How to Keep from Losing Your Shell Account
So now you have a hacker's dream, an account on a powerful computer running Unix. How do you keep this dream account? If you are a hacker, that is not so easy. The problem is that you have no right to keep that account. You can be kicked off for suspicion of being a bad guy, or even if you become inconvenient, at the whim of the owners.
Meinel Hall 'O Infamy Top Five Ways to Get Kicked out of Your Shell Account
1) Abusing Your ISP
Let's say you are reading Bugtraq and you see some code for a new way to break into a computer. Panting with excitement, you run emacs and paste in the code. You fix up the purposely crippled stuff someone put in to keep total idiots from running it. You tweak it until it runs under your flavor of Unix. You compile and run the program against your own ISP. It works! You are looking at that "#" prompt and jumping up and down yelling "I got root! I got root!" You have lost your hacker virginity, you brilliant dude, you! Only, next time you go to log in, your password doesn't work. You have been booted off your ISP. NEVER, NEVER ABUSE YOUR ISP!
*********************************************************
You can go to jail warning: Of course, if you want to break into another computer, you must have the permission of the owner. Otherwise you are breaking the law.
*********************************************************
2) Ping Abuse.
Another temptation is to use the powerful Internet connection of your shell account (usually a T1 or T3) to ping the crap out of the people you don't like. This is especially common on Internet Relay Chat. Thinking of ICBMing or nuking that dork? Resist the temptation to abuse ping or any other Internet Control Message Protocol attacks. Use ping only as a diagnostic tool, OK? Please? Or else!
3) Excessive Port Surfing
Port surfing is telnetting to a specific port on another computer. Usually you are OK if you just briefly visit another computer via telnet, and don't go any further than what that port offers to the casual visitor. But if you keep on probing and playing with another computer, the sysadmin at the target computer will probably email your sysadmin records of your little visits. (These records of port visits are stored in "messages," and sometimes in "syslog" depending on the configuration of your target computer -- and assuming it is a Unix system.)
Even if no one complains about you, some sysadmins habitually check the shell log files that keep a record of everything you or any other user on the system has been doing in their shells. If your sysadmin sees a pattern of excessive attention to one or a few computers, he or she may assume you are plotting a break-in. Boom, your password is dead.
4) Running Suspicious Programs
If you run a program whose primary use is as a tool to commit computer crime, you are likely to get kicked off your ISP. For example, many ISPs have a monitoring system that detects the use of the program SATAN. Run SATAN from your shell account and you are history. (Note -- you have to be root to install SATAN, so that tells your ISP right away that you have been doing no-nos. But even hacker programs tha you can install as an ordinary user can get you into trouble, too.)
**********************************************************
Newbie note: SATAN stands for Security Administration Tool for Analyzing Networks. It basically works by telnetting to one port after another of the victim computer. It determines what program (daemon) is running on each port, and figures out whether that daemon has a vulnerability that can be used to break into that computer. SATAN can be used by a sysadmin to figure out how to make his or her computer safe. Or it may be just as easily used by a computer criminal to break into someone else's computer. (And SATAN is now out of date. Run SAINT instead -- from your own computer, on your own network, or you may get kicked off your ISP. SAINT comes with SuSE Linux)
***********************************************************
5) Storing Suspicious Programs
It's nice to think that the owners of your ISP mind their own business. But they don't. They snoop in the directories of their users. They laugh at your email. OK, maybe they are really high-minded and resist the temptation to snoop in your email. But chances are high that they will snoop in your shell log files that record every keystroke you make while in your shell account. If they don't like what they see, next they will be prowling your program files.
One solution to this problem is to give your evil hacker tools innocuous names. For example, you could rename SATAN to ANGEL. But your sysdamin may try running your programs to see what they do. If any of your programs turn out to be commonly used to commit computer crimes, you are history.
Wait, wait, you are saying. Why get a shell account if I can get kicked out even for legal, innocuous hacking? After all, SATAN is legal to use. In fact, you can learn lots of neat stuff with SATAN. Most hacker tools, even if they are primarily used to commit crimes, are also educational. Certainly if you want to become a sysadmin someday you will need to learn how these programs work.
Sigh, you may as well learn the truth. Shell accounts are kind of like hacker training wheels. They are OK for beginner stuff. But to become a serious hacker, you either need to find an ISP run by hackers who will accept you and let you do all sorts of suspicious things right under their nose. Yeah, sure. Or you can install some form of Unix on your home computer. But that's another Guide to (mostly) Harmless Hacking (Vol. 2 Number 2: Linux!).
If you have Unix on your home computer and use a PPP connection to get into the Internet, your ISP is much less likely to snoop on you. Or try making friends with your sysadmin and explaining what you are doing. Who knows, you may end up working for your ISP!
In the meantime, you can use your shell account to practice just about anything Unixy that won't make your sysadmin go ballistic.
