13 June 2005, 01:45 | #1 |
Posts: n/a
|
Hacking attempt
I few years ago I had my Amiga online overnight. I woke up early at 5am sat down by my computer and noticed something was going on. When I started surfing the net my computer was attacked with something MiamiTCP managed to stop. It didn't prevent my connection from failing but I could gain access again after logging off and on again. That guy kept pushing me off again and again so I switched to my Windows computer and launched a nasty combination attack on his IP. After that I couldn't ping him. My connection could be as fast as T1 already back then and I guess it helped.
Well any way I was interested if anyone of you could guess what he was doing and how he noticed when I started using my Amiga (it seems so anyway). /Hercules |
13 June 2005, 03:59 | #2 |
The Ancient One
Join Date: Feb 2002
Location: Kansas City/USA
Age: 69
Posts: 685
|
I suspect that whoever the attacker was, they knew little if anything about your setup beyond your IP address, which they probably uncovered fairly easily using some sort of a "packet sniffer" that picked it out of the network traffic. Assuming that their intent was of a nefarious nature, the fact that you were using an Amiga rather than a more common Windows box surely provided you with a fair degree of immunity to any real attack (which would have likely tried to exploit various security flaws in Windows). As far as how he may have known when you were using your Amiga is concerned, if he was intent on pressing his attack, he probably had programs running that simply ping'ed your IP address until it got a response, at which point that might trigger some other sort of action intended to gain more full access to your system. The odds are rather high though that since yours was not a Windows box (or even a *nix box), the attacker probably wouldn't have stood much chance of figuring out how to make use of it, and would have moved on to another target before long. Sometimes using an OS that is well removed from the mainstream is a distinct advantage.
|
13 June 2005, 10:43 | #3 |
Zone Friend
Join Date: Mar 2004
Location: Middle Earth
Age: 40
Posts: 2,129
|
hmm i know that their is a reply if you queso a Amiga, but I believe that reply only comes if you are running a webserver, and that tool was made/ported years ago.
but man, i remember when someone pinged my PC back in 98/99 when it was running win95, and they turned my modem speaker on !! (. grrh. actually would be interested to see how many ppl these days would know modem init strings . hmm i wonder what the problem was on the amiga side? bad data packet? |
13 June 2005, 15:32 | #4 |
Posts: n/a
|
He might have been scanning entire ip ranges you might not be a specific target.
|
17 June 2005, 02:10 | #5 |
Posts: n/a
|
OK, but I guess the TCP/IP stack itself could be hacked. I know that there is a port you can hack through which you can gain access to files. I think I read about that at "CyberWolfs" homepage. It's a problem specific to Amiga. Can't remember which number 1xxx something.
|
17 June 2005, 22:11 | #6 |
Small Member
Join Date: Jun 2005
Location: Worldwide
Posts: 20
|
I think the day that Amiga's online start getting "hacked" is a very sad day indeed.
This was just a script kiddie's portscan of a range, that's all - quite funny how once he got a result he probably wasted a few hours trying every exploit in his Elite Haxxing Group docs that he downloaded with eMule. |
26 November 2005, 03:06 | #7 |
Registered User
Join Date: Nov 2005
Location: Stockholm, Sweden
Age: 52
Posts: 129
|
I have less then nothing to add, but the wanker did sure expect that it was a windows user he pinged. Losers, well good that you made him cry.
|
27 November 2005, 07:55 | #8 |
Zone Friend
Join Date: Mar 2004
Location: Middle Earth
Age: 40
Posts: 2,129
|
Don't forget the Amitcp/ip Finger exploit.
|
27 November 2005, 17:27 | #9 |
Registered User
Join Date: Nov 2005
Location: Stockholm, Sweden
Age: 52
Posts: 129
|
Any working protection against this exploit?
|
28 November 2005, 02:25 | #10 |
Zone Friend
Join Date: Mar 2004
Location: Middle Earth
Age: 40
Posts: 2,129
|
yeah matey put a '#' at the start of the line of the file which enables the finger daemon.
amitcp:db/services (I think that is the name) it will disable the finger daemon. just look for the word 'finger' in the file and port 79. |
28 November 2005, 10:43 | #11 | |
Registered User
Join Date: Nov 2005
Location: Stockholm, Sweden
Age: 52
Posts: 129
|
Thanks for the heads up!
