Introduction | DOS Attacks | Social Engineering | Why You May Get Hit | Get into a Hacker War | Protect yourself

DOS Attacks

A second type of hacker war is denial of service (DOS)attacks. Because they harm many people other than the direct targets, DOS may well be the most serious type of hacker war.

Spammers are a favorite target of DOS warriors. Spammers also, if my sources are telling the truth, fight back. The weapon of choice on both sides is the mail bomb.

Recently (June-Oct. 1997), hackers fought a massive war against spammer kingdom Cyber Promotions, Inc. with the AGIS Internet backbone provider caught in the middle. Cyberpromo went to court to force AGIS to give it Internet access (AGIS eventually won and kicked off Cyberpromo). But in the meantime it was seriously hurt by a barrage of computer vandalism.

While the vandals who attacked AGIS probably think they have a good cause, they have been doing more damage than any hacker war in history, and harming a lot of innocent people and companies in the process.

According one source on the AGIS attacks, "The person who really did it 'owned' all of their machines, their routers, and everything else inbetween (sic)." So, although the attacks on AGIS apparently consisted of computer break-ins, the use of the break-ins was to deny service to users of AGIS.

********************************************************
Newbie note: An Internet backbone is a super high capacity communications network. It may include fiber optics and satellites and new protocols such as Asynchronous Transfer Mode. An outage in a backbone provider may affect millions of Internet users.
********************************************************
********************************************************
You can go to jail warning: Attacking an Internet backbone provider is an especially easy way to get a long, long stay in prison.
********************************************************

Other DOS attacks include the ICMP (Internet Control Message Protocol) attacks so familiar to IRC warriors; and an amazing range of attacks on Windows NT systems. http://www.dhp.com/~fyodor/ has a good list of these NT DOS vulnerabilities, while Bronc Buster's http://showdown.org is great for Unix DOS attacks. Please note: we are pointing these out so you can study them or test your own computer or computers that you have permission to test. (Carolyn's note: today check out our links page for the best exploit download sites.)

While Windows NT is in general harder for criminals to break into, it is generally much easier to carry out DOS attacks against them.

********************************************************
You can go to jail, get fired and/or get punched in the nose warning: DOS attacks in general are pathetically easy to launch but in some cases hard to defend against. So not only can one get into all sorts of trouble for DOS attacks -- people will also laugh at those who get caught at it. "Code kiddie! Lamer!"
********************************************************

Sniffing

Sniffing is observing the activity of one's victim on a network (usually the Internet). This can include grabbing passwords, reading email, and observing telnet sessions.

Sniffer programs can only be installed if one is root on that computer. But it isn't enough to make sure that your Internet host computers are free of sniffers. Your email, telnet, ftp, Web surfing -- and any passwords you may use -- may go through 20 or more computers on their way to a final destination. That's a lot of places where a sniffer might be installed. If you really, seriously don't want some cybernazi watching everything you do online, there are several solutions.

The Eudora Pro program will allow you to use the APOP protocol to protect your password when you download email. However, this will not protect the email itself from snoopers.

If you have a shell account, Secure Shell (ssh) from Datafellows will encrypt everything that passes between your home and shell account computers. You can also set up an encrypted tunnel from one computer on which you have a shell account to a second shell account on another computer -- if both are running Secure Shell.

You may download a free ssh server program for Unix at ftp://sunsite.unc.edu/pub/packages/security/ssh/ssh-1.2.20.tar.gz, or check out http://www.cs.hut.fi/ssh/#ftp-sites.

If you are a sysadmin or owner of an ISP, get ssh now! Within a few years, all ISPs that have a clue will require ssh logins to shell accounts.

For a client version that will run on your Windows, Mac or any version of Unix computer, see the DataFellows site at http://www.datafellows.com/. But remember, your shell account must be running the ssh server program in order for your Windows ssh client to work.

To get on the ssh discussion list, email majordomo@clinet.fi with message "subscribe ssh."

But ssh, like APOP will not protect your email. The solution? Encryption. PGP is popular and can be purchased at http://pgp.com. I recommend using the RSA option. It is a stronger algorithm than the default Diffie-Hellman offered by PGP.

************************************************************
Newbie note: Encryption is scrambling up a message so that it is very hard for anyone to unscramble it unless they have the right key, in which case it becomes easy to unscramble.
************************************************************

************************************************************
Evil genius tip: While the RSA algorithm is the best one known, an encryption program may implement it in an insecure manner. Worst of all, RSA depends upon the unprovable mathematical hypothesis that there is no polynomial time bounded algorithm for factoring numbers. That's a good reason to keep up on math news! The key plot element of the movie "Sneakers" was a fictional discovery of a fast algorithm to factor numbers. Way to go, Sneakers writer/producer Larry Lasker!
************************************************************

************************************************************
You can go to jail warning: In many countries there are legal restrictions on encryption. In the US, the International Traffic in Arms Regulations forbids export of any encryption software good enough to be worth using. If we are serious about freedom of speech, we must find ways to keep our communications private. So fighting controls on encryption is a key part of winning the battle against repression on the Internet.