HACK inn - Page 2
Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 59

Thread: HACK inn

  1. #11
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Originally posted here by JRUMJ
    Sorry I don't mean to jump the gun, just felt his comment was uncalled for.

    I have learned about the OSI 7 layers. Which definitely help but I am "curious" as you say about hacking. I am not just speaking of networks. The way I see it is if I cannot do something I want to do I find another way to do it (right? that is how most people are) A administrator will close all entrances to a specific potential problem area (Right??) And he moves along to the next task. Ok that "hacker" found another way to do exactly what he wanted which is why they are hackers (Why I would like to know MORE than I do now about hacking). Hopefully this will clear up any thoughts you guys have of my wanting to hack a bank or something.
    If you can on the spot describe the differences between the OSI model and the TCP/IP (or DOD) model, then maybe complaints about what you are and aren't getting taught are valid (or not). Honestly though, in your original post you ask about stuff that requires a good working understanding of networking to know. Do you know what an ISN is? Do you know which (of UDP, TCP, and ICMP) include packet checksums? Do you know what an RFC-standard response is from a router when you're trying to send stuff to a port that's blocked/unavailabe? Which protocols are used in this? It's not run of the mill "I have an IP address, netmask, and gateway" type stuff that you're asking about. You need a solid foundation. Simply saying "I have learned about the OSI 7 layers" doesn't really cover jack.

    Originally posted here by Tiger Shark
    Girls and boys....

    I don't have the time right now or I would help the guy... He's kosher... Cut him some slack and answer the questions.... Most colleges etc. barely teach how a computer works... At least the kid is _thinking_... Give him a break....
    Kosher doesn't equate to flaming people who are actually replying with useful information IMO. I think reds are perfectly justified. Crying because it wasn't the exact response he wanted to heard is BS.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?
    Share on Google+

  2. #12
    Member aciscorouter's Avatar
    Join Date
    Mar 2002
    Location
    Brampton, ON, Canada
    Posts
    35
    Hey there, I posted a tutorial/guideline last year for hardening the configuration of a Cisco router - My Tutorial

    Hope this helps...

    Gary
    aCISCOrouter

    "I used up all my sick days, so Iím calling in dead."
    http://www.facebook.com/profile.php?id=554370423
    Share on Google+

  3. #13
    Member
    Join Date
    Jan 2006
    Posts
    46
    Thanks, don't know where to start.....foxyloxley, Relyt, nihil, |3lack|ce, and Tiger Shark thank you for your time it is appreciated!

    I understand public/private ip's and static/dynamic routing. Also the protocols that are used on common ports.

    Nihil I understand your point about old hacking tools or information is not very useful because of rapid changes. On the other hand, it helps to know even if it isn't used often or at all. New tech usually comes from some type of revision or mod of the older.

    |3lack|ce, I honestly started taking about DOS and DDOS denial of service attacks, teardrops and sort tonight in my WAN class. Good thing to know! Exactly what I was looking for by posting this type of question..... I need to do more reading on this, my book has only 1 page and not much to say. I know it is when you send a request UDP and ties up the destination (because it is waiting for the handshake but doesn't get one, just repeat connection requests) which will result in internal (in the targets network) denial of service. This is where the hacking side would help me. What would/how would this packet be sent? I know UDP is connectionless, it doesn't care if the packet gets there or not. AHHHHHHHH.... So hard to explain typing. So you send a packet, destination will acknowledge, respond and wait for the connection that never comes. How would you prevent the connection? I guess I just don't understand...

    Thank you!! I need to research this more..... Also the smart whois, firewall logs information definitely helpful! No need to get rude, you are correct LOL

    Tiger Shark - You made a very good point about the teachers (sounds like you have been in my shoes ) Thanks!
    Thanks,
    jrumj
    Share on Google+

  4. #14
    Member
    Join Date
    Jan 2006
    Posts
    46
    .
    Thanks,
    jrumj
    Share on Google+

  5. #15
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    I need to do more reading on this, my book has only 1 page and not much to say. I know it is
    when you send a request UDP and ties up the destination (because it is waiting for the
    handshake but doesn't get one, just repeat connection requests) which will result in internal (in
    the targets network) denial of service. This is where the hacking side would help me.
    Although I understand your motivation (since it is the same as mine - to understand the
    working of things in detail), this is not necessarily needed as a network administrator.
    In case you are interested in particular details, learn them if you have the time to do
    so - and ask your teacher questions, for which he might not know the answer

    Let me take the DOS as an example:
    I guess the point to be made is that there are ways to DOS, DDOS a network, a server,
    a service, hence to make "it" unavailable. It is hopeless to try to understand how
    this is done in detail for every attack vector[1,2,...] (because there is a huge number of
    "how to do so"s), but one should learn how to cope with such an attack[1,3,4,5,...] in general.
    As a network administrator you have to make sure that your network is available - learn
    how to remove one of the conditions of the vulnerability "xDOS", and there is no
    vulnerability "xDOS" anymore.

