Hacking Myths

[geepod]

dont think you can secure s system that it WILL be secure...if someones want to break in he will... there alwasy a way ....

Well i agree with memory, by definiton a network or computer connected to one is insecure no matter what the security. The connection is for some type of client or server share therefore there is access no matter what the security.

A network is a series of interconnected sytems utilizing shared resouces.

ergo= a network is insecure.

[R0n1n]

Look at Soulemans post for an answer to your question. The whole point was that if you leave a Linux box open it will be less secure then a Windows box that you have tried to secured. Now yes there is the age old arguement that you can never truly secure something to the point where no one can get in except for someone who you trust (but then that goes into issues other then Technical ones), so we are really talking in relative terms, that is one being more secure then the other depending on who secures it.

And to comment on an earlier post, I think IP spoofing can be useful on internal LANS, not much use across the net unless you can alter routing tables etc... or of course when you use decoys in an NMAP scan, not sure if you want to call that spoofing though.

[bballad]

Originally posted here by R0n1n

6) There are 10000000000 Viruses out there - Ok everytime a virus comes out (lets call it "Blue Virus" for discussion purposes) thats a virus, now, everytime someone makes any changes to "blue Virus" even if its just to make it display "hell0" rather then "hello" that counts as a new virus. Now, I think that tends to overestimate things a little.

Ok I have t odisagree with this one. While you are correct in that most viri are just recompiles or some comment changes because of the way antivrus software works they are difrent viri. Example: I could take a virus that was in al of the AV companies DB and recompile it with a new compiler, none of the existing AV software packs would be able t odetect it untill a new signture was generated (huristaics might but they are in no way fool proof and most people don't use them.)

[cire]

Nice post, heres some more.

11. In order to hack/be a hacker, you need to use *nix- while most unix/linux distrobutions come with many more programs and commands for internet security (nmap, netcat, whois, etc) than windows, it is still very possible to use windows for hacking. There is a windows version or supplement for basically every *nix program or command. It is, however, very good to learn unix as more servers run it than windows.

12. If a "hacker" can break into one system, (s)he can get into anyone they want- i've heard many people ask someone who has cracked into a server to break into a website or something that they don't like and are surprised if the cracker/hacker tells them that they can't. Many people believe that if you can do something to one system, you can just as easily do it to any other one. This is not the case as there is no set method of getting into any system as everyone is unique.

[sgtrush]

I have no comment on 9, but 10 is fairly valid. Spoofed IP addresses are basically blind attacks. The return packet is sent to the spoofed IP address. DDOS is usually the only use for a spoofed IP. Which is unethical, unusefull and more importantly a waste of good bandwidth. And who wants to waste bandwidth?

[slarty]

10) [it is a myth that] You can spoof your IP AND DO SOMETHING USEFUL BY SPOOFING IT

This is true, I will qualify it for the OP:

If you spoof your IP when sending packets, the response packets sent by the target, will go back to the IP you've spoofed (assuming they manage to get there) - NOT to the real originating machine. Just as if you posted a letter to someone with the wrong return address, you would be unlikely to get the reply.

The only real nasty thing which attackers can do with IP spoofing is trigger IDS false alarms (perhaps hiding their own genuine attacks in a sea of spoofed ones)

[noODle]

I will have to disagree with that last statement.
You could use IP spoofing if there is a trust relationship between two computer based on IP autentication. It is hard to do and you have to be a real expert to use it.
It works as follows.
You DoS the trusted host (so that it can not reply with RST packets to the syn/ack and syn packets). Next you craft packets as if they were coming from the trusted host.
You can indeed not see any replies so you will have to know exactly what you are doing.

Misconceptions of IP Spoofing

While some of the attacks described above are a bit outdated, such as session hijacking for host-based authentication services, IP spoofing is still prevalent in network scanning and probes, as well as denial of service floods. However, the technique does not allow for anonymous Internet access, which is a common misconception for those unfamiliar with the practice. Any sort of spoofing beyond simple floods is relatively advanced and used in very specific instances such as evasion and connection hijacking.

http://www.securityfocus.com/infocus/1674

There seems to be a lot of confusion about the IP address spoofing and connection hijacking attacks described by John Markoff's 1/23/95 NYT article, and CERT advisory CA-95:01. Here are some technical details from my presentation on 1/11/95 at CMAD 3 in Sonoma, California. Hopefully this will help clear up any misunderstandings as to the nature of these attacks.

Two different attack mechanisms were used. IP source address spoofing and TCP sequence number prediction were used to gain initial access to a diskless workstation being used mostly as an X terminal. After root access had been obtained, an existing connection to another system was hijacked by means of a loadable kernel STREAMS module.

http://www.totse.com/en/hack/hack_attack/hacker03.html

You will have to know exactly what your are doing and like said this is not something a beginner could easily do.

[R0n1n]

I agree with both of you, yes if you send packets over the net from a spoofed IP you won`t get them back as they go to the source, and if a system is relying on IPs for a trust relationship the spoofing might be useful.

Also, when working on a LAN, if you modify the relevant arp tables you can get the packets back, i.e. I spoof IP address 1.2.3.4 and tell the systems you need to that IP address 1.2.3.4 is associated with my MAC, then I get the packet back (only for your local LAN though).

Also, I haven`t come across systems relying on IP addresses for their trust relationship for a long time....

Oh, and spoofing the IP address of a machine that is not reachable, has been known to cause all kinds of problems for the target machine...

anyone have any more myths to add?

In fact, if you change the arp entries so they refer to your mac then you don`t even need to spoof the IP. (thats a note I just added after posting)

[valhallen]

13. All Hackers are evil/malicous and are only out to cause havoc or steal your credit card numbers - this goes back to the old hacker/cracker or black/white argument. Due to (IMHO) bad press hacker has become the buzz word to describe any malicous computer user - esp those who compromise other people systems. But I am off the opinion that this ain't a hacker. A hacker is anyone who is always trying to learn more about their systems....how they work and how to make them do what they want them to do..........I dont mean however to make it seem ok for those people who break into other people's networks/systems cause 'they were trying to learn more about them'
exsposing security flaws is worthy of merit - exploiting them is worthy of scorn

v_Ln

[CyberSpyder]

here's one that's related to the previous post


A hacker is a person who breaks in to somebody else's computer to steal information and to crash their computer


[gloworange]FALSE[/gloworange]




A hacker is someone with a thirst for knowledge, free information, and/or someone who tries to figure out how things work, engineers are hackers, programmers are hackers.