ch08.htm

Maximum Security (First Edition) 网络安全 英文版

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>

<HEAD>
	
	<TITLE>Maximum Security -- Ch 8 -- Internet Warfare</TITLE>
</HEAD>

<BODY TEXT="#000000" BGCOLOR="#FFFFFF">

<CENTER>
<H1><IMG SRC="../button/samsnet.gif" WIDTH="171" HEIGHT="66" ALIGN="BOTTOM" BORDER="0"><BR>
<FONT COLOR="#000077">Maximum Security: </FONT></H1>
</CENTER>
<CENTER>
<H2><FONT COLOR="#000077">A Hacker's Guide to Protecting Your Internet Site and Network</FONT></H2>
</CENTER>
<CENTER>
<P><A HREF="../ch07/ch07.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch09/ch09.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> 
<HR>

</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">8</FONT></H1>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">Internet Warfare</FONT></H1>
</CENTER>
<P>The Internet is an amazing resource. As you sit before your monitor, long after
your neighbors are warm and cozy in their beds, I want you to think about this: Beyond
that screen lies 4,000 years of accumulated knowledge. At any time, you can reach
out into the void and bring that knowledge home.</P>
<P>There is something almost metaphysical about this. It's as though you can fuse
yourself to the hearts and minds of humanity, read its innermost inspirations, its
triumphs, its failures, its collective contributions to us all. With the average
search engine, you can even do this incisively, weeding out the noise of things you
deem nonessential.</P>
<P>For this reason, the Internet will ultimately revolutionize education. I'm not
referring to home study or classes that save time by virtue of teaching 1,000 students
simultaneously. Although these are all useful techniques of instruction that will
undoubtedly streamline many tasks for teachers and students alike, I am referring
to something quite different.</P>
<P>Today, many people have forgotten what the term <I>education</I> really means.
Think back to your days at school. In every life there is one memorable teacher:
One person who took a subject (history, for example) and with his or her words, brought
that subject to life in an electrifying display. Through whatever means necessary,
that person transcended the identity of <I>instructor</I> and entered the realm of
the <I>educator</I>. There is a difference: One provides the basic information needed
to effectively pass the course; the other <I>inspires</I>.</P>
<P>The Internet can serve as a surrogate educator, and users can now inspire themselves.
The other night, I had dinner with a heavy-equipment operator. Since his childhood,
he has been fascinated with deep space. Until recently, his knowledge of it was limited,
primarily because he didn't have enough resources. He had a library card, true, but
this never provided him with more than those books at his local branch. Only on two
occasions had he ever ordered a book through inter-library loan. At dinner, he explained
that he had just purchased a computer and gone online. There, he found a river of
information. Suddenly, I realized I was no longer having dinner with a heavy-equipment
operator; I was dining with an avid student of Einstein, Hawking, and Sagan. His
talk was so riveting that I went away hungry for lack of having eaten.</P>
<P>So this much is true: The Internet is a an incredible resource for information.
However, it is also an incredible resource for communication and basic human <I>networking</I>.
Networking from a human standpoint is different from computer networking; human networking
contains an added ingredient called <I>action</I>. Thus, individuals from all over
the world are organizing (or I should say, crystallizing) into groups with shared
interests. Women are organizing for equality, voters are organizing for representation,
and parents are organizing for legislation to protect their children.</P>
<P>Inherent within this process is the exchange of opinions, or more aptly put, ideology.
Ideology of any sort is bound to bring controversy, and controversy brings disagreement.
Whether that disagreement occurs between two nations or between two individuals is
irrelevant. When it occurs on the Internet, it often degenerates into warfare. That
is what this chapter is about.</P>
<P>Much like the term <I>information</I> <I>warfare</I>, the term <I>Internet</I>
<I>warfare</I> is often misunderstood. To understand Internet warfare, you must know
that there are different classifications of it. Let's start with those classifications.
From there, we can discuss warfare at its most advanced levels. The classifications
are</P>

