|Hacking 101 from the September 2000 Actrix
by Dean Moor
This month we are privileged to be able to include the second in a series of articles by one of our customers, Dean Moor. Dean has a long-standing interest in computer security and has graciously agreed to share some of his knowledge.
Always remember - one of the best ways to protect your security online is to change your password on a regular basis. Haven't done that for a while? Do it now. Call our help desk (0800-228749) if you're not sure how. -Ed.
|Well I hope you all found last
month's article useful. This month, I have been asked to explain to just what a
"Hacker" is looking for and how they go about finding it. Obviously, I am not
about to give you a step-by-step guide to Hacking, but I do aim to give you a bit of basic
knowledge on the process involved so that you can be more aware and hopefully safer.
Before I go too far ahead I need to ensure you have a basic
knowledge of how the Internet works. I find the analogy of a city is the best to use. A
city is made up of thousands of houses, connected to each other by roads. The Internet, in
comparison, is made up of thousands of computers, connected by modems. Now, every house in
a city has an address, which may look like this:
|Now to compare these two
address types lets look at them side by side,
Notice how the last number in the Internet
Address is the equivalent of the house number, the second to last is the street, and so
on. You may be wondering what the significance of this is. You shall see shortly.
Let us take the analogy that we used before with the city.
Your Internet connected computer could now be
referred to as your house. Now, almost all houses have doors and windows. There is a front
door, back door, sometimes a door through to the garage, and so forth. Each room has
windows that are most likely referred to by style or size. Well, now lets call these doors
and windows, ports. Just as we have a way of describing the doors and windows there is a
method of describing ports, and as with almost all computing related names, it a numerical
method. For example, almost every one comes in through the front door so we shall refer to
this as the port that the web pages come in on. This is port 80. Now, emails come in
through the large opening windows in the lounge (Port 110) and out through the small
window in the dining room (Port 25). Please remember that this is a very simple model.
Notice how the Internet seems to have the address back to front? Well this is because a computer generally processes things in a logical order, where as we humans process information completely back to front!
|Anyway, if I wanted to
find someone online in the Actrix domain, how would I go about it? Using the city analogy
again, I find the city of New Zealand, and the suburb of Actrix to get the Domain Address
of 203.96. Having already skipped a couple of steps I fire up my domain scanner and enter
the address for the Actrix domain, and click Start. What happens now is my domain scanner
searches for every online I.P. address starting with those numbers (pings every complete
IP Address in the range). To return to our analogy, this is like it quickly running around
every house in every street knocking on all doors and listening for a reply. It then
returns to me with a list of people who are home (computers online).
Now I have a list of computers online, I need to find one I can get into. This is where the ports come in. I now run a port scanner, pick an IP address and scan certain or all ports on that computer. The analogy equivalent is like the burglar, having found a secluded house, looking around the house for an entry point. Now, to scan all ports will take a long time, mainly because there are 65535 ports in the TCP Protocol (the main language of the internet). Some "Hackers" scan the ports that various Trojan Virus Programs open, some scan for others. It all depends on what they are looking for, and what tools they have compared to what vulnerabilities they find.
here we have an interesting situation. Almost all computers hear this scanner knocking on
the doors or windows. They peer outside to see what is going on, and call out "No
The hacker now has the IP Address of a computer online, and some doors or windows that are open.
Now, depending on what ports responded and how
they responded (answered the port scan) the Hacker can use a Trojan client, or other
methods to take control of your computer. For example, if you unwittingly had the Netbus
Trojan virus on your machine, your computer would have responded to a knock on port 12345.
This is the default port for the NetBus Trojan Virus and all the Hacker would need to do
now is run the NetBus Client on his machine, and connect through port 12345 to the Trojan
Server on yours. He would then have complete control of your machine.