Tiger Shark is god. Thank you.
Printable View
Tiger Shark is god. Thank you.
How about reading up on TCP/IP first, Everyone seems to have this idea of some magical IP spoofer that they can use so they are untraceable, or, even to get past ACLs. You must remeber the 3-way handshake. Ip spoofing only works when you don't really need to get information back from the other end ( for example DoS attacks ) because the other end will be sending the information to the wrong place.
One of the best (imo) is using several ssh hosts to hide..
IE.
Connect to box 1, set the date/time to something random (so log files are almost useless)
Connect to box 2 via box 1, set the date/time to something random (so log files are almost useless)
Connect to box 3 via box 2, set the date/time to something random (so log files are almost useless)
And start you 1337 Haxoring..
Virtus: What _exactly_ makes the log files useless simply because the timelines don't corroborate.
With access to the logs on machines 1, 2 and 3, (if you got onto the box then so can I), I can still make the correlation between the connections and it is then trivial to reconstruct the timelines.....
And also - your reply does not address the original question nor do you explain how those connections would circumvent the ACL's. If the ACL doesn't allow any connection from Curriculum to Admin how on earth are you gonna make your ssh connect in the first place?????