To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.dear-legoOpen lugnet.dear-lego in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Dear LEGO / 767
766  |  768
Subject: 
 Re: Brad Justus is real
Newsgroups: 
 lugnet.dear-lego
Date: 
 Mon, 13 Dec 1999 16:42:49 GMT
Viewed: 
 2704 times
  
On Mon, 13 Dec 1999 08:39:06 GMT, Ben Olmstead/BEM
<bem@mad.scientist.com> wrote:

Not to spread paranoia, but... offhand, I can think of three different
ways to forge the IP in Todd's logs.  Supposing someone wanted to pose
as Brad Justus: one could

a) break into Brad's machine and post from there

Point 1, he uses IE on Windows NT (if we can believe the first
message, at least). So no remote breaking in. Which leaves physical
access - which is IMHO rather unlikely.

b) break into Todd's machine and alter the logs

Break into a high-security FreeBSD box? Highly unlikely, especially
without a shell account to start from.

BTW, Todd, why is port 23 open? Move to ssh, if you absolutely _have_
to have shell access from the net at large. And port 110? Should that
be available to the net at large? And FTP?

c) spoof their own IP address so that Todd's computer thinks the
  cracker's computer is Brad's computer.

It is possible to _say_ your packet comes from somewhere it doesn't.
However, the packet's routing information will _still_ contain the
real IP address.

You need full-duplex comms to use SMTP, UUCP, HTTP, or NNTP.

So unless the software is backwards, it will register the real IP as
well.

Any of these are outside *my* abilities (of course, as a rule, I don't
break into other people's computers, and I don't spend my time hacking
on TCP/IP), but are possible.  Basically, true authentication is not
really possible on the internet outside of (possibly) public-key
encryption, because really smart crackers can do just about anything.

It is possible to authenticate IPs. It is not in the general case
possible to authenticate people, because of NAT, proxies everywhere,
and Dynamic IPs. You _can_ verify that someone writes from a certain
IP, and to whom that IP belongs (and the traceroute to where he's
coming from).

Now, the odds that a really smart, bored cracker is going to choose
LUGNET to torment are very, very low.  (Very smart, bored crackers have
a tendency to go after bigger targets, and often get themselves into
bigger trouble.  Or are very, very smart, and know not to change
anything or say anything publicly.)  I, personally, believe that Brad is
real.

Very smart crackers tend to only do things to prove a point. Dumb
crackers tend to replace www.DoD.gov/index.html with a virus-carrying
java(script) thingy.

Jasper



Message has 1 Reply:
  Re: Brad Justus is real
 
(...) Why not? BO2K runs on Windows NT and Win2000 boxes. (The new version of Netbus does too, but I'm not sure if that's publicly available yet.) (...) But if you anticipate what packets the remote side will return, you can generate the appropriate (...) (25 years ago, 13-Dec-99, to lugnet.dear-lego)

Message is in Reply To:
  Re: Brad Justus is real
 
(...) Not to spread paranoia, but... offhand, I can think of three different ways to forge the IP in Todd's logs. Supposing someone wanted to pose as Brad Justus: one could a) break into Brad's machine and post from there b) break into Todd's (...) (25 years ago, 13-Dec-99, to lugnet.dear-lego)

43 Messages in This Thread:












Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR