a big man to take on the cracker industry. i mean, they must be huge; just think of how many crackers are sold in one day, alone! you go boy!

How Dvorak and ZDNet's business works (2)

Mononoke (88668) | more than 14 years ago | (#1634664)

Here's the meaning of life, from the Dvorak/ZDNet perspective:

  • Dvorak writes an inflamatory article (aka: Troll).
  • The link to the article spreads amongst the target community (ie: Unix/MacOS/BeOS users, hackers, people of intelligence.)
  • Everyone in the targeted audience clicks on the link to the article, sometimes more than once.
  • ZDNet counts every time Dvorak's page is served.
  • ZDNet sends a bill to the owners of the ad banners on Dvorak's page.
  • ZDNet and Dvorak are swimming in money.
  • Dvorak decides he needs a new car, and composes his next inflamatory article.

Thus the circle is complete again. And ZDNet is a bit more richer.

Why else would Dvorak have a job?


--

Re:So, you want to be a real hacker? (1)

SnowZero (92219) | more than 14 years ago | (#1634665)

Take a classic board game and write your own computer version of it. Program "perfect" play for the computer player. Write a program to "solve" checkers through brute force. Write a fractal viewer with a cool zoom-in feature. Write a dense linear algebra package. Write a sparse linear algebra package. Get the edition of Numerical Recipes without the code and implement all the algorithms therein. Get the NR code and time test your implementations against theirs. Beat the times of the NR algorithms.

If you knew about game theory, NR, and linear algebra you must have had a pretty nice high school, and most likely it wasn't a standard public one. I was lucky to have an AP CS class at mine.

I think the point is that a lot of kids don't know what cool stuff is out there, like free development tools, Linux, and the like. That is changing, but much too slowly. We have to be a bit more active than osmisis...

An ex-bored teenager...

Re:kiddies hacking your PC (2)

Arandir (19206) | more than 14 years ago | (#1634666)

BTrees are not limited to Linux. I learned about them in CS 102, before Linux, GNU, or Windows even existed (we used BSD). There is nothing new in Linux programming (hate to burst anyone's bubbles). It's all been around for decades just waiting for a new generation to rediscover or reinvent them. Don't limit high school or university learning to Linux. Generalize it to "unix" or even more generalized to "computer science", and you'll have students that know how to think and reason in ANY operating system or programming language. Generalized knowledge will last a lifetime, but specific knowledge will only last a few years. I learned how to program in C++ not because I took a C++ class, but because I had classes in programming concepts. The only difficulty I had with it was due to bad habits learned in specific languages.

p.s. Is "teengnu" more like the Young Pioneers or the Campus Crusade?

Re:mmm, crackers (0)

Anonymous Coward | more than 14 years ago | (#1634667)

Dvorak could easily take down a few dozen boxes of crackers. Anyone who reccomends a $40 commercial product for packet filtering when there are 24824829 different free ones is insane, or being paid off. $$$ is what its all about.

arrogant sob (1)

Anonymous Coward | more than 14 years ago | (#1634668)

The guy expects the sysadmins for @home read his column? Hello John:

abuse@home.com

I've dealt with them before. They seemed competant enough.

Re:How Dvorak and ZDNet's business works (1)

deathcubek (11766) | more than 14 years ago | (#1634669)

That sure beats selling all those keyboards, doesn't it. :)
--
"New worlds are not born in the vacuum of abstract ideas, but in the fight for daily bread..."

I've used it and it's not yet available for Linux (2)

Pasty Drone (8425) | more than 14 years ago | (#1634670)

Says HERE [networkice.com]
BlackICE was designed for multiple platforms, but currently does not run on Linux. However, it detects many attacks directed against Linux machines, such as the rpc.mountd overflow.
DETAILS We plan to support UNIX platforms, especially Linux, in the future. This page will be updated in the future as we get more information.


