-
trusted relationship?
Ok, since all my previous posts have gone AWOL (there wasnt that many anyway) i have decided to ask a question that may be bordering for some neg happy critics... :D Its been bugging me for a while so now seems like a good time, afterall "hackers know the weaknesses in your system, shouldnt you?"
I have been doing some reading revolving around the analysis of the Mitnick attack.. basically it stated that he exploited a trusted relationship by syn flooding one side of the relationship then assuming it's identity to communicate with the target.. that part made sense...
However, the document i was reading made out that the victim (the syn flooded host) was external to the target host yet was also trusted... My question is, how did mitnick determine the trusted relationship hosts. The two hosts were not related.
just wondering if someone could shed some light on how he determined a trusted relationship between two seemingly (meaning not on the same network or owned by the same company) unrelated hosts....thanks..
Be gentle :eek:
-
I haven't read all the details on the Mitnick case but trust relationships were often used as part of the original ARPA. rhosts and other files would have the listing of their trusts. If Mitnick found a file with the victim's ip, it isn't that hard. It quite possible could have been a hit or miss.
Sometimes attackers find things that they aren't expected and utilize those to their advantage. I wonder if Mitnick maybe found something more than just a "victim"?
http://www.takedown.com/
Now this is one view of the whole original incident. How accurate it is.. hard to say. There are many sides to the truth.
-
Thanks for the link msmittens...what an excellant link!! can even watch him telnetting in n out :)
So you reckon that maybe, while playing around with the victim he stumbled on to a trusted source (the target)? That seems to make sense...but its still a very very lucky find...
I can see where you are going with the ARPA theory, but i think it was something that involved some form of "recon"... I believe Tsutomo mentioned some stuff concerning TCPdump packets that showed some kind of recon involving finger, showmount and rcpinfo... being the unix wiz that i am....not! Is it possible he gained this very sensitive info from these sources?
and if he did, wouldnt that mean he would have to gain root on one of the trusted hosts before being able to get showmount info? (which would kinda defeat the purpose of the whole syn flood anyway...I am Confused!!)
-
I never understood the "free kevin" movement-I know the laws were different then but, and I don't know the whole story, wasn't he just a scumbag thief???
-
Quote:
Originally posted here by Oblivious
Thanks for the link msmittens...what an excellant link!! can even watch him telnetting in n out :)
So you reckon that maybe, while playing around with the victim he stumbled on to a trusted source (the target)? That seems to make sense...but its still a very very lucky find...
I can see where you are going with the ARPA theory, but i think it was something that involved some form of "recon"... I believe Tsutomo mentioned some stuff concerning TCPdump packets that showed some kind of recon involving finger, showmount and rcpinfo... being the unix wiz that i am....not! Is it possible he gained this very sensitive info from these sources?
and if he did, wouldnt that mean he would have to gain root on one of the trusted hosts before being able to get showmount info? (which would kinda defeat the purpose of the whole syn flood anyway...I am Confused!!)
The syn flood was so he could act as the trusted host. He had to disable the trusted host. He did stumble upon sensitive info. I believe he found quite a few credit card numbers and private information as well as proprietary information.
As for the Free Kevin movement, while I don't agree with Kevin's method his treatment wasn't called for. He spent 4-5 years in prison with no charges or trial date. A lot of the movement was based on the fact that the Gov't didn't do one of those paramount things: due process.
