# Hacker Attack P2

Chia sẻ: Tran Thach | Ngày: | Loại File: PDF | Số trang:20

0
121
lượt xem
51

## Hacker Attack P2

Mô tả tài liệu

I Know Where You Live Another feature of a high-speed connection is that you never have to dial into the Internet. Your high-speed connection is always on, like TV. But here’s the rub: with an always-on connection, your virtual door is always open to the big, bad outside world. Broadband connections give you a permanent Internet (IP) address. The Internet address to your computer never changes. Stop and think of the implications: To a hacker, it’s the equivalent of I know where you live! When you use the old slow, modem dial-up Internet connection, a different IP address is dynamically assigned...

Chủ đề:

Bình luận(0)

Lưu

## Nội dung Text: Hacker Attack P2

2. 6 Chapter 1 • Danger on the Internet Free Long-Distance Phone Calls for Everyone! Here’s How… (continued ) into it (a cheapie from Radio Shack or CompUSA works just fine) and you can have long-distance phone conversations with a similarly equipped friend anywhere in the world. These calls cost nothing and you can talk as long as you want. I recently spent an hour talking with a friend in Athens, Greece. Imagine how much that would have cost via a traditional telephone. There can be a little echo, but ordinary phone calls aren’t exactly high fidelity either. NetMeeting is packaged with Internet Explorer 5, which in turn is pack- aged with Windows 98 and 2000. So to run NetMeeting, click your Start but- ton, then click Programs and scroll down until you see NetMeeting. (If you don’t see it there, look in Start ➢ Programs ➢ Accessories ➢ Internet Tools.) If you haven’t used it before, it will take you through the setup process. Once it’s installed, use it to make a call to your friend in Athens by choosing Call ➢ New Call from its menus. Type in your friend’s IP address, as shown in the following graphic:
3. Exploring the Three Windows Protocols 7 Free Long-Distance Phone Calls for Everyone! Here’s How… (continued ) You or your friend must find out your (or their) IP address, so it can be typed into NetMeeting and make the connection. To find out what your IP address is, first connect to the Internet using your browser or e-mail program. Once you’re connected, click Windows’s Start button, then choose Run, and type WINIPCFG. Click the OK button, and the Windows IP utility executes, as shown in the following graphic: Exploring the Three Windows Protocols Windows includes three primary protocols (sets of rules) that facilitate communication between computers. The three protocols are IPX/SPX, NetBEUI, and TCP/IP. IPX/SPX A set of two protocols that permit network interconnections for people who use Novell’s NetWare clients and servers. NetBEUI (NetBIOS Extended User Interface) An augmentation of NetBIOS, a utility that facilitates LAN communications. NetBEUI was originally created by IBM, but has since been embraced by Microsoft for use with NT and Windows 95/98. TCP/IP This familiar Internet standard can also be used in LANs and WANs, as well as the main communication over Internet connections. The TCP (Transmission
7. Knocking at Your Own Door 11 10 ports checked were acknowledged by my computer. In other words, it told strangers: yes, this port does exist on this machine at this IP address, though it’s currently closed. Crackers make lists of such ports and try, try again to gain entry. Ideally, all ports would be entirely invisible to outside probes: they wouldn’t even be able to detect the existence of any ports, much less whether any were open or closed. Fortunately, there are solutions to all these problems. The Best Solutions to Hacker Probing If, like me, you get disturbing results from the Shields Up! tests, you can read the various pages in Steve Gibson’s site that show you how to block probes, turn off ports, and other- wise solve problems. Another approach is to install the free, powerful, and excellent utility called ZoneAlarm. This personal firewall will cloak your computer in a stealth shield— your system will appear less substantial than a ghost’s smile. If you want to get protected right now, turn to the instructions in the section titled “Set up a ZoneAlarm” in Chapter 8. It’s easy, sturdy, and fast. And—unless you’re a business, government, or educational insti- tution—it’s free.
8. 2 Phone Phreaks
9. 14 Chapter 2 • Phone Phreaks hone phreaks are the direct ancestors of today’s hackers. P Using war dialers, dumpster diving, social engineering, and other schemes, these early hackers created traditions and techniques still in use today to breach security at institutions large and small. But instead of attempting to break into computer networks, the phreaks’ challenge was to get into the phone com- pany’s systems and listen to others’ calls, phone long distance for free, send huge bills to their enemies, and otherwise slink around inside Ma Bell without getting caught. A war dialer is a program that repeatedly dials a range of phone numbers, looking for those that reply with an electronic signal rather than voice. Some of these programs can even differentiate between fax, modem, or other kinds of electronic communication, such as an active computer system’s response. With today’s always- on Internet connections (DSL