I installed it on a Windoze and found it useful. I watched it detect a NetBus probe-- the icon flashes and you are given the date, time, info, and IP address. When you select the attack for more info it brings up a web page telling you what the attack is, how common it is, not to panic, what you can do about it, including a submit-the-IP address option that tells you to what ISP the attacker's IP (theoretically) belongs to. The info was easy-to-understand and direct so that non-techies won't panic if they read it-- and that's obviously who the product is geared towards.

Overall, it has an intuitive GUI, logical tracking methodology, and is a thorough product.

Good for them (although I concurr that they REALLY should remove an enorsement from JP)...

Re:So, you want to be a real hacker? (1)

GRH (16141) | more than 14 years ago | (#1634671)

The suggestion to write a fractal viewer struck a chord with me.

As a teenager (10 years ago), I can remember first reading about the Mandelbrot Set in Scientific American. They gave the formula by which it was created, but no actual code to do it yourself.

Some number of hours later, I had a QB program (ya, I know, I didn't have a DOS C compiler yet) that could generate a fractal. Then I had to create a viewer to see it. After about 3 hours of crunching (I went to see a movie) on my poor 386-20, I was amazed to be looking at the Mandelbrot set.

I agree that boredom is one damn poor excuse to start cracking. Many more will be impressed by a hacking effort than a cracking effort.

GRH

Terminology (1)

Chris Pimlott (16212) | more than 14 years ago | (#1634672)

He's right, that would be an excellent way to round up alot of the world's hackers.

It'd be a different manner if you wanted to round up the malicious crackers who attack sites though...

Forgive me Father, for I have sinned . . . (1)

Darth Hubris (26923) | more than 14 years ago | (#1634673)

Dvorak gazed across the packed-dirt parking lot at the baleful faces near the rusting International Pickup truck. The air was not so much warm as stagnant in the Kentucky autumn day. The three soy farmers stepped toward the battle-ready figure before them. Cletis glanced at Garth and Ezekiel and then at Dvorak.

His jacket had been thrown off at the first exchange of words with the three stern men. Dvorak had rolled up his sleeves and was tightly gripping the Cross sterling-silver pen from the inside lapel pocket of his cast-away jacket.

Cletis spoke in a steady, slow, but menacing drawl, "What was that y'all said about my mother and my Apache Server?"

That was an excerpt from my new novel "Dvorak Takes on the Crackers". What do you think?

I disagree (1)

Neuronix (86458) | more than 14 years ago | (#1634674)

I disagree with Dvorak on many issues.

> It's a mess, and no operating system is immune.

Exactly. Which means BUILD A BETTER OPERATING SYSTEM. Linux and other freely available OSes are immune to many, if not all, of the attacks with proper setup and filtering.

These journalists should stop touting NT as the holy grail of server OSes when it has gaping security and DOS problems.

I suppose I'm getting into the holy war regarding who gets blamed, the software companies or the people that exploit them. My opinion is that the blame should go on the software companies and implementers.

> This is where teenagers go to grab a quick
> attack package to harass people who won't date
> them.

Puh-lease, that's so stereotypical. If there's any reason you're going to get targeted for an attack, it will be because you're making inflammitory statements such as that one.

> Making an example out of a few punks can have
> two effects: It can cut down on the number of
> casual attacks, but it may also improve the
> hiding skills of more serious hackers.

I disagree. If you start going after script kiddies on the Internet you're going to not only seriously piss them off, but the younger generation of script kiddies, and the more serious and skilled crackers.

If anything, that methodology is going to provoke more hacking similiar to how the drug war actually increases drug usage.

> And if law enforcement doesn't step in to stop
> the little guys, there are two results as well:
> One is the capture of hackers, of course, but
> the other is the encouragement of sites such as
> CyberArmy and WarForge to flourish and to make
> low-end hacking seem like an acceptable hobby.
> It's obvious that the second, lax approach, is
> in effect today.

I have trouble comprehending his point here. If law enforcement steps in to stop the little guys I seriously doubt sites like "CyberArmy" and "WarForge" are going to change their views and stop posting these kinds of materials.

What then? Censor this kind of information? Make the manufacturing and distribution of exploits illegal?

