Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Question on Hacker's Challenge

  1. #1
    Senior Member
    Join Date
    Dec 2002
    Posts
    144

    Question on Hacker's Challenge

    Qs on Solution 12:

    Regarding the SOHO/router; the book states that it is a device, how is it been installed?if it is a device, then the company hav to spend money on this device on all VPN user?isn't it a waste of fund?

    According to Solution 12, Answer Section No. 4;a skilled attacker will normally close the hole...if the attacker were to close the hole,is he/she goin to re-hack the system; or access the system through 'justme' account which he/she created? But the 'justme' account must be an administrative account, if not how is he/she going to takeover the system? Or justme may just a normal user account as he/she had already reset the SOHO/router passwd, as long as he/she can gain access to the computer, he/she will have no problem access the router to modify the NAT?

    Qs on Solution 15:

    What is a DoS attack?How will it affect the Server?

    Is it that the Web Server will keep on respond to the source at UDP 7 and caused the processing of the in-coming traffic?
    BlAcKiE
    GearBlitz

  2. #2
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    DoS, Denial of Service, a flood of information ofen used to silence or disconnect a machine from another one so that IP spoofing is possible....then again, it's just a flood.

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.

  3. #3
    Senior Member
    Join Date
    Dec 2002
    Posts
    144
    so what is it to do with port 7?
    what is goin on when a server is been flood?
    can someone explain...
    BlAcKiE
    GearBlitz

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    When a port is flooded, it is taking on too much info that it can't hold/process, resulting in legitimate user/traffic not being able to access the service.

    This is taken from the everhelpful www.whatis.com
    denial of service

    The term you searched for is being presented by searchSecurity.com, a TechTarget site for Security professionals.

    On the Internet, a denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. Typically, the loss of service is the inability of a particular network service, such as e-mail, to be available or the temporary loss of all network connectivity and services. In the worst cases, for example, a Web site accessed by millions of people can occasionally be forced to temporarily cease operation. A denial of service attack can also destroy programming and files in a computer system. Although usually intentional and malicious, a denial of service attack can sometimes happen accidentally. A denial of service attack is a type of security breach to a computer system that does not usually result in the theft of information or other security loss. However, these attacks can cost the target person or company a great deal of time and money.
    This goes on to include more examples of DoS attacks. Read the rest here.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027

    Re: Question on Hacker's Challenge

    Originally posted here by Penguin
    Qs on Solution 12:

    Regarding the SOHO/router; the book states that it is a device, how is it been installed?if it is a device, then the company hav to spend money on this device on all VPN user?isn't it a waste of fund?
    (It's been quite a while since I've read HC, I might not remember everything correctly)

    A SOHO/router is indeed a hardware device. It's one of those "routers" you'll find at any computer shop, like those popular linksys or d-link...

    As far as being a waist of funds, it could seem so, but it really isn't (well shouldn't be if configured right...). You see, when you're employees are connecting through a vpn, you are in fact expanding the perimiter of your corporate network to your employees' PCs. Your new security boundary should consequently be expanded to your employees' PCs. In other words, if your employees' PCs get compromised, and they have vpn access to the your main network, it's just as if they had actually broke into your main network; they have equivalent access. This is why it is worth it to provide your VPN users with router/firewalls. Unfortunately in this case, those were incorrectly configured, which was just as bad as having no firewall.



    According to Solution 12, Answer Section No. 4;a skilled attacker will normally close the hole...if the attacker were to close the hole,is he/she goin to re-hack the system; or access the system through 'justme' account which he/she created? But the 'justme' account must be an administrative account, if not how is he/she going to takeover the system? Or justme may just a normal user account as he/she had already reset the SOHO/router passwd, as long as he/she can gain access to the computer, he/she will have no problem access the router to modify the NAT?
    If I remember correctly here, the router device was actually the one setting up the vpn connection. As so, the attacker having gained access to the router only needed the account/pass for the router device, which he then used to modify the nat/redirection rules on the router so that connections coming from him to the router would be forwarded on the vpn tunnel, into the corporate network.


    Ammo
    Credit travels up, blame travels down -- The Boss

  6. #6
    Senior Member
    Join Date
    Dec 2002
    Posts
    144
    so how could the intruder got to the router and not the PC first?is it that the router is in front of the PC...so the first contact is the router then the PC...therefore the intruder crack the router first then change the NAT?
    BlAcKiE
    GearBlitz

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Precisely. The router sits in front of the PC.
    A quick shema would be:

    Employe's PC ----- Router----{vpn link}--------Corporate VPN concentrator/firewall-------- corporate network.

    Ammo
    Credit travels up, blame travels down -- The Boss

  8. #8
    Senior Member
    Join Date
    Dec 2002
    Posts
    144
    Originally posted here by ammo
    Precisely. The router sits in front of the PC.
    A quick shema would be:

    Employe's PC ----- Router----{vpn link}--------Corporate VPN concentrator/firewall-------- corporate network.

    Ammo
    so am i suppose to say the VPN liink is actually the Internet...the intruder attack the router so that he can go in and change the NAT?then from there he gain access to the VPN?
    BlAcKiE
    GearBlitz

  9. #9
    Junior Member
    Join Date
    Aug 2003
    Posts
    4

    Lightbulb Hackers Challenge Question

    well was wondering can anyone give me solution to Challenge 1 " The French Connection"

    1. What vulnerability did the attacker exploit to compromise the web server?
    2. What did the attacker do to try to obfuscate tracking?

    thnx

  10. #10
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Gill: You could try looking on page 198 of the book..... It gives you a detailed description of the two answers - well.... of one of them..... the second "answer" is a tad lame - but technically it was a way to "obfuscate" tracking.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •