21.4 CounteroffensesYou now examine certain other counteroffenses that are rumored to have been used. I have not used these methods and I do not advocate them. I merely report them for completeness in this book, much as a newspaper article may report how a terrorist constructed his bomb. 21.4.1 Legal IssuesSome of these techniques might be illegal and, again, I do not advocate them. If you use them, I do not want to know about it because I would feel obligated under the law to report any knowledge of possibly illegal activities. If you choose to do this anyway, you will want to be absolutely sure that the person "owning" the account that the attacks appear to have originated from actually initiated the attacks. Competent crackers rarely use their own accounts. It is much safer to compromise another system and use that system to launch attacks on third parties such as your system. There may be a long list of compromised systems and it might be very hard to know which one is the real cracker. It also is easy, particularly using the UDP protocol, to use a fake source address to make the attack appear to have come from a system that was not involved at all.
21.4.2 Massive SpammingMassive spamming of an offensive person is quite common on the Internet. Frequently, in the Usenet News groups someone who is rude or insulting will get dozens of e-mails telling her off. Some people might use a shell script to generate a large amount of e-mail that would take a long time for the offensive person to download from her POP server. Many POP clients insist on downloading all e-mail, in order, before deleting any of it. For example, EarthLink will terminate someone's PPP connection after 12 hours. A typical dial-up connection is 28kbps. There are 10 bits/byte for serial data computations, yielding 2800 bytes per second times 3600 seconds/hour times 12. This totals 118MB. Thus, if you could dump that much spam into an EarthLink customer's mailbox, he will not be able to download and delete it from the server before his connection gets dropped. His only alternative will be to contact the ISP and have them delete *all* of his e-mail. (I have modified my popclient to download a user-specifiable number of messages and then delete these from the server. I invoke it in a loop from my mail watching program so I would not have this problem.) The script below could be used for that attack. It is assumed that the contents of your e-mail are in the file foo. You could have the script sleep for 10 seconds or a minute between messages to mix in the spam with any legitimate e-mail he might get, causing it to be deleted by the ISP in "The Great Cleanup." #!/bin/csh -f set i=0 loop: Mail cracker12345@aol.com < foo @ i++ echo $i if ( $i >= 1000000 ) exit goto loop Certainly, this would get traced back to the sender's account. Many crackers have used AOL "throwaway" accounts for this purpose. Certainly, purloined accounts at universities are common. In the "old days" you simply used rmail instead of Mail and put fake headers in that showed a fake chain of systems that the e-mail claimed to have passed through. Similar to this, everyone's favorite was the fake News posting from the infamous kremvax.com supposedly from the Soviet leader. Nowadays with most systems carefully logging all traffic, this ruse will not work.
21.4.3 The Ping of DeathIn 1997, when most people first heard about the Ping of Death, almost all computers and other devices supporting the IP protocol were susceptible to it and would crash. It is likely that the crackers deserving of countermeasures have up-to-date software that would withstand the Ping of Death but it certainly might have unpleasant consequences.
21.4.4 Hostile Java AppletsIt is rumored that some large entities will leave malicious Java Applets on their Web pages that will recognize when they are invoked by a cracker's system and will proceed to reformat the disk on the cracker's system or take some other equally severe action.
It should be possible for a Java programmer to create such an Applet that recognizes a cracker by his IP or his intrusion techniques. Certainly, the techniques discussed earlier in this book allow the automatic recognition of an intrusion attempt but, again, neither the author nor the publisher advocates illegal activity. 21.4.5 Black Bag JobsIt is rumored that some entities simply will send someone to the cracker's home and remove his equipment or destroy it. Some might leave a note saying why this was done, perhaps saying, "See how it feels to be violated?" It occurs to me that his much loved Tesla Coil could be used to zap the chips of any electronic circuit and leave no external evidence that could be distinguished from a severe case of static electricity. Naturally, like the original Watergate plumbers' operation, which caused the resignation of U.S. President Nixon, this operation would have rather severe risks. |
Top |