    Of course there is a relation between "understand how to avoid a DOS" and
    "understand how to DOS", but it is not the same. Another example to illustrate this:
    the principle of a basic heap overflow is to misuse two commands (which allows
    you to overwrite an arbitrary region in memory) - I understand 5 ways how to exploit this.
    Now, if you are designing your memory management, you do not have to know these
    5 ways (out of thousands?) - you need to know that these two commands are
    intrinsically dangerous and redesign your management accordingly.


    Cheers


    P.s. Hopefully, this is a reasonable "I just became AntiOnline Senior Member" post


    [1] http://www.cert.org/tech_tips/denial_of_service.html
    [2] http://en.wikipedia.org/wiki/Denial_of_service
    [3] http://grc.com/dos/intro.htm (old and grc.com, but still a nice read )
    [4] http://www.tech-mavens.com/synflood.htm
    [5] http://www.google.com/search?q=count...Aacm.org&meta=
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)
    Share on Google+

  6. #16
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    sounds like you have been in my shoes
    Nope... I hire people though... and it bugs the **** out of me when interviewing someone with a Masters in Computer Science and finding out they know jack sh1t about how a computer works... But they are great at writing programs in Cobol for their schools accounting systems...

    So hard to explain typing. So you send a packet, destination will acknowledge, respond and wait for the connection that never comes. How would you prevent the connection? I guess I just don't understand...
    That's a teeny part of this kind of DoS. This DoS relies upon using up the resources of the operating system. Whenever a connection is made the system sets aside a control "session", (brain dump on the absolute term), but, depending upon the OS it has a specific number of these sessions available and it is limited by it's physical memory that can be set aside for these sessions. The first packet you sent in your scenario opens a control session... That's not going to do any harm... but there comes a point of "saturation" where you send enough packets to use all available control sessions. No further use of that computer is possible for legitimate means because it is now unable to accept any further connections. The defense against this is a properly written OS that can recognize that there is a buildup of unused sessions and times them out quickly enough to be able to continue functioning.

    Hope that helps some.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
    Share on Google+

  7. #17
    Oh dear!! Are you at uni? or college? or Sixth form? Why dont you type these simple qusetions into a search engine!! Why are people replying to his query with essays?
    The more you know, the less you understand!
    Share on Google+

  8. #18
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Why are people replying to his query with essays?
    Because most technical documents don't give you the "feel" for what is going on.....

    Because some of us don't mind helping people rather than just telling them to "Google it"... :rolleyes"

    Because the OP says he has read a bunch of stuff.... and he still isn't grasping it.....

    Need I go on?????
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
    Share on Google+

  9. #19
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    TS: People who have degrees in comp sci are very different from people who are taking networking... At least up here anyways... At college we made fun of the Uni people taking comp sci... they could program circles around us... but they couldn't turn on their computer... It's the style of the course... As for college programs... We covered the CCNA, CCNP, Nortel NetKnowledge, The Cisco Security and Access controls book, 2 semesters of security, courses in every operating system. It was covered.. you just had to have a basic thought process to take the information they were giving you and apply it..

    I haven't seen this mentioned, although I skimmed quickly through some of the stuff.. so..
    JRUMJ: Which semester are you in and how many semesters are there... Before they can teach you "hacking" btw, refer to it as security around here, they have to make sure you know everything else.... We didn't cover security until the last year of my program... What courses are you taking... what courses have you taken, what courses will you take in the future... Perhaps you're missing something in the classes that we can help you find.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".
    Share on Google+

  10. #20
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    they could program circles around us
    ...and this is what bugs the hell outta me.... Computer science should = The Science of Computers/ing. It doesn't. The Uni's are lying to the kids who then spend 4 years getting a degree that is absolutely useless to them in the real world... But the Uni's get lot's of cool options on the programs of the administration dept and loads of great reports... And the kids are paying them to do it... SUX!!!
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides