Counterattacking a hacker

Viewing 7 reply threads
  • Author
    Posts
    • #6288
      sil
      Participant

      Because I’d been asked more than 3x in a week’s timespan, I decided to write about the legalities which are sketchy and stupidities associated with counterattacking a hacker.

      http://www.infiltrated.net/index.php?option=com_content&view=article&id=29&Itemid=35

    • #39328
      kriscamaro68
      Participant

      Enjoyed the writeup. Makes complete sense as well unless you believe in hollywood type hacking.

    • #39329
      lorddicranius
      Participant

      Good read.  It seems peoples belief that one can trace an IP back to an attacker is more common than it thought.  Or maybe I’m just lucky and have learned that early enough in my security training ???

    • #39330
      SephStorm
      Participant

      I would say the reason is that obviously it has to be possible. Law enforcement tracks down hackers, goverments trace hacking attacks. I’m sure many of these individuals try to hide their origns.

      Isnt this the reason we have CHFI’s and what not?

    • #39331
      kriscamaro68
      Participant

      @SephStorm wrote:

      I would say the reason is that obviously it has to be possible. Law enforcement tracks down hackers, goverments trace hacking attacks. I’m sure many of these individuals try to hide their origns.

      Isnt this the reason we have CHFI’s and what not?

      I believe it is possible to track an ip back to a hacker/script kiddie but like sil mentioned it would be because they did not spoof their ip from the get go, or because the counter attcker is only tracing the ip back to where the attack looks like it originated from, and is of the belief that this is the hackers source ip.

    • #39332
      sil
      Participant

      Well, researchers stated they can now track the location of an IP address to within about 125 miles. Normally I would not bother pointing out the obvious, however, I feel the need to bring this into the “security mainstream” as a fail. Before doing so though, here is their “secret sauce:”

      “The new method zooms in through three stages to locate a target computer. The first stage measures the time it takes to send a data packet to the target and converts it into a distance – a common geolocation technique that narrows the target’s possible location to a radius of around 200 kilometres.” [1]

      What this does for tracking the identity of a potential attacker when it comes to security? Absolutely nothing.

      Here is a quote I could never get enough of from Cisco’s Fred Baker. For those who have not had the opportunity to read Fred’s excellent posts on mailing lists, his RFCs or writings, here is a summary [3]: [Fred] currently co-chairs the IPv6 Operations Working Group in the IETF, is a member of the Smart Grid Interoperability Panel and its Architecture Committee, and is Cisco’s representative to BITAG. For more insight of who he is, please see an insightful interview of Fred, see: “Fred Baker: Cisco Fellow, Network IT Enthusiast, World Traveler.” [4] Anyhow, the purpose of stating who is he is to understand the weight/validity of the following statement:

      Well, let me ask you you think 171.70.120.60 is. I’ll give you a hint; at this instant, there are 72 of us.

      Here’s another question. Whom would you suspect 171.71.241.89 is?  At this point in time, I am in Barcelona; if I were home, that would be my address as you would see it, but my address as I would see it would bein 10.32.244.216/29. There might be several hundred people you would see using 171.71.241.89;

      One of the big issues with the Tsinghua SAVA proposal in the IETF is specifically the confusion of the application layer with the IP layer. They propose to embed personal identity into the IP address, and in that there are a number of issues. Internet Address != application layer identification.

      An the physical location of Internet Address (IP) is not altogether a “conclusive” mechanism to be used as an identity. While it may give an indicator it is not definitive. For example, let us also assume that I needed to perform some form of competitive intelligence slash corporate espionage targeting my competitor. Let us also assume for a moment that I needed to compromise a machine physically located across the street. If I used my own connection to undertake this task, it would obviously be the equivalent of me walking into the office with a banner that read: “Look at me, across the street hacking you!” Quite absurd. So what are my options to sidestep this? Simple, I could use an Internet cafe, I could use an open wireless network or I could pick yet a third competitor, compromise them and leave them holding a loaded gun. Complete with their fingerprints all over the murder weapon.

      This is a long standing problem with IP addresses, attribution. While you can state that in the above comment – IP address 171.70.120.60 connected to you – you cannot definitively state any individual connected to you. With the rise in client side attacks, attribution is even more difficult.

      [1] http://blogs.wsj.com/tech-europe/2011/04/11/tracking-system-can-locate-user-to-within-100m/?mod=google_news_blog
      [2] http://www.mcabee.org/lists/nanog/Jan-08/msg00729.html
      [3] http://en.wikipedia.org/wiki/Fred_Baker_%28IETF_chair%29
      [4] https://learningnetwork.cisco.com/docs/DOC-1720

    • #39333
      kriscamaro68
      Participant

      http://www.newscientist.com/article/dn20336-internet-probe-can-track-you-down-to-within-690-metres.html

      This article is a good read showing that if their theory works they can track it closer. Still you are in the same predicament as before even if you can trace that close nonetheless still interesting.

    • #39334
      mallaigh
      Participant

      Very nice write-up sil.  I’ve been following your Cyberwarfare writes, and have to say, I’ve enjoyed them all.

Viewing 7 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?