trusted relationship?
Results 1 to 5 of 5

Thread: trusted relationship?

  1. #1
    Junior Member
    Join Date
    Nov 2001
    Posts
    10

    Unhappy trusted relationship?

    Ok, since all my previous posts have gone AWOL (there wasnt that many anyway) i have decided to ask a question that may be bordering for some neg happy critics... Its been bugging me for a while so now seems like a good time, afterall "hackers know the weaknesses in your system, shouldnt you?"

    I have been doing some reading revolving around the analysis of the Mitnick attack.. basically it stated that he exploited a trusted relationship by syn flooding one side of the relationship then assuming it's identity to communicate with the target.. that part made sense...

    However, the document i was reading made out that the victim (the syn flooded host) was external to the target host yet was also trusted... My question is, how did mitnick determine the trusted relationship hosts. The two hosts were not related.

    just wondering if someone could shed some light on how he determined a trusted relationship between two seemingly (meaning not on the same network or owned by the same company) unrelated hosts....thanks..

    Be gentle

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I haven't read all the details on the Mitnick case but trust relationships were often used as part of the original ARPA. rhosts and other files would have the listing of their trusts. If Mitnick found a file with the victim's ip, it isn't that hard. It quite possible could have been a hit or miss.

    Sometimes attackers find things that they aren't expected and utilize those to their advantage. I wonder if Mitnick maybe found something more than just a "victim"?

    http://www.takedown.com/

    Now this is one view of the whole original incident. How accurate it is.. hard to say. There are many sides to the truth.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Junior Member
    Join Date
    Nov 2001
    Posts
    10
    Thanks for the link msmittens...what an excellant link!! can even watch him telnetting in n out

    So you reckon that maybe, while playing around with the victim he stumbled on to a trusted source (the target)? That seems to make sense...but its still a very very lucky find...

    I can see where you are going with the ARPA theory, but i think it was something that involved some form of "recon"... I believe Tsutomo mentioned some stuff concerning TCPdump packets that showed some kind of recon involving finger, showmount and rcpinfo... being the unix wiz that i am....not! Is it possible he gained this very sensitive info from these sources?

    and if he did, wouldnt that mean he would have to gain root on one of the trusted hosts before being able to get showmount info? (which would kinda defeat the purpose of the whole syn flood anyway...I am Confused!!)
    \"I do not fear computers. I fear the lack of them.\"
    Isaac Asimov (1920 - 1992)

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    242
    I never understood the "free kevin" movement-I know the laws were different then but, and I don't know the whole story, wasn't he just a scumbag thief???
    the only way to fix it is to flush it all away-tool

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Originally posted here by Oblivious
    Thanks for the link msmittens...what an excellant link!! can even watch him telnetting in n out

    So you reckon that maybe, while playing around with the victim he stumbled on to a trusted source (the target)? That seems to make sense...but its still a very very lucky find...

    I can see where you are going with the ARPA theory, but i think it was something that involved some form of "recon"... I believe Tsutomo mentioned some stuff concerning TCPdump packets that showed some kind of recon involving finger, showmount and rcpinfo... being the unix wiz that i am....not! Is it possible he gained this very sensitive info from these sources?

    and if he did, wouldnt that mean he would have to gain root on one of the trusted hosts before being able to get showmount info? (which would kinda defeat the purpose of the whole syn flood anyway...I am Confused!!)
    The syn flood was so he could act as the trusted host. He had to disable the trusted host. He did stumble upon sensitive info. I believe he found quite a few credit card numbers and private information as well as proprietary information.

    As for the Free Kevin movement, while I don't agree with Kevin's method his treatment wasn't called for. He spent 4-5 years in prison with no charges or trial date. A lot of the movement was based on the fact that the Gov't didn't do one of those paramount things: due process.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •