Originally Posted: 1/22/2003
Describes a hackers view of real hacking.. hrumphh
If you guys+gals think some stupid little (SOFTWARE!) based mac spoofing is gonna throw the sophisticated traffic analysts off your trails. Damn.
I can't even believe you would try any hacking from a windows box!!! What are you thinking? Don't you remember how Mitnick got caught up? And he had a super slick set-up... BE paranoid about this stuff.
Its time to wake up and get real.. the first thing I would suggest to the curious few who actually have the hunger out there, is start playing around with TUNNELS!
Get yourself several hop points around the world and practice communicating covertly between them.
My latest favorite is using [ ipv6 <-ipv4-> ipv6 ]
tunnels. There are a ton of free ipv6 "tunnel brokers" out on the net.. a lot of isps (I'm talking the more mom&pop variety) won't even NOTICE ipv6 protocols! Let alone the more exotic ones being developed daily!
If you have a craving for bandwidth.. scope out the situation, learn about tools you never hear about anymore like lft and rwhois (build yourself an rwhois server!). (http://oppleman.com/lft/) Learn the subtle art of firewalk and fragroute. Get the TTL's down. slowly and surely scope out what is between you and the ISP. A switch? Wham! Its over! A router? These days they are a lot tougher, but they are never 100$. Each switch and router that you can control increases your ability to remain invisible exponentially. Forget stupid 5year old lame cisco "hacking guides".... research the device on your own. Try downloading the manufacturers current boot/config file (image) from the manufacturers website, and then using UltraISO&easyboot with a little bit of hex editing to add a custom backdoor via a well placed ssi (server-side-include) file into the built in remote management consoles they all have.... its too easy to set up a tftp server and serve the devices modified boot images. Now you can use that device as a shield. You can ride a trunk or a vlan or a mirrored port completely stealthily.. to the next device. These devices all have the same tcp/ip stack.. they all communicate with each other in subtle ways. Just like relatives. So it tends to go like dominoes. Another cool thing you can do is hardwire several SPOOFED MAC addresses directly into the devices CAM table.. then you are free to use these spoofed MAC addresses without risk of exposure.. while you then masquerade as the device, to gain access to the next device. You need to make sure about how your ISP filters.., I like to hardwire in MACs that are just 1 letter off from a real one, thats if I don't just spoof a real one by shutting off the port they connect on. You can also turn off digress filtering and DDOS or spam the crap out of someone with the spoofed return addresses. Forget about irc bots.. Its also helpful to keep an eye on every MAC address (via tunnels or mirrored ports broadcasting MACS and traffic that you have tethereal or ntop keep track of, hunters pretty good.) because its like a early-warning system. And it proves invaluable to have that info after you have been hacked. It even helps to know the brand of NIC.. Which reminds me that that is a good way to get devices to talk to you.. and a good way to find out about them.. look up their brand of nic, and spoof your own as that same model of device. There are countless userland tcp/ip stacks (a lot of really cool ones are in development) that give you this ability to mimic. this is good because everyone gets hacked.. What sucks is that if you have windows, most of the time you never even know it! And with those types hackers, a moderately secured *nix flavor isn't much safer. (if you don't get hacked, then you obviously know whats up, or much more likely... you just don't know that everyone from big brother to countless organized criminals watch your every move with growing amusement.
Use passive info-gathering tools like xprobe2 and amap; and icmp fingerprinting techniques like sing and isic; (but mostly parsing of dumps off the wire) to determine WHAT platform/OS is being run. Unless they are using some funkified (TCSEC) Class B2 like XTS-300 STOP or Trusted Xenix.. You have got to KNOW.. thats its well within your reach to own the box. Even OpenBSD has issues. I'm not gonna try to get into detail, but basically, you want to either be totally invisible and undetectable always, or you want a GIGANTIC part of the web to be able and disappear into. And once you get access to switches and routers between you and ISP, you can really start doing some cool stuff to evade traffic analysis.. like GRE tunnels and distributed networking, encapsulated encryption, etc. Don't even get me started about DNS.... at this point.. ur circumventing the ISPs straight to the really fast stuff. so there should be nothing negative at all directed against the ISPs.. In fact, I loved working at an ISP for several years *awesome, actually*.
Ultimately, your goal is to keep the information FREE and FLOWING, while everyone else loses their hunger and drive for knowledge.. being replaced by a consuming hunger for money. greed. power. I like to keep in perspective that money was an invention. (although I'm so flat broke these days I dunno.) Stop wasting time, go get yourself a freebsd distro (I don't use freebsd much but they have really good documentation and plenty of easy to understand source) and read the documentation all about ipv6. I'm talking about some major rfc reading! Phenomenal ideas going on in rfc's dealing with ipv6.. Don't worry though, its only the future of the internet... they've only been working on it for freaking ever... (for one reason.. SECURITY!) and you'll find ipv6 is gonna be even more fun... a bunch of hackers in a monumental worldwide effort created it.
Question
How can I learn more about IPv6?
Hmm.. I'll just tell you how I read up on ipv6 so you can too. I am also great with linux but relatively new to bsds.. I used the 5.3 freebsd with a full install a couple months ago.. heres what I did. (I have notes to look back on) First I built the locate (like slocate) database by running
/etc/periodic/weekly/310.locate
Then I used the locate command to search for ipv6. I read everything that looked interesting. If you want to get some really tight knowledge about ipv6, read the following RFCs.. 2472, 3056, 1933, 2893, 3542.
Also do a man inet6
, and a man icmp6
, and fully read those and read through all the other man pages for network stuff like route and ifconfig. First though, do a man man
, and you'll see a commandline option to display all the man pages 1 after the other for one command.
man -option ifconfig
would not only return the newest manpage, but would also return the older (and a lot of times filled with good hard to find info) so check that out. also check out kame.net.. I'm gonna reinstall freebsd on my 2nd pc and do some of my own digging. Cheers!