<UL>
	<LI>Personal Internet warfare
	<LI>Public Internet warfare
	<LI>Corporate Internet warfare
	<LI>Government Internet warfare
</UL>

<P>More generally, <I>Internet warfare</I> is activity in which one or more participants
utilize tools over the Internet to attack another or the information of another.
The objective of the attack may be to damage information, hardware, or software,
or to deny service. Internet warfare also involves any defensive action taken to
repel such an attack.</P>
<P>Such warfare may be engaged in by anyone, including individuals, the general public,
corporations, or governments. Between these groups, the level of technology varies
(by <I>technology</I>, I am referring to all aspects of the tools required, including
high-speed connections, software, hardware, and so forth). In general, the level
of technology follows an upward path, as expressed in Figure 8.1.</P>
<P><A NAME="01"></A><A HREF="01.htm"><B>Figure 8.1.</B></A><B><BR>
</B><I>The level of technology in Internet warfare.</I></P>


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>The categories Public and Individual
	may seem confusing. Why are they not included together? The reason is this: A portion
	of the public fails to meet the requirements for either corporate forces or individuals.
	This portion is composed of middle-level businesses, ISPs, universities, and so on.
	These groups generally have more technologically advanced tools than individuals,
	and they conduct warfare in a different manner. 
<HR>


</BLOCKQUOTE>

<P>As you might guess, there are fundamental reasons for the difference between these
groups and the tools that they employ. These reasons revolve around economic and
organizational realities. The level of technology increases depending upon certain
risks and demands regarding security. This is graphically illustrated in Figure 8.2.</P>
<P><A NAME="02"></A><A HREF="02.htm"><B>Figure 8.2.</B></A><B><BR>
</B><I>Risks and demands as they relate to various levels of technology.</I></P>
<P>Naturally, government and corporate entities are going to have more financial
resources to acquire tools. These tools will be extremely advanced, created by vendors
who specialize in high-performance, security-oriented applications. Such applications
are generally more reliable than average tools, having been tested repeatedly under
a variety of conditions. Except in extreme cases (those where the government is developing
methods of destructive data warfare for use against foreign powers), nearly all of
these tools will be defensive in character.</P>
<P>Public organizations tend to use less powerful tools. These tools are often <I>shareware</I>
or <I>freeware</I>, which is freely available on the Internet. Much of this software
is designed by graduate students in computer science. Other sources include companies
that also sell commercial products, but are giving the Internet community a little
taste of the quality of software available for sale. (Many companies claim to provide
these tools out of the goodness of their hearts. Perhaps. In any event, provide them
they do, and that is sufficient.) Again, nearly all of these tools are defensive
in character.</P>
<P>Private individuals use whatever they come across. This may entail shareware or
freeware, programs they use at work, or those that have been popularly reviewed at
sites of public interest.
<H2><FONT COLOR="#000077"><B>The Private Individual</B></FONT></H2>
<P>The private individual doesn't usually encounter warfare (at least, not the average
user). When one does, it generally breaks down to combat with another user. This
type of warfare can be anticipated and, therefore, avoided. When a debate on the
Net becomes heated, you may wish to disengage before warfare erupts. Although it
has been said a thousand times, I will say it again: Arguments appear and work differently
on the Internet than in person. E-mail or Usenet news messages are delivered in their
entirety, without being interrupted by points made from other individuals. That is,
you have ample time to write your response. Because you have that time, you might
deliver a more scathing reply than you would in person. Moreover, people say the
most outrageous things when hiding behind a computer, things they would <I>never</I>
utter in public. Always consider these matters. That settled, I want to examine a
few tools of warfare between individuals.
<H3><FONT COLOR="#000077"><B>The E-Mail Bomb</B></FONT></H3>
<P>The e-mail bomb is a simple and effective harassment tool. A bomb attack consists
of nothing more than sending the same message to a targeted recipient over and over
again. It is a not-so-subtle form of harassment that floods an individual's mailbox
with junk.</P>
<P>Depending upon the target, a bomb attack could be totally unnoticeable or a major
problem. Some people pay for their mail service (for example, after exceeding a certain
number of messages per month, they must pay for additional e-mail service). To these
individuals, an e-mail bomb could be costly. Other individuals maintain their own
mail server at their house or office. Technically, if they lack storage, one could
flood their mailbox and therefore prevent other messages from getting through. This
would effectively result in a denial-of-service attack. (A denial-of-service attack
is one that degrades or otherwise denies computer service to others. This subject
is discussed in Chapter 14, &quot;Destructive Devices.&quot;) In general, however,
a bomb attack (which is, by the way, an irresponsible and childish act) is simply
annoying. Various utilities available on the Internet will implement such an attack.</P>
<P>One of the most popular utilities for use on the Microsoft Windows platform is
Mail Bomber. It is distributed in a file called <TT>bomb02.zip</TT> and is available
at many cracker sites across the Internet. The utility is configured via a single
screen of fields into which the user enters relevant information, including target,
mail server, and so on (see Figure 8.3).</P>
<P><A NAME="03"></A><A HREF="03.htm"><B>Figure 8.3.</B></A><B><BR>
</B><I>The Mail Bomber application.</I></P>
<P>The utility works via Telnet. It contacts port 25 of the specified server and
generates the mail bomb. Utilities like this are commonplace for nearly every platform.
Some are for use anywhere on any system that supports SMTP servers. Others are more
specialized, and may only work on systems like America Online. One such utility is
<I>Doomsday</I>, which is designed for mass mailings over AOL but is most commonly
used as an e-mail bomber. The entire application operates from a single screen interface,
shown in Figure 8.4.</P>
<P><A NAME="04"></A><A HREF="04.htm"><B>Figure 8.4.</B></A><B><BR>
</B><I>The Doomsday mail bomber.</I></P>