So now you have a hacker's dream, an account on a powerful computer running Unix. How do you keep this dream account? If you are a hacker, that is not so easy. The problem is that you have no right to keep that account. You can be kicked off for suspicion of being a bad guy, or even if you become inconvenient, at the whim of the owners.
Meinel Hall 'O Infamy Top Five Ways to Get Kicked out of Your Shell Account
1) Abusing Your ISP
Let's say you are reading Bugtraq and you see some code for a new way to break into a computer. Panting with excitement, you run emacs and paste in the code. You fix up the purposely crippled stuff someone put in to keep total idiots from running it. You tweak it until it runs under your flavor of Unix. You compile and run the program against your own ISP. It works! You are looking at that "#" prompt and jumping up and down yelling "I got root! I got root!" You have lost your hacker virginity, you brilliant dude, you! Only, next time you go to log in, your password doesn't work. You have been booted off your ISP. NEVER, NEVER ABUSE YOUR ISP!
*********************************************************
You can go to jail warning: Of course, if you want to break into another computer, you must have the permission of the owner. Otherwise you are breaking the law.
*********************************************************
2) Ping Abuse.
Another temptation is to use the powerful Internet connection of your shell account (usually a T1 or T3) to ping the crap out of the people you don't like. This is especially common on Internet Relay Chat. Thinking of ICBMing or nuking that dork? Resist the temptation to abuse ping or any other Internet Control Message Protocol attacks. Use ping only as a diagnostic tool, OK? Please? Or else!
3) Excessive Port Surfing
Port surfing is telnetting to a specific port on another computer. Usually you are OK if you just briefly visit another computer via telnet, and don't go any further than what that port offers to the casual visitor. But if you keep on probing and playing with another computer, the sysadmin at the target computer will probably email your sysadmin records of your little visits. (These records of port visits are stored in "messages," and sometimes in "syslog" depending on the configuration of your target computer -- and assuming it is a Unix system.)
Even if no one complains about you, some sysadmins habitually check the shell log files that keep a record of everything you or any other user on the system has been doing in their shells. If your sysadmin sees a pattern of excessive attention to one or a few computers, he or she may assume you are plotting a break-in. Boom, your password is dead.
4) Running Suspicious Programs
If you run a program whose primary use is as a tool to commit computer crime, you are likely to get kicked off your ISP. For example, many ISPs have a monitoring system that detects the use of the program SATAN. Run SATAN from your shell account and you are history. (Note -- you have to be root to install SATAN, so that tells your ISP right away that you have been doing no-nos. But even hacker programs tha you can install as an ordinary user can get you into trouble, too.)
**********************************************************
Newbie note: SATAN stands for Security Administration Tool for Analyzing Networks. It basically works by telnetting to one port after another of the victim computer. It determines what program (daemon) is running on each port, and figures out whether that daemon has a vulnerability that can be used to break into that computer. SATAN can be used by a sysadmin to figure out how to make his or her computer safe. Or it may be just as easily used by a computer criminal to break into someone else's computer. (And SATAN is now out of date. Run SAINT instead -- from your own computer, on your own network, or you may get kicked off your ISP. SAINT comes with SuSE Linux)
***********************************************************
5) Storing Suspicious Programs
It's nice to think that the owners of your ISP mind their own business. But they don't. They snoop in the directories of their users. They laugh at your email. OK, maybe they are really high-minded and resist the temptation to snoop in your email. But chances are high that they will snoop in your shell log files that record every keystroke you make while in your shell account. If they don't like what they see, next they will be prowling your program files.
One solution to this problem is to give your evil hacker tools innocuous names. For example, you could rename SATAN to ANGEL. But your sysdamin may try running your programs to see what they do. If any of your programs turn out to be commonly used to commit computer crimes, you are history.
Wait, wait, you are saying. Why get a shell account if I can get kicked out even for legal, innocuous hacking? After all, SATAN is legal to use. In fact, you can learn lots of neat stuff with SATAN. Most hacker tools, even if they are primarily used to commit crimes, are also educational. Certainly if you want to become a sysadmin someday you will need to learn how these programs work.
Sigh, you may as well learn the truth. Shell accounts are kind of like hacker training wheels. They are OK for beginner stuff. But to become a serious hacker, you either need to find an ISP run by hackers who will accept you and let you do all sorts of suspicious things right under their nose. Yeah, sure. Or you can install some form of Unix on your home computer. But that's another Guide to (mostly) Harmless Hacking (Vol. 2 Number 2: Linux!).
If you have Unix on your home computer and use a PPP connection to get into the Internet, your ISP is much less likely to snoop on you. Or try making friends with your sysadmin and explaining what you are doing. Who knows, you may end up working for your ISP!
In the meantime, you can use your shell account to practice just about anything Unixy that won't make your sysadmin go ballistic.