> They key to stopping all this hacking is a
> massive worldwide sting.

Not only could you not catch every cracker/script kiddie in a massive worldwide sting, but it would cost billions of dollars in manpower and technology to operate a high-tech sting of this magnitude. Furthermore (like I said above), this is just going to aggrivate all the crackers who don't go to jail (majority of the juvinilles and all the ones not convicted due to the inevitable lack of evidence).

> The guys who were recently busted for trying to
> run off with 13-year-olds were caught by agents
> posing as teenage girls in a chat room.

This is a different kind of crime though. Trying to meet up with 13-year-olds for molestation/kidnapping is dissimiliar to cracking/DOS attacking. While they both take place online, one involves a hard physical subject (a person, kiddie porn), while cracking/DOSing involves breaking or entering a VIRTUAL environment.

I'm not sure how to really drive home my point that they are very different crimes, but I think anyone who is in the "technological know" can see my point here.

> you can be certain that low-end hackers will
> start to be rounded up.

I doubt it. Good luck if you do FBI! The only thing that has really been like this is the raid on gH, but I bet most (if not all) of them will get off or just recieve very light sentences so they can go do some more damage.

It would be a waste of time to sit in IRC channels and try to bust entire groups for cracking/DOSing sites, and I think the feds know that.

The only time the feds get involved nowadays is if something major goes down, like the White House, the Army, or a coproration with enough money and will-power to prosecute...

> I'm sure their parents won't appreciate the
> legal bills. Maybe that will put a stop to it
> once and for all.

Again, an inflammatory and stereotypical statement. This is not like the 50s or 60s when parents had control over their children through beatings and derogation of self-esteem (yes this is inflammatory too, but it's how my parents explain it to me). Our current generation of kids (and I know because I'm not that old myself) are basically uncontrollable. Those of us who grew up with this technology KNOW there's a world out there that they can influence in one way or another. They can't be censored or "told" what to do other than to be reasoned with (or brainwashed :). My parents couldn't tell me what to do, and neither can anyone else's.

What do you do? Take away their computer? Kid will just go over to someone else's house, cafe, or computer lab and have fun.

Lock em inside? Ground them? Yeah right. The second you turn your back on that teen he's gonna be out going somewhere and being a teen. Even if you are successful, maybe the kid will just turn his attention to phone phreaking.

So my point? Patch the OSes, filter the offending packets, fix the protocols. Make Microsoft, Sun, & Cisco spend a couple billion to address these issues instead of making tax payers spend a couple billion to fight a losing cause.

Re:Reverse DoS -- still not getting it (1)

J4 (449) | more than 14 years ago | (#1634675)


Get IPs out of the argument. We all know how
easy it is to spoof IP information. The issue here
is the physical connection.
......At some point...it all tracks back to a unique MAC address....


The only router thats going to be dealing with a MAC address relevant to the source of said spoofed packets is going to be the connection from the sources ISP to the upstream provider. If this router is configured to drop outgoing packets with external source addresses it takes care of spoofing.

Consider the following:
(I'll use private IP's for demonstration purposes.
Assume for the sake of argument they are registered #'s)

Evile.net uses class C addresses on their internal system,
lets say 192.168.1.0 for customers and 192.168.100.0 for their internal backbone

User 31337GoD@Evile.net decides to launch a smurf attack using /. as the source IP
The header of said packet says it originates @ 209.207.224.40
When the packet hits Evile.nets gateway to the rest of the world, the gateway, if its configured as a packet filter that checks for IP spoofing, will see an external IP addy on an _internal_ interface and drop said packet instead of pass it out of the world interface.

So if you wanted to truly reverse DoS 1.2.3.4 then you would either have to A) spoof the attack to a huge number of routers that you know 1.2.3.4 connects through...
Or use a source routed packet, of course you'd want to pick a route composed of improperly configured routers, but if you know what you're doing you would have a list of malconfigured routers.

Anyway the point being that if the present technology was used to its best potential the 'net would be a much better place.

