When a computer attacker has his way with a website, how is this person found? Is their IP address simply attached to everything they do?

------------------
"If the automobile had followed the same development cycle as the computer a Rolls Royce today would cost $100, get a million miles to the gallon and explode once a year, killing everyone inside." - Robert Cringely, InfoWorld Columnist

Unless he's a kiddie or sloppy, no.

Usually yo use a tertiary, or even a string of different IP's to do an attack ( or i get you to download a program for me, use your system to attack a server-and you get blamed! http://www.PCGuide.com/ubb/smile.gif )

This is kinda how it get s done. http://www.PCGuide.com/ubb/wink.gif

------------------
iisbob
""I was gratified to be able to answer promptly, and I did. I said I didn't know."
Mark Twain

What good would it do to have a person download a program for you?
What is a tertiary?

------------------
"If the automobile had followed the same development cycle as the computer a Rolls Royce today would cost $100, get a million miles to the gallon and explode once a year, killing everyone inside." - Robert Cringely, InfoWorld Columnist

I believe, iisbob, means by tertiary is that a cracker seldomly exposes his true ip. Most will work through a compromised machine when creating mischief.

Concerning the program question, the program or trojan gets uploaded to your machine which can then be used by outsiders.

------------------
When in doubt search on Google

I have tried to search for this kind of thing on Google. Nothing.
If a cracker goes trough someone elses computer to do his dirty work, then how is he caught?

------------------
"If the automobile had followed the same development cycle as the computer a Rolls Royce today would cost $100, get a million miles to the gallon and explode once a year, killing everyone inside." - Robert Cringely, InfoWorld Columnist

you can read on Hacking here

------------------
[url="http://www.dreamwater.com/paleopete/computer.htm"]PETE'S Computer Information Links (EDITED[/URL)

[This message has been edited by Paleo Pete (edited 01-06-2002).]

..If a cracker goes trough someone elses computer to do his dirty work, then how is he caught?..

There are tools available to network administrators to track packets back on the network-these are used to see where the originating packet came from.

Most true hackers are aware of this and that's why they get you to download and install a trojan program so that they can use your system to create havoc, they can also cover their tracks in your system by erasing any log files that are generated by your connection to network-but, unless they have access to your ISP's systems ( which rarely ever happens ) they can't cover their tracks from there, so that's where they are usually found out.

This help you a little? http://www.PCGuide.com/ubb/smile.gif



------------------
iisbob

Life of a tech-support specialist-
"..Tech Support: "Use the right button to click on the shortcut--"
Customer: "I don't have a right button."
Tech Support: "You should have a right button."
Customer: "I'm sure. I have 'ctrl', 'alt', 'backspace'..."

ummmmmmmmmm you want to be real carefull going to the astalavista site that YODA has provided a link to.

If you go there make sure you are carefull on what you click on when exploring the site (it has massive links to underground) and you may get more there than you bargained for.

http://www.PCGuide.com/ubb/eek.gif

caution (extreme) is advised.

http://www.PCGuide.com/ubb/wink.gif



------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)


;)~

Hey Sea, I've been all thru the site and have never had anything pop up (that does not mean that it could not happen just like any site)I don't see where it is any worse than surfing in dark place's on the net or at least I've never had a Virus even pop up on that site,Like I have just surfing the Net.But if ya'll think it is a bad site I will Not post it again.And Pete Take it off hear Pls.If the concencise is that it is dangerous.

------------------
PETE'S Computer Information Links (http://www.dreamwater.com/paleopete/computer.htm)

It's removed. Sea is correeect, that is not a very healthy site, depending on how careless you are with your clicking and how your browser settings are configured. It also contains links that I don't wish to see posted here...this has been covered before, although the site does post some good info concerning hacking, it also has some very questionable links, it and some of those links have ActiveX and Java controls you wouldn't like...

------------------
Support the right to keep and arm bears.
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.dreamwater.com/paleopete/computer.htm) has been moved, please update your bookmarks.

not to perpetuate this but...........

YODA- the exact link you gave (for the expressed purpose that you gave it) was perfect.

It's just that having been there extensively, (by inadvertently following just such a link myself) - me, I like to explore EVERYTHING, and when you do that there are links (many) there that will take you to other places and some people are not aware that although it sounds great.. LOTTS of the things that they offer for downloads are carrying hidden commands that you do NOT want. (which can do many things such as: make your connection a server or portal for other neffarious acts, and they can be quite malicious.

I aquired a slave.exe there once.. thinking I was being a wise guy..

lol


http://www.PCGuide.com/ubb/wink.gif

------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)




[This message has been edited by sea69 (edited 01-06-2002).]

..If a cracker goes trough someone elses computer to do his dirty work, then how is he caught?..


To add to what iisbob mentioned. Most security guys will run a Intrusion Detection System. An IDS will capture packets and compare them to a rule set. If a packet matches a rule it can be logged and a warning or alert can be emailed to a administrator. Also secruity guys will run file integrity software like Tripwire. Tripwire works by taking a snap shot of the system in a "clean" state (before it's connected to the internet) and then matching that information with the system as it is runnning later. If any files have been changed or messed with. Tripwire will report it.


This can help catch the baddie before he has a chance to change log files or start running any tool sets.


But there are cases where the bad guy just wants to shut down a server. He can then use forged packets and many different "zombie" systems which don't point back to his system in order to do his work. In cases like this you have to look at the router logs (many of which belong to different networks so you'll need law enforcement help. Unless your got really good "interpersonel" skills http://www.PCGuide.com/ubb/biggrin.gif ) in order to back trace to him.

Hackers hope that most folks aren't willing to go thur this much trouble. (and for web defacements or cases where the lost of money isn't very big most aren't)



[This message has been edited by Ghost_Hacker (edited 01-08-2002).]

I have a question, how can you tell the sites mentioned above are underground or have links you need to be careful with? How can I look out for these type of things. As you guys know when you get click happy in let's say questionable sites other links pop up. How can you tell if these sites are "dangerous"?

------------------
God is living Man

You can't really... Which is why I always have activeX, Java, and scripting turned off. I also make sure IE is patched for all the lastest security holes.