Section 21.4 Counteroffenses

   


21.4 Counteroffenses

You now examine certain other counteroffenses that are rumored to have been used. I have not used these methods and I do not advocate them. I merely report them for completeness in this book, much as a newspaper article may report how a terrorist constructed his bomb.

21.4.1 Legal Issues

Some of these techniques might be illegal and, again, I do not advocate them. If you use them, I do not want to know about it because I would feel obligated under the law to report any knowledge of possibly illegal activities. If you choose to do this anyway, you will want to be absolutely sure that the person "owning" the account that the attacks appear to have originated from actually initiated the attacks. Competent crackers rarely use their own accounts. It is much safer to compromise another system and use that system to launch attacks on third parties such as your system. There may be a long list of compromised systems and it might be very hard to know which one is the real cracker. It also is easy, particularly using the UDP protocol, to use a fake source address to make the attack appear to have come from a system that was not involved at all.

If you retaliate against a compromised system that was used to attack yours, you might be attacking an innocent party. In this case, you would be guilty of cracking. The authorities probably would not be very keen on forgetting about your actions.


21.4.2 Massive Spamming

Massive spamming of an offensive person is quite common on the Internet. Frequently, in the Usenet News groups someone who is rude or insulting will get dozens of e-mails telling her off. Some people might use a shell script to generate a large amount of e-mail that would take a long time for the offensive person to download from her POP server.

Many POP clients insist on downloading all e-mail, in order, before deleting any of it. For example, EarthLink will terminate someone's PPP connection after 12 hours. A typical dial-up connection is 28kbps. There are 10 bits/byte for serial data computations, yielding 2800 bytes per second times 3600 seconds/hour times 12. This totals 118MB.

Thus, if you could dump that much spam into an EarthLink customer's mailbox, he will not be able to download and delete it from the server before his connection gets dropped. His only alternative will be to contact the ISP and have them delete *all* of his e-mail. (I have modified my popclient to download a user-specifiable number of messages and then delete these from the server. I invoke it in a loop from my mail watching program so I would not have this problem.) The script below could be used for that attack.

It is assumed that the contents of your e-mail are in the file foo. You could have the script sleep for 10 seconds or a minute between messages to mix in the spam with any legitimate e-mail he might get, causing it to be deleted by the ISP in "The Great Cleanup."

 
 #!/bin/csh -f set i=0 loop:           Mail cracker12345@aol.com < foo           @ i++           echo $i           if ( $i >= 1000000 ) exit goto loop 

Certainly, this would get traced back to the sender's account. Many crackers have used AOL "throwaway" accounts for this purpose. Certainly, purloined accounts at universities are common. In the "old days" you simply used rmail instead of Mail and put fake headers in that showed a fake chain of systems that the e-mail claimed to have passed through. Similar to this, everyone's favorite was the fake News posting from the infamous kremvax.com supposedly from the Soviet leader. Nowadays with most systems carefully logging all traffic, this ruse will not work.

Again, talking about an attack technique is legal in the U.S.; actually doing it probably is not and certainly would be risking your account and job. (Remember that if any member of the Mission Impossible team got caught, the government would claim no knowledge or involvement.)


21.4.3 The Ping of Death

In 1997, when most people first heard about the Ping of Death, almost all computers and other devices supporting the IP protocol were susceptible to it and would crash. It is likely that the crackers deserving of countermeasures have up-to-date software that would withstand the Ping of Death but it certainly might have unpleasant consequences.

When the Ping of Death first became publicly known, despite Linux being "unsupported," it was the first platform in the world to have a fix for the Ping of Death, available on the Web for free download in an amazing four hours! It took days or weeks for the major UNIX vendors and other commercial outfits to make a fix available.

Many of Linux's critics (who have financial interests in Linux's inferior competitors) claim that companies should stay away from Linux because it is "unsupported." Nonsense!


21.4.4 Hostile Java Applets

It is rumored that some large entities will leave malicious Java Applets on their Web pages that will recognize when they are invoked by a cracker's system and will proceed to reformat the disk on the cracker's system or take some other equally severe action.

It has been documented that some in the U.S. military have used hostile Java Applets against U.S. civilians, though illegally and in violation of military policy. No doubt those individuals were severely disciplined, though it is very likely that the military has this capability to attack foreign countries in the event of war.


It should be possible for a Java programmer to create such an Applet that recognizes a cracker by his IP or his intrusion techniques. Certainly, the techniques discussed earlier in this book allow the automatic recognition of an intrusion attempt but, again, neither the author nor the publisher advocates illegal activity.

21.4.5 Black Bag Jobs

It is rumored that some entities simply will send someone to the cracker's home and remove his equipment or destroy it. Some might leave a note saying why this was done, perhaps saying, "See how it feels to be violated?" It occurs to me that his much loved Tesla Coil could be used to zap the chips of any electronic circuit and leave no external evidence that could be distinguished from a severe case of static electricity.

Naturally, like the original Watergate plumbers' operation, which caused the resignation of U.S. President Nixon, this operation would have rather severe risks.


   
Top


Real World Linux Security Prentice Hall Ptr Open Source Technology Series
Real World Linux Security Prentice Hall Ptr Open Source Technology Series
ISBN: N/A
EAN: N/A
Year: 2002
Pages: 260

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net