Re:Why can't Cisco et. al. (1)

J4 (449) | more than 14 years ago | (#1634676)

Its a matter of latency, not throughput. More bandwidth doesn't compensate for processing time.

I feel I know you somehow...

Re:Why can't Cisco et. al. (1)

BeBoxer (14448) | more than 14 years ago | (#1634677)

There are many problems with this approach. But, the most important one is that it's trivial for DoS attacks to get around. Suppose that everyone spends big bucks to upgrade their routers to the new, fancy, packet-checking versions. Now, all of the old flood-ping DoS programs stop working. Great. Everything is wonderful. Except, the crackers add a single line of code to the DoS programs which tweaks each packet so that they are all different. All of that work that was invested in the new routers is now completely wasted. The winner: Cisco. The Losers: everybody else.

FBI sting unlikely (1)

Militant Apathy (99335) | more than 14 years ago | (#1634678)

I doubt very much that there is any kind of massive sting afoot, either
internationally or in the US. The FBI has no brief to investigate the
normal activities of script kiddies. It turns out that there is no
Federal law forbidding one from gaining unauthorized access to an
Internet host - all such laws in the US are *State* laws, which means
the FBI doesn't investigate violations.

The US Code only prohibits breaking in to so-called "protected
computers" (USC Title 18, Part I, Chapter 47, Section 1030), defined as
follows:

(2) the term ''protected computer'' means a computer -
(A) exclusively for the use of a financial institution or the
United States Government, or, in the case of a computer not
exclusively for such use, used by or for a financial
institution or the United States Government and the conduct
constituting the offense affects that use by or for the
financial institution or the Government; or
(B) which is used in interstate or foreign commerce or
communication;

(source: http://www4.law.cornell.edu/uscode/18/1030.html)

Clearly, this does not cover most of the activities of script kiddies
and other such pests, most of whom attack "unprotected" computers
(universities, ISPs, corporate web sites, non-US hosts, etc.). This
isn't that much of a surprise, I guess --- the FBI doesn't investigate
breaking-and-entering cases either, unless the burglars attack Federal
property.

I suppose that State District Attorneys could be getting together to
gang up on them, though. Short of Congress changing the law, I guess
that's the best we can hope for.

Crackers? (0)

Anonymous Coward | more than 14 years ago | (#1634679)

What's he got against us white people?

OT:More information on Sessions (0)

Anonymous Coward | more than 14 years ago | (#1634680)

PD wrote:
D.C. Sessions is well known on the Usenet for a number of things, but I've dealt with him in two areas. He's not a total nutbag by any means, but he is extremely strident (a term applicable to myself as well!) in his views.

Oh dear. "He" was aiming for a rather different tone than "strident." Gonna have to work on that.

1) He's active in the area of spam control on the Usenet. In this regard, I agree with him because spammers are evil, and they have destroyed some of the usefulness of the Usenet.

True, true.

He goes way overboard in my opinion, because he's a monitor of what the *appropriate use* of the internet is. In other words, he's not just against spammers, he's against those who use the internet to further their political goals. And that's where I ran into him when I was arguing a particular topic.

2) And that topic was circumcision.


You forgot vaccination, another area where the going gets wacky.

There's a lot of people who are opposed to it, and they argue on the usenet about it. I think he'd just like to shut that idea down entirely, because, well, he's in favor of performing surgery on infants without a medical diagnosis.

It might be interesting to try to find an example of "him" arguing in favor of circumcision -- in any case you appear to be drawing rather sweeping conclusions from rather meager data.

He doesn't see the usenet as a valid medium for radical political organization.

And here I never knew that. The things you learn on /.

No matter what a person thinks on an issue, I think the usenet is there for everyone to argue all day long if that's what they want to do, and to organize grassroots political support if they can.

There's a difference between censorship and pointing out nonsense. In other words, your right to speak freely does not include a right to speak unopposed.

DCS does not suffer fools gladly, and has been known to get sarcastic at times, as in the matter of taking a certain Ziff-Davis writer literally on the misuse of "hackers" in place of "crackers."

