Basic Cisco Intro: Ethernet

Irish Times From davidd@ns.xevion.com Fri Apr 27 17:30:05 2001
Return-Path:
Received: (from root@localhost)
by eircom.net (8.10.1/8.10.1) id f3RGU5T27645
Envelope-to: @eircom.net
Delivery-date: Fri, 27 Apr 2001 17:23:45 +0100
Received: from mail1.eircom.net [159.134.237.19]
by localhost with POP3 (fetchmail-5.5.6)
for @localhost (single-drop); Fri, 27 Apr 2001 17:30:05 +0100 (IST)
Received: from ns.xevion.com ([64.65.32.2])
by brockman.tinet.ie with esmtp (Exim 2.05 #23)
id 14tB20-0007OP-00
for @eircom.net; Fri, 27 Apr 2001 17:23:44 +0100
Received: (from davidd@localhost)
by ns.xevion.com (8.9.3/8.9.3) id NAA09830;
Fri, 27 Apr 2001 13:46:21 -0400
Date: Fri, 27 Apr 2001 13:46:21 -0400
From: David Dorgan
To: dveldon@irish-times.com
Subject: Cracking Article.
Message-ID: <20010427134621.A9633@eircom.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre3i
Status: RO
Content-Length: 3540
Lines: 66

First,

>Hackers, or crackers as they are known in the US
Wrong. Please visit http://www.tuxedo.org/~esr/jargon/html/entry/hacker.html and http://www.tuxedo.org/~esr/jargon/html/entry/cracker.html .

>By using a software programme designed to track the movement of Internet users called a “TCP wrapper” Mr Hynes can identify the general location of users trying to connect with his own computer systems.
No offense, are you aware what TCP_Wrappers does? Have you ever looked at it in detail? If not I suggest you take a look. It can provide access control on local machines based on IP and/or service, it does not do ANY form of tracking across a network. It may let you see local attempts however nothing network wide, unless a database is used which would be inside your local network rather than across the network in any case.

>Within minutes of logging on his computer he has located the Internet protocol address code for four potential infiltrators who have tried to connect with his system that day.
This is actually called an IP address, and if he is a security professional and it takes him minutes to get this from a logfile then I suggest he take up another form of employment. This is a more than trivial task.

>”The guys who tried our systems are from from Seoul in South Korea, Iowa and San Jose in the US, and Taiwan,” he says.
How does he know they are bouncing about? In fact the only way he could know would be to 1)Contact the admin of the machine in question or 2)Break into the machine to find out. Both are very time consuming, the first VERY often doesn’t work and the second is illegal. Attacks are FREQUENTLY launched from hosts already compromised (broken into).

>These codes tell him which Internet service provider (ISP) the users have registered with in their home countries. In theory, this should enable Mr Hynes to make a quick phone call to the ISPs to establish their full names and addresses.
RE: they are called IP’s. That is if the attacker is stupid enough to attack from his local machine. Also giving out user information is illegal and never EVER done without a court order and even then it is given to the police only.

>Brazilians, Russians and Koreans are considered to be among the most prolific hackers
Crap! Many attacks are launched from these countries, however all attacks from Russia or Korea are NOT started from users within Russia or Korea respectively.

>”Irish companies tend to be at least one or two years behind their US counterparts.
Insane generalization, I know very stupidly setup machines in the US and Ireland, maybe you don’t see so many security professionals within Ireland due to the size compared with the US, however this isn’t to say that sys admins here are more naive than the ones in the US.

>These kids often wear black, stop shaving and look really scruffy.
No offense, can the people who employed this ‘expert’ please be beaten with a clue stick.

>They use pseudonyms such as rain forest puppy and write hacking tools which they make available on the Web,” Mr Hynes says
There he goes again proving my point, RFP (Rain Forest Puppy) is probably one of the best people in the world in his areas of interest. He is a security professional with VASTLY more knowledge than “Mr Hynes.” (To say the LEAST)

>The dramatic shut-down of Eircom’s ISP (Eircom.net)

Sorry, I wasn’t aware of any shutdown in the ISP personally, can you quote me on where you heard that ?
To sum it all up,
1) Take one ‘expert’
2) Beat with clue stick,
3) repeat 1.

Clicky