.

Counterattacking a hacker

<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Thu Apr 14, 2011 2:48 pm

Counterattacking a hacker

Because I'd been asked more than 3x in a week's timespan, I decided to write about the legalities which are sketchy and stupidities associated with counterattacking a hacker.

http://www.infiltrated.net/index.php?op ... &Itemid=35
<<

kriscamaro68

User avatar

Jr. Member
Jr. Member

Posts: 61

Joined: Thu Mar 11, 2010 2:48 pm

Post Thu Apr 14, 2011 4:19 pm

Re: Counterattacking a hacker

Enjoyed the writeup. Makes complete sense as well unless you believe in hollywood type hacking.
A+, Net+, Server+, Security+, MCP/XP
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Thu Apr 14, 2011 4:59 pm

Re: Counterattacking a hacker

Good read.  It seems peoples belief that one can trace an IP back to an attacker is more common than it thought.  Or maybe I'm just lucky and have learned that early enough in my security training ???
GSEC, eCPPT, Sec+
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 570

Joined: Sat Apr 17, 2010 12:12 pm

Post Thu Apr 14, 2011 6:00 pm

Re: Counterattacking a hacker

I would say the reason is that obviously it has to be possible. Law enforcement tracks down hackers, goverments trace hacking attacks. I'm sure many of these individuals try to hide their origns.

Isnt this the reason we have CHFI's and what not?
sectestanalysis.blogspot.com/‎
<<

kriscamaro68

User avatar

Jr. Member
Jr. Member

Posts: 61

Joined: Thu Mar 11, 2010 2:48 pm

Post Thu Apr 14, 2011 6:13 pm

Re: Counterattacking a hacker

SephStorm wrote:I would say the reason is that obviously it has to be possible. Law enforcement tracks down hackers, goverments trace hacking attacks. I'm sure many of these individuals try to hide their origns.

Isnt this the reason we have CHFI's and what not?


I believe it is possible to track an ip back to a hacker/script kiddie but like sil mentioned it would be because they did not spoof their ip from the get go, or because the counter attcker is only tracing the ip back to where the attack looks like it originated from, and is of the belief that this is the hackers source ip.
A+, Net+, Server+, Security+, MCP/XP
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Fri Apr 15, 2011 9:37 am

Re: Counterattacking a hacker

Well, researchers stated they can now track the location of an IP address to within about 125 miles. Normally I would not bother pointing out the obvious, however, I feel the need to bring this into the "security mainstream" as a fail. Before doing so though, here is their "secret sauce:"

"The new method zooms in through three stages to locate a target computer. The first stage measures the time it takes to send a data packet to the target and converts it into a distance – a common geolocation technique that narrows the target’s possible location to a radius of around 200 kilometres." [1]


What this does for tracking the identity of a potential attacker when it comes to security? Absolutely nothing.

Here is a quote I could never get enough of from Cisco's Fred Baker. For those who have not had the opportunity to read Fred's excellent posts on mailing lists, his RFCs or writings, here is a summary [3]: [Fred] currently co-chairs the IPv6 Operations Working Group in the IETF, is a member of the Smart Grid Interoperability Panel and its Architecture Committee, and is Cisco's representative to BITAG. For more insight of who he is, please see an insightful interview of Fred, see: "Fred Baker: Cisco Fellow, Network IT Enthusiast, World Traveler." [4] Anyhow, the purpose of stating who is he is to understand the weight/validity of the following statement:

Well, let me ask you you think 171.70.120.60 is. I'll give you a hint; at this instant, there are 72 of us.

Here's another question. Whom would you suspect 171.71.241.89 is?  At this point in time, I am in Barcelona; if I were home, that would be my address as you would see it, but my address as I would see it would bein 10.32.244.216/29. There might be several hundred people you would see using 171.71.241.89;

One of the big issues with the Tsinghua SAVA proposal in the IETF is specifically the confusion of the application layer with the IP layer. They propose to embed personal identity into the IP address, and in that there are a number of issues. Internet Address != application layer identification.


An the physical location of Internet Address (IP) is not altogether a "conclusive" mechanism to be used as an identity. While it may give an indicator it is not definitive. For example, let us also assume that I needed to perform some form of competitive intelligence slash corporate espionage targeting my competitor. Let us also assume for a moment that I needed to compromise a machine physically located across the street. If I used my own connection to undertake this task, it would obviously be the equivalent of me walking into the office with a banner that read: "Look at me, across the street hacking you!" Quite absurd. So what are my options to sidestep this? Simple, I could use an Internet cafe, I could use an open wireless network or I could pick yet a third competitor, compromise them and leave them holding a loaded gun. Complete with their fingerprints all over the murder weapon.

This is a long standing problem with IP addresses, attribution. While you can state that in the above comment - IP address 171.70.120.60 connected to you - you cannot definitively state any individual connected to you. With the rise in client side attacks, attribution is even more difficult.

[1] http://blogs.wsj.com/tech-europe/2011/0 ... _news_blog
[2] http://www.mcabee.org/lists/nanog/Jan-08/msg00729.html
[3] http://en.wikipedia.org/wiki/Fred_Baker ... F_chair%29
[4] https://learningnetwork.cisco.com/docs/DOC-1720
<<

kriscamaro68

User avatar

Jr. Member
Jr. Member

Posts: 61

Joined: Thu Mar 11, 2010 2:48 pm

Post Fri Apr 15, 2011 12:23 pm

Re: Counterattacking a hacker

http://www.newscientist.com/article/dn2 ... etres.html

This article is a good read showing that if their theory works they can track it closer. Still you are in the same predicament as before even if you can trace that close nonetheless still interesting.
A+, Net+, Server+, Security+, MCP/XP
<<

mallaigh

User avatar

Jr. Member
Jr. Member

Posts: 65

Joined: Fri Jul 16, 2010 12:36 am

Post Fri Apr 15, 2011 3:50 pm

Re: Counterattacking a hacker

Very nice write-up sil.  I've been following your Cyberwarfare writes, and have to say, I've enjoyed them all.

Return to Ethical Hacktivism

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software