|
|
|
|
You can also download a free trial of the more advanced Windows version of this program, T-sight, from the En Garde Systems web site. I've seen some playbacks. They make fabulous party entertainment. On one, someone had broken into a computer at Los Alamos Laboratories that actually was a "bait" computer used to practice fighting computer criminals -- using real unsuspecting computer criminals. This particular criminal was trying to send email from this computer bragging of his (hah, hah) feat and demanding that Kevin Mitnick be released from prison. What was fascinating was that Mr. Computer Criminal kept on entering MS-DOS commands on the hacked computer, which didn't work because it was running Unix. After about 20 tries he finally managed to send out his email boast. Then he tried to destroy the evidence of his crime by erasing the entire hard disk. However, he found this hard to do. He kept on giving various erase commands, then listing the directories, and the stuff didn't seem to be disappearing. You could almost feel his rising panic. TTY-Watcher is ideal for when you and your friends are playing hacker wargames where the attacker starts from a shell account on the victim computer. By seeing exactly what other people are doing to leverage unprivileged shell access into root access, you can learn a lot about how to detect and fight attacks. You also can also better understand why it is so hard nowadays to get a shell account on an ISP. TTY-Watcher is outstandingly good at one thing: it allows you to control
your victim intruder. I watched this happen once on a friendly hacker wargame. The
guy running TTY-Watcher felt sorry for the other player, took over the poor
guy's session and fixed his commands. If your intruder is hostile, and you
wanted to mess up his commands instead, you could make his day profoundly bad.
If you just need a free program to watch what is flowing on your local Ethernet, try Sniffit, available for free from http://www.rootshell.com/. It's boring compared to some of the above programs, but valuable for more sophisticated users who need to understand the technical details of how an intruder got in. Its description, "A very flexible network sniffer that has many interesting features (like curses)" suggests that it may be used by your intruders to sniff your network. Computer criminals love Sniffit. If you can become intimately familiar with its features, it will be easier for you to find a hidden Sniffit in operation. Another program for watching criminals at work on Windows computers is TCPview. It is available for free from http://www.sysinternals.com/. It is a GUI (graphical user interface) utility that tells you at any time what connections are open to your box, and what is going on with each connection. If you are brave, or perhaps foolhardy, you could always try running Back Orifice on your Windows computer. The promotional material for this free program make it sound useful for being able to keep your computer out of trouble when you are away from it by logging into it from the Internet. However, it is quite difficult to uninstall Back Orifice. Also, it was written by a member of the Cult of the Dead Cow, a gang notorious for an excessive sense of humor. Many computer security experts warn that Back Orifice is a Trojan that will make it easy for strangers to get into your computer. I don't recommend ever installing Back Orifice. If you have installed it and want to get rid of it, removal instructions are in the chapter "How to Break into Windows 95/98 Computers." Suppose you want to see whether someone is port scanning you or trying to break into a port. One useful utility is Nukenabber, available from http://www.winfiles.com/, in the Winsock area. It watches up to 50 ports simultaneously. Yes, it is a Windows program, and it's free. |
|
|
|
