Asking to be hacked

Discussion in 'other security issues & news' started by solcroft, Oct 19, 2007.

Thread Status:
Not open for further replies.
  1. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Not sure if this is in accordance with forum policies, but since there doesn't seem to be one for this forum...

    I'm trying to find out what's the worst that can happen when a WinXP Pro SP2 system goes for five years without any security patches and doesn't have a firewall installed. Please feel free to intrude into my system any way you can; details are per the attached images.

    1.jpg

    2.jpg
     
  2. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Are you monitoring this machine (or virtual machine) to ensure that any infection or hack actually does not impact other people?

    For example, running a phishing site, sending spam, etc?

    If not - it would seem a little unethical/irresponsible.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Your Net range is assigned to Stony Brook Univ.

    Is yours a static or dynamic IP?

    Would the server or anyone else on the network be affected in any way by an infection/hack?
     
  4. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    As best as I know how to, yes. I'm periodically checking to see if port 80 is open, among other things. Since I'm asking to be attacked to see how bad the consequences can be, I'd obviously like to know when I'm compromised.
     
  5. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    That's... strange. I did a whois of myself, and apparently I'm right where I'm supposed to be. What tools did you use?

    And no, I'm the sole user on a home network. So I doubt anyone else would be affected.
     
  6. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Except other customers of the ISP, random internet users (in case you're infected but don't know/notice)... do you have something monitoring traffice to/from the box (which is not ON the box)...

    While I understand and applaud your curiousity, I have to say that this still strikes me as a little irresponsible.
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Sorry, I mistyped your IP in whois.

    What about static or dynamic?
     
  8. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    I'm on a wireless router. That IP stays until I reset the router.
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    OK. I assume that eliminates the chances of someone else being compromised with that IP.
     
  10. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Any non-OS tools and the rest of the box is pretty hardened IMHO. My gates are wide open, but I sincerely doubt anyone is able to pluck the cameras down on their way in.
     
  11. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    I wholeheartily agree with this. There are too many improperly secured computers being used without the owners knowledge as spam bots and such without freely providing one and becoming part of the problem.
     
  12. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    Do you have any sensitive data on it :D
     
  13. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Why not find out. :D
     
  14. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    Hostname: ******
    TCP ports (1) 21
    UDP ports (79) 7,9,11,53,68,69,111,123,135,137,138,191,
    192,260,445,500,514,520,1009,1024,1027,1030,1034,1035,
    1037,1041,1058,1060,1091,1352,1434,1645,1646,1812,1813,
    1900,1978,2002,2049,2140,2301,2493,2631,2967,3179,3327,
    3456,4045,4156,4296,4469,4802,5631,5632,11487,31337,32768,
    32769,32771,32772,32773,32774,32775,32776,32777,32778,32779,
    32780,32781,32782,32783,32784,32785,32786,32787,32788,32789,32790,43981

    that's a lot
    :D
     
  15. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Well, that was the whole point of this exercise in the first place. :D

    The million-dollar question is, can you hack me? ;)
     
  16. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    NO.
    :D I don't have the time, knowledge, and interest.

    The tool for providing this info downloaded in a mouse click. No hacking tools btw, just a port scanner and network utility

    Nice topic
     
  17. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    The point he is making is that it's one thing to have information, or even access (supposedly) to open ports. It's another to do something with it. That is his challenge!
     
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  19. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    Well I trust you know what you are doing since it is one thing to ask your friends to hack you it is a whole other to post a request on the www for all and sundry to have a go. One might say the expression "Be careful what you wish for" applies.
     
  20. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    I agree, that's the challenge.

    Question:

    What are the most common ports that are scan?
     
  21. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Just out of curiosity, has anyone had a go at me yet? Seems awfully quiet on my end - I registered a few Sasser and SQLSlammer attacks from Taiwan sometime this afternoon, but that was it.
     
  22. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Here are some typical loggings I see daily.

    scans.gif
    ______________________________________________________________


    Ports 1026-1028 are messenger spam:

    http://www.linklogger.com/messenger_spam.htm

    Port 135 is the entry point for MSBlaster.

    http://www.linklogger.com/TCP135.htm

    Port 139 is the Netbios Session Service

    http://www.linklogger.com/TCP139.htm

    Port 445 is the entry point for Sasser.

    http://www.linklogger.com/TCP445.htm

    The third showing Port 51132 is typical for those like myself using a dynamic IP address (it changes each time I dial up). The previous user of that IP at the time it was assigned to me may have been in a P2P session using that port.

    -rich
     
  23. controler

    controler Guest

    This sounds just like an old thread over ate DSLReports.

    Blake ( I believe he is the maker of Link Logger) started. He asked the whole world to try hack him while he was on a cheap nat router.
    You might be able to still find the thread or IM Blake to see how many actualy got in. I watched it for a while, then got bored. I think a few were able to send some packets through.


    Good luck

    controler
     
  24. De Hollander

    De Hollander Registered Member

    Joined:
    Sep 10, 2005
    Posts:
    718
    Location:
    Windmills and cows
    Thank you, Rmus.

    MSBlaster\Sasser nasty's are still out there... :thumbd:
     
  25. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    My router's configured for DMZ access, in effect disabling its firewall protection.

    But at the end of the day, when nothing untoward has happened even with no security patches and wide-open ports, it really makes you wonder whether some of the more recent paranoia about stealthed ports being a necessity is even worth the time.
     
Loading...
Thread Status:
Not open for further replies.