Re: [ISN] Software Hits Back at Hacker with Viruses

From: mea culpa (jerichoat_private)
Date: Mon Jun 01 1998 - 14:20:00 PDT

  • Next message: mea culpa: "[ISN] RSA and NA settle.."

    Reply From: "John Q. Public" <tpublicat_private>
    |Reply From: William T Wilson <fluffyat_private>
    |>  system as retaliation. Of course, that is if any of this exists which
    |>  I highly doubt (and certainly hope doesn't exist).]
    |It doesn't, let's see why.
    |> The administrator has the option of asking the sentries to track the
    |> path of the data and identify its source. Then he can decide on the
    |> ultimate revenge and have the sentries gain entrance to the hacker's
    |> computer and plant a virus.
    |It is, of course, impossible to track the path of incoming data or to
    |identify its source reliably.  It is also impossible to automatically
    |"gain entrace to the hacker's computer and plant a virus."  Even if it
    |were possible it would be against the law.
    True all the way, but it would be possible to give them something ELSE than
    what they intended to download.  It would be more of a trap, but how about
    a symbolic link (or just a renamed copy, if you will) for the file found 
    in ~ftp/private/secret named "update.exe" which actually contains (or IS)
    a virus.
    [on another point:]
    |We now proceed to further descriptions of the ridiculousness of this
    |> the FBI after the software highlighted an attack from teenage hackers
    |> using pornographic messages to entice staff at blue-chip companies,
    |> intelligence agencies, university and military establishments to reveal
    |> e-mail addresses. 
    |Ah yes.  They sent an e-mail asking for their e-mail address.
    |> people to get disgusted with the offer of illicit material," he says. "As
    |> soon as they answered and asked to be removed, the hackers had their
    |> e-mail address and the address of their host server." 
    |There are a lot of easier ways to find someone's email address...
    |subscribe to some mailing lists, or watch usenet or something.
    |Notwithstanding that, you don't need to get someone to reply to your
    |message to see if their address is valid.  If the message doesn't come
    |back bounced, it's valid.
    But often, you do not know the direct routing of email on the inside of a
    firewall.  Where I work, there is an externally-available email address and
    (though not often used) an internal email address.  If you were to send mail
    to jsmith or bjones you're likely to hit them.  Assuming
    you've got suitable bait -- as was provided in the real-world example -- you
    will also get a response.  The headers of that response will dictate the path
    of the mail inside the intranet of the firewalled domain.  Not a ridiculous
    idea, but perhaps not the smoothest way to go about it...
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated []

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:58 PDT