|
|
|
|
You can get punched in the nose warning: Before you start playing with the techniques of this chapter, beware. If you use what you learn here for snooping on other people's networks, you should expect them to suspect you of being a computer criminal. For this reason, if you want to explore other people's systems, it helps to make friends with the staff of your ISP so they won't kick you off for suspicion of computer crime. Also, it helps to get permission from the sysadmins of whatever network you are checking out. If you find a problem, you should notify the responsible sysadmin so he or she may fix the problem. It also helps to maintain a good reputation. If you are known as a troublemaker, you will get lots of grief for using the tools of this chapter. If you have a good reputation, people will believe it when you say you are exploring in order to learn network administration -- or simply for the pure joy of discovery. If your ISP is one of those big, anonymous places that would kick you off at the least sign of trouble, switch to a local ISP where you can drop in and offer to take the tech support staff out for pizza. Trust me on this, if you try out what this chapter teaches, almost any large ISP will soon give you the boot.
I run the same scan again but with the time-out set to 1 second. This reveals many more live IP addresses and ports: 198.987.999.033 7 9 11 13 15 19 21
23 25 37 53 79 80 110 111 113 139 143 OK, I admit it, to save space I was trying to accomplish two slightly conflicting things with this particular set of IP addresses. These are (foobarred) dynamically assigned IP addresses of an ISP. These are assigned to dial-up customers. So some of these addresses will change or the users of the same address may change from one scan to the next. However, these two scans were done only a few minutes apart. So not many of the connections would have changed in this period. These scans show the importance of a long time-out setting in What's Up. One second (1000 ms) has given me better results. Here, among these dynamically assigned IP addresses, is where I really get my kicks. Dynamically assigned IP addresses are the Rick's Cafe -- no, the Star Wars Cantina -- of cyberspace. OK, most of these IP addresses reveal no open ports. They are probably mere dialups for downloading email or surfing the Web for people who wouldn't know Unix from unicorns. However, since I chose the dynamic IP addresses of an ISP well-known for attracting hackers, this particular set of IP addresses is -- interesting. Check out "198.987.999.036 80 139", "198.987.999.050 80 139", and "198.987.999.156 80". Those 80s represent ephemeral Web sites, in existence only so long as their dialups last. Wonder what they hold? The fact that almost all other services are turned off suggests sophisticated users. Maybe those Web sites will be passworded, or maybe I can get in... That "198.987.999.033 7 9 11 13 15 19 21 23 25 37 53 79 80 110 111 113 139 143" must be a Linux or other home Unix type box. It's run by a real novice, I'd say, judging from all those open ports. Look at that port 21 open. Wonder if he or she has an anonymous ftp server? Better check it out before it winks out of existence. It also has a Web server... Take a look at "198.987.999.051 21 22 23 25 37 70 79 109 110 111 113 143". That port 22 -- that means secure shell login. No webserver (80), no echo (7), discard (8), daytime (13), netstat (15) etc. Since these are ports that a cautious sysadmin would disable, these are signs this the box might be owned by a hacker. If this is a dynamically assigned IP address from an ISP on which you have a shell account, a quick look at netstat and/or the "last" command will probably reveal the user name of this hacker. Check out "198.987.999.198 110 119 139" and "198.987.999.178 135 389". Weird selection of ports. Wonder if the owners of those boxes would tell me what they are up to? Hey, there's a POP server (110). Maybe if I email "root@198.987.999.198" I will get a message through. Sheesh, I don't know, I'm just playing around. |
|
|
|