or cable modem), war dialers can be used to penetrate any active connection. A war dialer is distinct from a daemon (demon) dialer, which repeatedly calls the same number. A daemon dialer can either gain entry to a service that currently has a busy number or mess up someone’s Web site or other connection by clogging it. This repeated dialing of a number slows or halts a system, and is called a denial of service attack. Dumpster diving allows a phreak to rummage through trash to sometimes obtain useful information, such as discarded manuals, or to get surplus, but still usable, hardware that has been thrown out. One famous example is the early phreaks whose visits to the trash cans behind Southern Bell’s telephone buildings yielded very useful print- outs of passwords, routing systems, and other technical information. Social engineering refers to security breaches that involve charm- ing or tricking people rather than using hardware or software hacking approaches. Social engineering techniques include posing
10. Who Are Phone Phreaks? 15 as a superior from the head office, the FBI, a field-service techni- cian with an urgent situation, and so on. Often, social engineering is the single most effective security penetration technique of all. You can put a computer inside a sealed room with 10-foot thick concrete walls, but if an employee who knows the logon sequence is chatty, lonely, or otherwise pliable, 50-foot walls won’t secure the system. Security is made up of a chain of connected elements: fire- walls, passwords, shredders, alarm systems, secure rooms, etc. But the old adage applies: The security chain is only as strong as its weakest link. And all too often that weak link is a person. Who Are Phone Phreaks? They gave themselves the name phone phreaks. You’ll doubtless be amused at the many clever words invented by the intellectual rebels and outlaws who roam the information frontier. Hackers, crackers, whackers—whatever you call them, they are often crafty and sometimes original. One of my favorites in all this neologistic diction is the word warez. Warez refers to commercial software that has been cracked—the password or other copy-protection scheme has been broken, and the warez can be passed around and freely used by anyone. These illegal copies of copyrighted software are, of course, dishonest. They reduce the legitimate, earned income of programmers and others who produce professional software. That said, you have to admit that whoever thought up the word warez was indeed witty. (Like hip-hop music, hacker words favor the letter z.) Phreaking means attempting to crack the phone system. The primary goal is to avoid paying for long-distance calls. Originally (in the late 1970s and early 1980s) phreaks used their technical ingenuity to replicate the electronic beeps and sounds that activated and manipulated the phone circuits. The phone company fought back with less crackable elec- tronics. From the late 80s on, phreaking descended the moral ladder from its original intel- lectual challenges to simple lawbreaking, such as stealing telephone credit-card numbers. Attacking phone systems or voicemail systems makes a certain kind of sense if you’re try- ing to learn how to crack computer systems. Phone systems are computer systems, though primitive and usually ill defended. Getting in is good practice. What’s more, understanding the phone systems can become a basis for finding ways to get into a local-area network.
12. Who Are Phone Phreaks? 17 Phone phreaks have also been known to eavesdrop on others’ phone conversations, manipulate billing so their enemies’ phone bills skyrocket, arrange free international con- ference calls, disconnect the phone service for people they dislike, tap into university grade and test databases, and participate in other behaviors ranging from mischief to downright fraud and larceny. Although the phone companies often attempt to assist in dealing with someone who steals your phone-card number, you’re ultimately responsible for calls made using your card number. Did you know that the phone company can listen to any conversation? I didn’t, until I found out that with the right combination of beeps, a phone phreak can gain access to all your private calls, too. Beep Beep Cell phones are remarkably insecure. For around $150, you can buy a scanner radio that can pick up cell phone calls. All kinds of private information is exchanged on these calls. You’re not supposed to listen in. If you do, you’re breaking the law, specifically the Elec- tronic Privacy Communications Act. For around$125, you can record and decode the beeps when people use their touchtone phones. Using a device called a tone grabber, you can get credit-card and phone-card numbers. Every cell phone has a unique number that identifies it (and provides a way to know who gets billed). The Mobile Identification Number and Electronic Serial Number (MIN/ESN) can be caught as it’s transmitted when a call is initiated. Once caught, the MIN/ESN can be programmed into another phone. The average cost of a programmed phone on the black market is around \$400 per month, and you get unlimited calls to any- where. For crooks and dealers, this can be a bargain. The cell-phone industry is fighting back, primarily by scrambling digital signals.