Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
2007 a Hacking Odyssey

2007 a Hacking Odyssey



|Views: 99|Likes:
Published by Joseph

More info:

Published by: Joseph on Dec 25, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF or read online from Scribd
See more
See less


2007 A Hacking Odyssey – Reconnaissance
The aim of this series of papers that will take an in-depth look at how someone maytarget and electronically break into an organisation, is to educate people who may betasked with looking after and securing a corporate network to do so in an effectivemanner.My personal outlook on this issue is that if you have no idea about the steps a would-beattacker will take to try and gain access to your systems, then you as an administrator cannot effectively secure your system to an acceptable standard. Some people may disagreeabout the concept of demonstrating to people how to gain access to networks they are notmeant to, whilst others agree with the ‘full disclosure’ approach.Take a firewall for example – if you don’t understand the steps an attacker will gothrough to try and get traffic through your firewall, then how can you stop them for doingit? All you can do is configure it the best way you know how and hope it is good enough.
Hacking, Cracking, Hackers and Crackers
 Before I start:If some innocent looking young teenager came up to you and starting talking abouthackers and hacking, then chances are you, being the IT professional that you are wouldmentally dismiss him as not understanding what he was talking about, just because heused the work ‘hack’. Yet, if a university professor type person in his fifties wearing atweed coat, glasses and smoking a pipe came up to you and starting talking about hackersand hacking then you would more than likely listen to every word he says…… why isthis?Well, the term ‘Hack’ or ‘Hacker’ is a word coined by the media to mean anyone trying to break in to something IT related, whether it’s a Network, Computer or any other type of electronic system.The more realistic term to use when talking about a hacker in the way the media’s term ismeant, is to use the word ‘Cracker’ or ‘Attacker’. A cracker/attacker is someone who triesto gain access to things they have absolutely no right to be accessing. A hacker issomeone who tries to make something function in a way it was not originally designed todo; they ‘hack it apart’.Take an email program for example; a hacker may try to make this email program sendsomething other than an email, thereby making it do something it is not meant to do.Whereas an attacker/cracker will try to gain a level of access to it and read the usersemails contained within the application.People who are new to the IT community will often innocently use the word hacker until
they get flamed by someone for doing so, probably on an IT related web forum, at which point they will usually endeavour to find a different word or face public ridicule on thenew IT forum they will inevitably have to find.There are some people who like to instigate the flaming of the above mentioned peopleand think that everyone else will presume they are pretty knowledgeable because theymake a big fuss of the fact they don’t like the word ‘Hacker’……these are the people youshould probably stay away from.Most people who are secure in their own knowledge of IT and IT security whether for good or bad purposes and who have worked in the area for a while, really don’t care whatword is used and can even find themselves using the term ‘hackerfor ease of instructionwhen talking to non technical people or media type people. It could also be used to lessenthe effect the work ‘Attacker’ has on someone; non IT people can get pretty scared whenyou say a cyber attacker is out to get them.For the duration of these papers I will use the term ‘attacker’ to refer to someone trying todo bad things to your computers and to your network. We will also assume the attacker isa ‘he’.
For this chapter we will take the mindset of the Attacker and the preliminary steps he maygo through to attack your IT emporium.How does an attacker decide which organisation to target? When he has decided on theorganisation how does he set about attacking it, how does he know where to go on theinternet to find the specific network he wants to attack, how does he find your geographical location if he wants to wardrive you, how does he find useful information tosocially engineer you, how does he find your phone number range to war dial you, howdoes he find your mail server?These are just some of the things the attacker will need to know before planning anyattack against you and is generically referred to as reconnaissance.There are different types of attacker; attackers who have picked a target for a specificreason, attackers who pick random targets but have a specific idea about what they wantto do to the target when they find one, and then there are attackers who look for randomtargets to launch random exploits against in an attempt to gain any level of access,without actually understanding what it is they are doing.This later genre of attackers are commonly referred to as Script Kiddies, Skiddies,SkiDIE’s, Skids etc and are the ones who don’t usually bother with any reconnaissanceand jump straight to firing Nmap up and start telenting to any open ports they may
happen to find.I usually start security related courses off by asking, “What is the first step to take whenwanting to attack a network?” 99% of the answers I receive involve the words Nmap andTelnet. Whilst this is a feasible option, there are still lots of steps to take before Nmap iseven downloaded.You may have dismissed Script Kiddies out of hand by what I have mentioned above.Just because they do not understand the ins and outs about what they are doing does notmake them any less dangerous than someone who does. Script Kiddies have all the timein the world to try and attack you. They usually come across an exploit of some kind thathas been published somewhere, read how to actually perform the exploit and then go off in search of someone to test their new found uber skill on.Since they have a specific exploit in mind, which may run over a certain port, they canscan away to their hearts content looking for that one system that is vulnerable to theexploit they have.So, whereas Administrators have to try and secure from 1000’s of possible vulnerabilities,the Script Kiddies only have to find this one vulnerability on your system…..and have aninfinite amount of time to find it.
Picking a Target
 So, how do pick a potential target?As good guys you may have a specific reason to attack a target, whether it is your ownorganisation and are auditing the security of it, or you have been contracted to audit thesecurity of another organisation – if this is the case then step one has been decided for you. As bad guys you could have a grudge against a particular organisation, you couldhave come across some interesting information in a newsgroup about a certain system being vulnerable, someone may have posted a firewall configuration on a newsgroup/IThelp site and not removed any passwords or IP addresses (this used to happen a lot). Youcould even have been specifically asked by someone to see if you can do any damageagainst an organisation…..the list goes on.What if you have no reason to pick a specific target and any will do?You could trawl through your own firewall logs and find someone who has targeted youin the past; Zone Alarm for example has an annoying popup that can tell you about anyexternal attempts made to gain access to your machine and includes the IP address of theattacker. If you have a home router they all usually have a logging facility and will recordany attack attempts.In true Script Kiddie style you could have stumbled across an exploit and want to try itout, so start looking for susceptible targets.

Activity (3)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Dan liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->