-------- From academic-firewalls-owner@net.tamu.edu Tue Jun 24 21:32:41 1997 Date: 25 Jun 1997 00:46:03 -0000 From: proff@iq.org To: academic-firewalls@net.tamu.edu Subject: Underground extract: System X Anyone read this book? Apparently the first in-depth investigation into the international computer underground to come out of the Southern-Hemisphere - or so I'm told ;) - J.A Extracts from Underground - The true nature of System X Extracted from Chapter 10 - "Anthrax - The Outsider" Note: System X's name has been changed for legal reasons. Sometimes the time just slipped away, hacking all night. When the first hint of dawn snuck up on him, he was invariably in the middle of some exciting journey. But duty was duty, and it had to be done. So Anthrax pressed control S to freeze his screen, unfurled the prayer mat with its built-in compass, faced Mecca, knelt down and did two sets of prayers before sunrise. Ten minutes later he rolled the prayer mat up, slid back into his chair, typed control Q to release the pause on his computer and picked up where he left off. This company's computer system seemed to confirm what he had begun to suspect. System X was the first stage of a project, the rest of which was under development. He found a number of tables and reports in System X's files. The reports carried headers like 'Traffic Analysis', 'calls in' and 'calls out', 'failure rate'. It all began to make sense to Anthrax. System X called up each of the military telephone exchanges in that list. It logged in using the computer-generated name and password. Once inside, a program in System X polled the exchange for important statistics, such as the number of calls coming in and out of the base. This information was then stored on System X. Whenever someone wanted a report on something, for example, the military sites with the most incoming calls over the past 24 hours, he or she would simply ask System X to compile the information. All of this was done automatically. Anthrax had read some email suggesting that changes to an exchange, such as adding new telephone lines on the base, had been handled manually, but this job was soon to be done automatically by System X. It made sense. The maintenance time spent by humans would be cut dramatically. A machine which gathers statistics and services phone exchanges remotely doesn't sound very sexy on the face of it, until you begin to consider what you could do with something like that. You could sell it to a foreign power interested in the level of activity at a certain base at a particular time. And that is just the beginning. You could tap any unencrypted line going in or out of any of the 100 or so exchanges and listen in to sensitive military discussions. Just a few commands makes you a fly on the wall of a general's conversation to the head of a base in the Philippines. Anti-government rebels in that country might pay a pretty penny for getting intelligence on the US forces. All of those options paled next to the most striking power wielded by a hacker who had unlimited access to System X and the 100 or so telephone exchanges. He could take down that US military voice communications system almost overnight, and he could do it automatically. The potential for havoc creation was breathtaking. It would be a small matter for a skilled programmer to alter the automated program used by System X. Instead of using its dozen or more modems to dial all the exchanges overnight and poll them for statistics, System X could be instructed to call them overnight and reprogram the exchanges. --- No-one would be able to reach one another. An important part of the US military machine would be in utter disarray. Now, what if all this happened in the first few days of a war? People trying to contact each other with vital information wouldn't be able to use the telephone exchanges reprogrammed by System X. THAT was power. It wasn't like Anthrax screaming at his father until his voice turned to a whisper, all for nothing. He could make people sit up and take notice with this sort of power. Hacking a system gave him a sense of control. Getting root on a system always gave him an adrenalin rush for just that reason. It meant the system was his, he could do whatever he wanted, he could run whatever processes or programs he desired, he could remove other users he didn't want using his system. He thought, I own the system. The word 'own' anchored the phrase which circled through his thoughts again and again when he successfully hacked a system. The sense of ownership was almost passionate, rippled with streaks of obsession and jealousy. At any given moment, Anthrax had a list of systems he owned and that had captured his interest for that moment. Anthrax hated seeing a system administrator logging onto one of those systems. It was an invasion. It was as though Anthrax had just got this woman he had been after for some time alone in a room with the door closed. Then, just as he was getting to know her, this other guy had barged in, sat down on the couch and started talking to her. It was never enough to look at a system from a distance and know he could hack it if he wanted to. Anthrax had to actually hack the system. He had to own it. He needed to see what was inside the system, to know exactly what it was he owned. The worst thing admins could do was to fiddle with system security. That made Anthrax burn with anger. If Anthrax was on-line, silently observing the adminsŐ activities, he would feel a sudden urge to log them off. He wanted to punish them. Wanted them to know he was into their system. And yet, at the same time, he didnŐt want them to know. Logging them off would draw attention to himself, but the two desires pulled at him from opposite directions. What Anthrax really wanted was for the admins to know he controlled their system, but for them not to be able to do anything about it. He wanted them to be helpless. Anthrax decided to keep undercover. But he contemplated the power of having System X's list of telephone exchange dial-ups and their username - password combinations. Normally, it would take days for a single hacker with his lone modem to have much impact on the US military's communications network. Sure, he could take down a few exchanges before the military wised up and started protecting themselves. It was like hacking a military computer. You could take out a machine here, a system there. But the essence of the power of System X was being able to use its own resources to orchestrate widespread pandemonium quickly and quietly. Anthrax defines power as the potential for real world impact. At that moment of discovery and realisation, the real world impact of hacking System X looked good. The telecommunications company computer seemed like a good place to hang up a sniffer, so he plugged one into the machine and decided to return in a little while. Then he logged out and went to bed. When he revisited the sniffer a day or so later, Anthrax received a rude shock. Scrolling through the sniffer file, he did a double take on one of the entries. Someone had logged into the company's system using his special login patch password. He tried to stay calm. He thought hard. When was the last time he had logged into the system using that special password? Could his sniffer have logged himself on an earlier hacking session? It did happen occasionally. Hackers sometimes gave themselves quite a fright. In the seamless days and nights of hacking dozens of systems, it was easy to forget the last time you logged into a particular system using the special password. The more he thought, the more he was absolutely sure. He hadn't logged into the system again. Which left the obvious question. Who had? ________________________________________________________________________ [This extract may be reposted non-commercially and without charge only] Underground; Tales of Hacking, Madness and Obsession on the Electronic Frontier, by Suelette Dreyfus; published by Mandarin (Random House Australia); (P) 475 pages with bib. http://www.underground-book.com/ or http://underground.org/book -------- From academic-firewalls-owner@net.tamu.edu Tue Jun 24 23:13:31 1997 Date: Tue, 24 Jun 1997 23:00:34 -0500 From: "David K. Hess" To: academic-firewalls@net.tamu.edu Subject: FYI - list archival - ----------------------------------------------------------------------- - -- Reference.COM has begun archiving this list as of: June 17, 1997 - -- Searchable archives for the lists are available at: http://www.reference.com/cgi-bin/pn/listarch?list=academic-firewalls@net.tamu.edu - -- If you do *NOT* want your post archived at Reference.COM, include the following line as an email header or as the first line of your message: X-No-Archive: yes - ----------------------------------------------------------------------- Unfortunately, I think this is also why we just got that spam. If that sort of thing continues I will stop it. Dave - -- David K. Hess Network Group Manager David-K-Hess@tamu.edu Computing and Information Services - Network Group (409) 845-0372 (work) Texas A&M University -------- From academic-firewalls-owner@net.tamu.edu Thu Jun 26 17:02:33 1997 X-Sender: mconsta@atenea Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Thu, 26 Jun 1997 15:35:24 -0400 (CST) From: "Mauricio Constain V." Reply-To: "Mauricio Constain V." To: academic-firewalls@net.tamu.edu Subject: redundance hi, i got a problem, i hope you can help me. i got a firewall, and i provide web access using two proxy server, but one of my proxys crash often, and when this happen, some of the users cant use the web, how can i do to do my proxys more robust, and make that the service still work even if one server is down? Thanks for your time. Mauricio Constain Redes y Servicios Telematicos Universidad Del Cauca -------- From academic-firewalls-owner@net.tamu.edu Thu Jun 26 22:23:33 1997 X-Sender: pin@mail.silicon.net.my X-Mailer: Windows Eudora Pro Version 3.0 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 27 Jun 1997 11:09:46 +0700 From: Sathia To: academic-firewalls@net.tamu.edu Subject: Re: redundance >i got a firewall, and i provide web access using two proxy server, but one >of my proxys crash often, and when this happen, some of the users cant use >the web, how can i do to do my proxys more robust, and make that the >service still work even if one server is down? > What proxy are you using ? I know that netscape proxy does automatic fail over , which means when one proxy fails the other one will take over. I hope this helps maybe your proxy have this feature. Cheers Sathia. -------- From academic-firewalls-owner@net.tamu.edu Fri Jun 27 00:34:35 1997 Cc: academic-firewalls@net.tamu.edu In-Reply-To: from "Mauricio Constain V." at Jun 26, 97 03:35:24 pm Content-Type: text Date: Fri, 27 Jun 1997 01:24:13 -0400 (EDT) From: Paonia Ezrine To: academic-firewalls@net.tamu.edu Subject: Re: redundance > > > hi, i got a problem, i hope you can help me. > > i got a firewall, and i provide web access using two proxy server, but one > of my proxys crash often, and when this happen, some of the users cant use > the web, how can i do to do my proxys more robust, and make that the > service still work even if one server is down? > > Thanks for your time. > > > Mauricio Constain > Redes y Servicios Telematicos > Universidad Del Cauca > > > Well we use mosylt netscape and netscarpe suuport a automatic client configuretion that allows you to set falls backs and multiple servers and almost anything you want that you can script in java-script. If you need the url for the info let me know! paonia - -- +++++++++++++++++++++++++++++++++++++++++++++++++ | Paonia Ezrine | Mass Art | | paonia@massart.edu | 621 Huntington Ave | | 617-232-1555 ext 357 | Boston, MA 02115 | | 617-566-4034 (fax) | www.massart.edu | +++++++++++++++++++++++++++++++++++++++++++++++++ -------- From academic-firewalls-owner@net.tamu.edu Fri Jun 27 01:18:40 1997 X-Lotus-FromDomain: RIVM cc: academic-firewalls@net.tamu.edu Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Date: Fri, 27 Jun 1997 08:14:22 +0200 From: Rens.Schipper@rivm.nl To: academic-firewalls@net.tamu.edu Subject: Re: redundance One way to go is using the Local Director Box from Cisco. It his one "in" to which you assign the IP address of you proxy. It has several (12?) "out " ports. On these ports you can attach your proxy servers. (change the IPadresses) . The Box will do load scheduling over the out ports! If one of your proxies crashes the other proxy will keep the serivce up. (performance goes down a bit). Check out the white papers on www.cisco.com. Hope this helps :-) Regards, Rens mconsta @ atenea.ucauca.edu.co 26/06/97 21:35 Please respond to mconsta@atenea.ucauca.edu.co To: academic-firewalls @ net.tamu.edu cc: (bcc: Rens Schipper/NOTES4/NL) Subject: redundance hi, i got a problem, i hope you can help me. i got a firewall, and i provide web access using two proxy server, but one of my proxys crash often, and when this happen, some of the users cant use the web, how can i do to do my proxys more robust, and make that the service still work even if one server is down? Thanks for your time. Mauricio Constain Redes y Servicios Telematicos Universidad Del Cauca -------- From academic-firewalls-owner@net.tamu.edu Fri Jun 27 10:39:33 1997 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Description: cc:Mail note part Date: Fri, 27 Jun 1997 09:53:21 -0500 From: MDUSTMAN@ipalco.com To: academic-firewalls@net.tamu.edu Subject: Re[2]: redundance Firewall-1 V3.0a from Checkpoint will now support several ways to "load balance" servers. I've tried it in their certification class & it seems to work fine for http servers. Mark Dustman Indianapolis Power & Light Co. =================================================================== hi, i got a problem, i hope you can help me. i got a firewall, and i provide web access using two proxy server, but one of my proxys crash often, and when this happen, some of the users cant use the web, how can i do to do my proxys more robust, and make that the service still work even if one server is down? Thanks for your time. Mauricio Constain Redes y Servicios Telematicos Universidad Del Cauca -------- From academic-firewalls-owner@net.tamu.edu Fri Jun 27 14:25:00 1997 X-Mailer: Mozilla 3.01 (Win95; I) MIME-Version: 1.0 CC: Graham Lawlor Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Fri, 27 Jun 1997 14:09:06 -0500 From: krafty@neology.com Reply-To: krafty@neology.com To: academic-firewalls@net.tamu.edu Subject: 10 network/dlsw Part of my firewall design incorporates a 10.x.x.x network. I have configured my router to allow the passage of 10#'s on my ethernet interfaces but not out the t1's. I would be really happy if I could configure the router for tcp/ip encapsulation of netbios. Does anyone have any suggestions on how to configure a cisco for this? Kevin