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>For several years, the key utility
	for AOL users was AOHELL, which included in its later releases a mail-bomb generator.
	AOHELL started as a utility used to unlawfully access America Online. This, coupled
	with other utilities such as credit-card number generators, allowed users to create
	free accounts using fictitious names. These accounts typically expired within two
	to three weeks. 
<HR>


</BLOCKQUOTE>

<P>On the UNIX platform, mail bombing is inanely simple; it can be accomplished with
just a few lines. However, one wonders why someone skilled in UNIX would even entertain
the idea. Nevertheless, some do; their work typically looks something like this:</P>
<PRE><FONT COLOR="#0066FF">#!/bin/perl
$mailprog = `/usr/lib/sendmail';
$recipient = `victim@targeted_site.com';
$variable_initialized_to_0 = 0;
while ($variable_initialized_to_0 &lt; 1000) {
open (MAIL, &quot;|$mailprog $recipient&quot;) || die &quot;Can't open $mailprog!\n&quot;;
print MAIL &quot;You Suck!&quot;;
close(MAIL);
sleep 3;
$variable_initialized_to_0++;
}
</FONT></PRE>
<P>The above code is fairly self-explanatory. It initializes a variable to <TT>0</TT>,
then specifies that as long as that variable is less than the value <TT>1000</TT>,
mail should be sent to the targeted recipient. For each time this program goes through
the <TT>while</TT> loop, the variable called <TT>$variable_initialized_to_0</TT>
is incremented. In short, the mail message is sent 999 times.</P>
<P>Mail bombing is fairly simple to defend against: Simply place the mailer's identity
in a kill or bozo file. This alerts your mail package that you do not want to receive
mail from that person. Users on platforms other than UNIX may need to consult their
mail applications; most of them include this capability.</P>
<P>UNIX users can find a variety of sources online. I also recommend a publication
that covers construction of intelligent kill file mechanisms: <I>Teach Yourself the
UNIX Shell in 14 Days</I> by David Ennis and James Armstrong Jr. (Sams Publishing).
Chapter 12 of that book contains an excellent script for this purpose. If you are