D. C. Sessions
San Jose (by way of Tempe)

This is not a victimless crime. Hang'em high! (1)

Gorimek (61128) | more than 14 years ago | (#1634681)

This situation isn't much different from drugs, as long as people want to do them, a way will be found. All law enforcement can do is arrest the least talented and make the rest more cautious and better armed.

The difference from the drug situation is that these are not victimless crimes. As with any crime, some people will keep doing it despite efforts to stop it, but that is no reason to not go after the bastards.

I'd prefer to see hacking winked at, but actual damage responded to in a proportionate matter.

Just tampering with my computer is bad enough. There need not be any additional damage for it to be criminal than snooping through my files, or downgrading my internet connection. Stay off my stuff!

Re:Reverse DoS (1)

Raven667 (14867) | more than 14 years ago | (#1634682)

Remember he is talking about doing this at the ISPs _outgoing_ router. It would only effect the people on the ISPs subnet. He would like the to filter outgoing packets with some heuristics to determine if they are trying something they shouldn't be. And if you have some real need to portscan *.ru you can always call your pipe provider and ask them to make a special exception to the router rules for you.

Re:Hmmm... grab all Slashdot participants? (0)

Anonymous Coward | more than 14 years ago | (#1634683)

Sheesh. Try to be just a little more subtle than screaming "hackers aren't crackers" and everyone goes ballistic.

If the thinly-veiled reference to MICROS~1 paying to have the competition rounded up wasn't enough maybe I should have tossed in something about rounding up ESR and Linus in the night.

D. C. Sessions
San Jose (by way of Tempe)

Re:Dvorak's use of the term 'hackers' (1)

The Welcome Rain (31576) | more than 14 years ago | (#1634684)

Guess what, guys: dictionaries (and Jargon Files) don't define language. Usage does.

This is mostly false. No matter how many jagoffs commit a solecism, it's still recognized as a solecism by people who actually know something about the language.

I just wanted to post before someone else bitched about it.

This isn't substantially different from a "First Post!" type of ambition.

--

Re:Does he have a clue!? (1)

delmoi (26744) | more than 14 years ago | (#1634685)

Why publications let articles in, writen by people that have NO CLUE what they are talking about!?

Probably beacuse his editors don't have a clue ether. He probably knows more then the people he's for. It's sad but true, One of the things that bugs me more then anything else is when people act like they understand somthing when they really don't. I always to point out things I'm not sure about when I write (though, I'm sure I miss somethings)
"Subtle mind control? Why do all these HTML buttons say 'Submit' ?"

Re:OT:More information on Sessions (1)

PD (9577) | more than 14 years ago | (#1634686)

>Oh dear. "He" was aiming for a rather different
>tone than "strident." Gonna have to work on
>that.

Crap! Did I miss something? I think I did indeed miss the sarchasm. Well, it *has* been a long time since we've knocked heads.

>It might be interesting to try to find an
>example of "him" arguing in favor of
>circumcision -- in any case you appear to be
>drawing rather sweeping conclusions from rather
>meager data.

Well this is entirely off topic for this forum, so this will drop.

>>He doesn't see the usenet as a valid medium for
>>radical political organization.

>And here I never knew that. The things you learn
>on /.

A couple of times you were ranting about how all the wackos discussing various topics were sending us all to Usenet hell, figuratively speaking of course. It's not your *primary* complaint by any means. The way I see it, as long as it's on topic for the group, even sort of marginally, then no problem. My memory may be bad, but I recall a lot of complaining about the tactics of a particular side in the very heated debate. I figure that as long as it's not spam, why worry? Smart people can sort that stuff out themselves.

>DCS does not suffer fools gladly, and has been

And that's why I included the phrase "not a nutbag by any means." It's an acknowlegement of that.

Mostly I was responding to the other guy who doubted your existence. Since I have some evidence, I thought I'd contribute it. I think I was nice to you though. Check out my flamage of Brett Glass a couple days ago for my mean side.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>