Hacking attempt

I few years ago I had my Amiga online overnight. I woke up early at 5am sat down by my computer and noticed something was going on. When I started surfing the net my computer was attacked with something MiamiTCP managed to stop. It didn't prevent my connection from failing but I could gain access again after logging off and on again. That guy kept pushing me off again and again so I switched to my Windows computer and launched a nasty combination attack on his IP. After that I couldn't ping him. My connection could be as fast as T1 already back then and I guess it helped.

Well any way I was interested if anyone of you could guess what he was doing and how he noticed when I started using my Amiga (it seems so anyway).

/Hercules

[Chuckles]

I suspect that whoever the attacker was, they knew little if anything about your setup beyond your IP address, which they probably uncovered fairly easily using some sort of a "packet sniffer" that picked it out of the network traffic. Assuming that their intent was of a nefarious nature, the fact that you were using an Amiga rather than a more common Windows box surely provided you with a fair degree of immunity to any real attack (which would have likely tried to exploit various security flaws in Windows). As far as how he may have known when you were using your Amiga is concerned, if he was intent on pressing his attack, he probably had programs running that simply ping'ed your IP address until it got a response, at which point that might trigger some other sort of action intended to gain more full access to your system. The odds are rather high though that since yours was not a Windows box (or even a *nix box), the attacker probably wouldn't have stood much chance of figuring out how to make use of it, and would have moved on to another target before long. Sometimes using an OS that is well removed from the mainstream is a distinct advantage.

[redblade]

hmm i know that their is a reply if you queso a Amiga, but I believe that reply only comes if you are running a webserver, and that tool was made/ported years ago.

but man, i remember when someone pinged my PC back in 98/99 when it was running win95, and they turned my modem speaker on !! (. grrh.

actually would be interested to see how many ppl these days would know modem init strings .

hmm i wonder what the problem was on the amiga side? bad data packet?

He might have been scanning entire ip ranges you might not be a specific target.

OK, but I guess the TCP/IP stack itself could be hacked. I know that there is a port you can hack through which you can gain access to files. I think I read about that at "CyberWolfs" homepage. It's a problem specific to Amiga. Can't remember which number 1xxx something.

[Jim2]

I think the day that Amiga's online start getting "hacked" is a very sad day indeed.

This was just a script kiddie's portscan of a range, that's all - quite funny how once he got a result he probably wasted a few hours trying every exploit in his Elite Haxxing Group docs that he downloaded with eMule.

[jobro]

I have less then nothing to add, but the wanker did sure expect that it was a windows user he pinged. Losers, well good that you made him cry.

[redblade]

Don't forget the Amitcp/ip Finger exploit.

[jobro]

Any working protection against this exploit?

[redblade]

yeah matey put a '#' at the start of the line of the file which enables the finger daemon.
amitcp:db/services

(I think that is the name) it will disable the finger daemon.

just look for the word 'finger' in the file and port 79.

[jobro]

Thanks for the heads up!

Quote:

Originally Posted by redblade

actually would be interested to see how many ppl these days would know modem init strings .

Hayes std strings or wha?

Hm 10 years since I worked with modems on Mac, but here goes.

ATS0=0
turned off the auto answer on the modem

ATE0 / ATE1
Enabled and disabled echo if I'm not wrong

ATM0 / ATM1
If I'm not wrong this turns off and on the speaker

That's all I remember.

[Photon]

Hah, redblade, can't get over your avatar )) What IS that? A sumo platypus?? :P

[redblade]

It's a 'Kakapo' (night parrot), use wikipedia or google images.

but any one know how to use the amitcp Finger exploit?

[Zetr0]

Good thread, its wise to cover yourself in todays digital world,

Okay i am assuming you are using a dialup modem if not totaly ignore this post!

What you describe in your first post reminds me of a "ping string", where by your computer would be sent a harmless ping with a datapart to ping back, however upon pinging back or pong the datapart happens to be a termination string for the modem and inturpreting the data as a hang up request by the computer.

a simple way of checking this is to go through your logs and see if you were indeed pinged from a specific IP repeatedly. There is a simple way of defeating this too by simply changing your modems termination string and use up extended ascii characters

Anyway hope it helps.

[redblade]

Yes I remember that.

I got pinged back in 98 and the prick turned on my modem speaker on Windows 95 .

Was not too hapy about that.

[mr_0rga5m]

hehe .. i was always getting either hung up (ATZ+++ wasnt it) .. or rebooted by some fuckers on IRC .. the ol 'aaaaaaaaaaaaaa' or ping-of-death ... and other such nonsense

ahh those were the days..

[redblade]

hmm was that a dos ping or a IRC ping

/ping 127.0.0.1 +++ATH ??

[OddbOd]

Almost but not quite, ping -p 2b2b2b415448300d did the trick on grown-up systems while DOS/Windows needed a utility to do this as the ping command doesnt support the (-p)attern option. An interesting aside ping -c 1 -p 2b2b2b415453323d32353526574f310d host could actually prevent ping hangups in some cases by changing the escape character to 0xFF, unfortunately the wait that is included in that string caused some modems to hangup after being "patched".

The classic mIRC method: //raw NOTICE ByeSucker : $+ $chr(1) $+ PING +++ATH0 $+ $chr(1), of course there are other ways you can do it on IRC but this was probably the funniest.

Note: ATZ is the basic reset and restore command it does more than just cause a disconnect, ATH(0) is hangup(onhook) only, it doesn't revert your modem to it's initial power-on state.

[jobro]

Ah yeah ATZ was the code for hanging up the modem. Oh, on Mac I had a looser who switched on and off my modem on every keystroke I typed. Really bugging. He could do other weird sh*t like sending morsecodes with the modem speaker. One night I woke up by this fcuker sending "You are a sucker" with morsecodes. Dunno how he did that, but I suppose he wrote some sort of program to do that.