Quote:
Hm 10 years since I worked with modems on Mac, but here goes. ATS0=0 turned off the auto answer on the modem ATE0 / ATE1 Enabled and disabled echo if I'm not wrong ATM0 / ATM1 If I'm not wrong this turns off and on the speaker That's all I remember. |
|
11 December 2005, 14:58 | #12 |
Moderator
Join Date: Nov 2004
Location: Eksjö / Sweden
Posts: 5,658
|
Hah, redblade, can't get over your avatar )) What IS that? A sumo platypus?? :P
|
13 December 2005, 23:41 | #13 |
Zone Friend
Join Date: Mar 2004
Location: Middle Earth
Age: 40
Posts: 2,129
|
It's a 'Kakapo' (night parrot), use wikipedia or google images.
but any one know how to use the amitcp Finger exploit? |
22 December 2005, 03:59 | #14 |
Ya' like it Retr0?
Join Date: Jul 2005
Location: United Kingdom
Age: 49
Posts: 9,768
|
Good thread, its wise to cover yourself in todays digital world,
Okay i am assuming you are using a dialup modem if not totaly ignore this post! What you describe in your first post reminds me of a "ping string", where by your computer would be sent a harmless ping with a datapart to ping back, however upon pinging back or pong the datapart happens to be a termination string for the modem and inturpreting the data as a hang up request by the computer. a simple way of checking this is to go through your logs and see if you were indeed pinged from a specific IP repeatedly. There is a simple way of defeating this too by simply changing your modems termination string and use up extended ascii characters Anyway hope it helps. |
22 December 2005, 23:39 | #15 |
Zone Friend
Join Date: Mar 2004
Location: Middle Earth
Age: 40
Posts: 2,129
|
Yes I remember that.
I got pinged back in 98 and the prick turned on my modem speaker on Windows 95 . Was not too hapy about that. |
23 December 2005, 02:01 | #16 |
Tik Gora :D
Join Date: Oct 2001
Location: Round yo momma's
Posts: 1,273
|
hehe .. i was always getting either hung up (ATZ+++ wasnt it) .. or rebooted by some fuckers on IRC .. the ol 'aaaaaaaaaaaaaa' or ping-of-death ... and other such nonsense
ahh those were the days.. |
24 December 2005, 03:40 | #17 |
Zone Friend
Join Date: Mar 2004
Location: Middle Earth
Age: 40
Posts: 2,129
|
hmm was that a dos ping or a IRC ping
/ping 127.0.0.1 +++ATH ?? |
24 December 2005, 16:50 | #18 |
Registered User
Join Date: Jul 2005
Location: Australia
Age: 47
Posts: 666
|
Almost but not quite, ping -p 2b2b2b415448300d did the trick on grown-up systems while DOS/Windows needed a utility to do this as the ping command doesnt support the (-p)attern option. An interesting aside ping -c 1 -p 2b2b2b415453323d32353526574f310d host could actually prevent ping hangups in some cases by changing the escape character to 0xFF, unfortunately the wait that is included in that string caused some modems to hangup after being "patched".
The classic mIRC method: //raw NOTICE ByeSucker : $+ $chr(1) $+ PING +++ATH0 $+ $chr(1), of course there are other ways you can do it on IRC but this was probably the funniest. Note: ATZ is the basic reset and restore command it does more than just cause a disconnect, ATH(0) is hangup(onhook) only, it doesn't revert your modem to it's initial power-on state. Last edited by OddbOd; 26 December 2005 at 06:04. |
26 December 2005, 01:47 | #19 |
Registered User
Join Date: Nov 2005
Location: Stockholm, Sweden
Age: 52
Posts: 129
|
Ah yeah ATZ was the code for hanging up the modem. Oh, on Mac I had a looser who switched on and off my modem on every keystroke I typed. Really bugging. He could do other weird sh*t like sending morsecodes with the modem speaker. One night I woke up by this fcuker sending "You are a sucker" with morsecodes. Dunno how he did that, but I suppose he wrote some sort of program to do that.
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
King's Ransom (Unreleased game, possible attempt to rescue it?)) | Macaw | project.aGTW | 46 | 11 May 2021 01:52 |
DH0: Read attempt outside partition | Retrofan | support.Hardware | 23 | 10 April 2013 07:23 |
Tower Build (attempt three... or is it 4?...) | asm1 | support.Hardware | 12 | 21 April 2010 14:25 |
Unsuccessful attempt to install 604e@350MHz onto Blizzard PPC | stachu100 | Hardware mods | 2 | 09 April 2010 12:34 |
Please Support My Publishing Attempt | viddi | request.Old Rare Games | 7 | 05 May 2006 13:06 |
|
|