27-03-2014, 11:21 AM
Breaking into computer networks from the Internet.
What is this document about anyway?
While I was writing this document a book "Hack Proofing Your Network" was
released. I haven't been able to read it (dunno if its in print yet, and
besides - everything takes a while to get to South Africa). I did however
read the first chapter, as it is available to the public. In this chapter
the author writes about different views on IT security - hackers, crackers,
script kiddies and everything in between. I had some thoughts about this and
decided that it was a good starting point for this document.
I want to simplify the issue - let us forget motives at the moment, and
simply look at the different characters in this play. To do this we will
look at a real world analogy. Let us assume the ultimate goal is breaking
into a safe (the safe is a database, a password file, confidential records
or whatever). The safe is located inside of a physical building (the
computer that hosts the data). The building is located inside of a town (the
computer is connected to a network). There is a path/highway leading to the
town and the path connects the town to other towns and/or cities. (read
Internet/Intranet). The town/city is protected by a tollgate or an
inspection point (the network is protected by a firewall, screening router
etc.) There might be certain residents (the police) in the town looking for
suspicious activity, and reporting it to the town's mayor (the police being
an IDS, reporting attacks to the sysadmin). Buildings have their own
protection methods, locks chains, and access doors (on-host firewalling, TCP
wrappers, usernames and passwords). The analogy can be extended to very
detailed levels, but this is not the idea.
Dial-up
Many ISPs provides "free dial-up" accounts. The problem is that logs are
kept either at the ISP, or at Telecom of calls that were made. At the ISP
side this is normally done using RADIUS or TACACS. The RADIUS server will
record the time that you dialed in, the connection speed, the reason for
disconnecting, the time that you disconnected and the userID that you used.
Armed with his information the Telecom can usually provide the source number
of the call (YOUR number). For the Telecom to pinpoint the source of the
call they need the destination number (the number you called), the time the
call was placed and the duration of the call. In many cases, the Telecom
need not be involved at all, as the ISP records the source number themselves
via Caller Line Identification (CLI).
Mapping your target
Once you have your platform in good working order, you will need to know as
much as possible about your target. In this chapter we look at "passive"
ways to find information about the target. The target might be a company, a
organization or a government. Where do you start your attack? This first
step is gaining as much as possible information about the target - without
them knowing that you are focussing your sniper scope on them. All these
methods involve tools, web sites and programs that are used by the normal
law abiding netizen.