The glory days of hacking have ended. Once upon a time, clever amateurs
roamed the Internet taking down The Man - scoring free long distance,
r00ting gov servers, phreaking and cracking and hacking. But the
landscape has changed. More than ever, there is money to be made on
the Internet. More than ever, people are working to protect their
investments in the Internet. Not to say big business doesn't still
get hacked all to hell - but it's gotten a lot harder. The stakes are
higher. Hacking has turned pro.
Which leaves the script kiddies, those seeking vengeance, and the plain
bored looking for something to pass the time. How do I make an impact
on the 'Net?
The Internet is a castle made of sand. We all live in it. It was never
made for this. It's central infrastructure, it's protocols, it's hardware
and software, was never constructed to withstand the pounding from over
8 million full time
nodes, and more users than can realistically be counted.
So it is easy - it is painfully easy - to wreak havoc, to disrupt and
destroy, to throw a net.tantrum. It's called a DoS - Denial of Service
attack. I don't like you. You insulted me, or your company made a product
that is better than mine, or I heard from a friend that you don't like
cats, so I want to hurt your business. Simple, just launch a fraggle,
smurf, pepsi, boink, bonk, teardrop, ping of death, or winnuke at your
servers. See ya, wouldn't want to be ya.
The tools have stupid names, but the results are not frivolous. They can,
and do, cost companies millions of dollars in measurable downtime and
data loss. Perhaps there is elegance in the simplicity of the attacks,
if art can be found in breaking things, but the complications, moral
and ethical and structural and personal, extend beyond the act itself -
why, just like art.
Before I start talking about the attacks, let me refresh you on the
basics. Real fast now, don't worry, I won't geek out on you too much.
We all talk on the Internet using the Internet Protocol (IP). On top of
IP, we use either the Transmission Control Protocol (TCP/IP), or the
User Datagram Protocol (UDP/IP). Both have similar parts, namely, they
identify:
- The host that the data is going to (Destination Address)
- The host that the data came from (Source Address)
- The port that the data is going to (WWW, email, FTP, etc)
Remember that I said they identify. They don't authenticate. They do not
prove that the packet you receive came from where it says it did. When
I send you a web page that looks like it came from Microsoft, that's
known as spoofing. Happens all the time. You never find out who actually
sent you the web page. If you aren't careful, you never notice that the
page isn't legitimate. Sucks to be you.
- Teardrop: An attacker sends you a packet that is just the
right size that it must be broken into two fragments. One of the
fragments is too small. Your computer sits and waits for a correct
size packet. Your computer starts overwriting it's own memory and
crashes. If you are running a Windows system, you get the groovy
and popular
Blue Screen of Death
Haiku anyone?
- Bonk and Boink: They do the opposite of Teardrop. They send
you a packet that gets fragmented, with one fragment being too
large. Blue Screen of Death again. Cycle power, reboot, BSOD, ad
nauseum.
- Ping of Death: An exploit that was originally ran from
Windows computers. Ping is normally a small packet sent out to the
Internet to discover if a computer is up and running. Nobody said
it had to be small though. In fact, Windows computers let you send
out a packet that was way too large. Caused many Unix servers to
roll over and die. Au revoir, web server.
- Land: Ooh, ooh, ooh. What if, say, I sent a packet to a port
on your computer that makes it look like it came from that same port
on your computer. Your computer could then open a transmission
control block (chunk of it's mighty, digital brain) to communicate
with - Itself! Instant freak out. Computer says gaaarrr, then dies.
- SYN Flooding: For my computer to talk to your computer, I
send you a TCP/IP packet with the Synchronize (SYN) bit set. You
send me back a packet with the Synchronize/Acknowledgement (SYNACK)
bit set, then I send you a plain old acknowledgement (ACK). It's
called the three way handshake, and is fundamental to setting up
reliable communications in the Internet. If I send out SYN packets
with the source address spoofed to be some computer that is not
actually running anywhere on the Internet, then your computer send
the SYNACK out and waits for the ACK to come back. And waits, and
waits. The SYNACK eventually gets swallowed by a router out there
somewhere. If I send a good eight thousand SYN packets to port 25
on your computer, you don't get any more email. If I send them to
port 80, you don't deliver any more web pages. If I know you are
running a telnet session from Host B, I can SYN flood host B to
shut it up for a while, then, gosh I'm clever, I can send you
packets that look like they came from Host B. Maybe in those
packets I tell you to let the whole world in without asking for
a password. That's called session hijacking. Are you breathing
hard?
- Smurf and Fraggle: Lets say there is some computer out
there who's IP address is 10.1.1.1. The network it rides on is
more than likely identified as 10.1.1.0. There can be up to 254
computers on the 10.1.1.0 network, and if you want to send
information to all of them, you send it to the network broadcast
address, which is 10.1.1.255. In that case, every computer on
the network will send you a reply. Now, if I don't like you, I
spoof some ping or UDP packets so that they look like they came
from you, and they are going to several broadcast addresses. In
other words, I send out one small packet, and you wind up receiving
254 packets you never asked for. If I really pump them out, you
wind up receiving so much garbage that your connection slows to a
grind. This is knows as a network meltdown. It has no odor, no
taste, but sounds like this - "Hey, why is the Internet so slow?"
- WinNuke: If you are telnetted to another computer, and you
suddenly type in Control-C, the telnet application knows what to
do. It sends out a packet with the push bit (PSH) set. The other
computer sees this packet and stops whatever it was doing to give
you back your prompt. This is known as Out Of Band (OOB) data. With
telnet, it's cool. But if you are on a Windows computer, you are
using a protocol hook known as NetBIOS (it's what puts all those
computers in your Network Neighborhood). Netbios never expected
OOB data. It receives a packet with the PSH bit set, and it freaks.
Due to the mysterious nature of luck, this usually happens while
you are typing up a two page document that you haven't saved yet.
OK, I explained how these things work. If you aren't quite sure how to
write a program that will build these packets, have no fear. There are
plenty of places out there on the Internet that will provide you with
an easy to run program that will do it for you. Just download, install,
and run, run, run.
And who wrote these programs? Some of them are criminals. A very few are
old school hackers who miss the glory days. Most of them are people who,
as coincidence has it, provide some product that will protect you against
the script that they wrote. If 12 year olds the world over are running
their script against you, then maybe you will buy the product to protect
yourself.
I told you. The landscape has changed. Hacking has turned pro.
5 Links To Make You Think
- The China Matrix
- The Artchive
- Christy's Garden of History
- ISS's X-Force
- People for the Ethical Treatment of Software