Documente Academic
Documente Profesional
Documente Cultură
_______________________________________________________
GUIDE TO (mostly) HARMLESS HACKING
Vol. 1 Number 5
It's vigilante phun day again! How get email spammers kicked
off their ISPs.
_______________________________________________________
whois heaven.com
We get the answer:
CHEX.HEAVEN.COM 206.17.180.2
NOC.CERF.NET 192.153.156.22
finger FREE@heaven.com
We get:
[heaven.com]
finger: heaven.com: Connection timed out
There are several possible reasons for this. One is that the
systems
administrator for heaven.com has disabled the finger port.
Another is that
heaven.com is inactive. It could be on a host computer that
is turned off,
or maybe just an orphan.
*********************
Nwebie note: You can register domain names without setting
them up on a
computer anywhere. You just pay your money and Internic,
which registers
domain names, will put it aside for your use. However, if
you don't get it
hosted by a computer on the Internet within a few weeks, you
may loose your
registration.
*********************
We can test these hypotheses with the ping command. This
command tells you
whether a computer is currently hooked up to the Internet
and how good its
connection is.
Now ping, like most kewl hacker tools, can be used for
either information or
as a means of attack. But I am going to make you wait in
dire suspense for a
later Guide to (mostly) Harmless Hacking to tell you how
some people use
Page 3
gtmhh1-5
ping. Besides, yes, it would be *illegal* to use ping as a
weapon.
Because of ping's potential for mayhem, your shell account
may have disabled
the use of ping for the casual user. For example, with my
ISP I have to go
to the right directory to use it. So I give the command:
/usr/etc/ping heaven.com
telnet heaven.com
ORCU.OR.BR.NP.ELS-GMS.ATT.NET199.191.129.139
WYCU.WY.BR.NP.ELS-GMS.ATT.NET199.191.128.43
OHCU.OH.MT.NP.ELS-GMS.ATT.NET199.191.144.75
MACU.MA.MT.NP.ELS-GMS.ATT.NET199.191.145.136
Another valid domain! So this is a reasonably ingenious
forgery. The culprit
could have sent email from any of heaven.com, gnn.com or
att.net. We know
heaven.com is highly unlikely because we can't get even the
login port to
work. But we still have gnn.com and att.net as suspected
homes for this spammer.
The next step is to email a copy of this spam *including
headers* to both
postmaster@gnn.com (usually a good guess for the email
address of the person
who takes complaints) and runge@AOL.NET, who is listed by
whois as the
technical contact. We should also email either
postmaster@att.net (the good
guess) or hostmaster@ATTMAIL.COM (technical contact).
Page 7
gtmhh1-5
Presumably one of the people reading email sent to these
addresses will use
the email message id number to look up who forged this
email. Once the
culprit is discovered, he or she usually is kicked out of
the ISP.
(snip)
No doubt a made-up From: header which happened to hit a real
domain
name.
Page 8
gtmhh1-5
But how well does writing a letter of complaint actually
work? I asked ISP
owner Dale Amon. He replied, "From the small number of spam
messages I have
been seeing - given the number of generations of exponential
net growth I
have seen in 20 years - the system appears to be *strongly*
self regulating.
Government and legal systems don't work nearly so well.
OK, I'm signing off for this column. I look forward to your
contributions to
this list. Have some vigilante phun -- and don't get busted!
____________________________________________________________
______
Page 10