[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: A ReYou'll be the judge. (was: Hackers from leb.net)



Hi,

Mr Nussbacher, who seems to be such a "big" guy in some circles,
sent me an bmp file of 400 kb which shows these lines:

Sevice 	Source 		Destination 	Proto. 	Rule 	S_Port 	Info
http	106.127.55.2    192.116.131.239	tcp	0	20899	mssage 
SYN->SYN-ACK ->Timeout

as proof for a hack attack. Sending this bitmap which holds no sign of
a hack to me disqualifies him in my eyes as a security expert and someone
to deal with.I never claimed to be such an expert but I can judge what he is.
Not a single line of a log file which would show any sign of a hack
file could be shown to me.


On Wed, 28 Oct 1998, Ira Abramov wrote:

> 
> On Tue, 27 Oct 1998 hzo@goldfish.cube.net wrote:
> 
> > I'm here to defend Alex Khalil from leb.net and me against these
> > incredible allegations about  a "hack attack" against  Israeli servers.
> > In the meantime the whole thing seems to go out of control and changes
> 
> we are not the one you need to explain this to, since we are well aware of
> the implications and problems. my personal oppinion is that you should
> actually let it be, because this could actually start to become dangerous
> to you. Hank Nusbacher is no small fish and can pull as many strings as he
> wishes. you have already wrote to all of ISOC-IL's management, and this is
> the most you can do right now... 
> 
> just some points:
> 
> 1. the computer having a lebanonian name is not working for your benefit
> 2. the fact you're German may also not help in some people's minds
> 3. a DOS attack means "Denial Of Service". Do you call yourself a network
>    expert, or are you a kid who thinks he discovered QueSO? answering
>    people with "I'm using Linux, how can it be a DOS attack" sounds very
>    unprofessional
I never claimed to be a network expert. In contrary to some other
gentleman.


> 4. before everyone on this list puts their good name on the line and
>    defend you, could you make sure your machine has indeed never been 
>    broken and used by crackers as a homebase and camouflage for break in
>    attempts? your obvious mistake (see 3) makes me think that beirut box 
>    may have indeed initiated attacks, maybe not by the incompetants that
>    run it, but by people they blindly let in.

Yes because only local acces is allowed.

> 
> > from something where you could laugh about into a pretty severe case. A
> > gentleman from a security company  c
> > is shining up in an Israeli news paper.
> 
> that could be a publicity stunt maybe, and there is not much you can do
> about it. money talks, and the guy will not let go of it.
> 
> > I'm not willing to remain quiet when I get drawn into something which
> > are pretty serious allegations.
> > It is really a shame that these people who released a false alarm which
> > was triggered by my operating system survey  now try to save face by
> > accusing others of _criminal_ behaviour.
> 
> and following it will be a formal complaint at the interpol. do yourself a
> favor and shut up about it.

I'm trusting the German justice system.... 

> 
> > These who triggred the false alarm behaved unprofessional and hysteric
> > when the packets of my survey were registered by firewalls. This survey
> 
> it doesn't matter. Nusbacher rules the entire Israeli Academia network,
> the ISOC , the IBM net for Israel and more. rules not de jure but de
> facto. you do NOT want to talk becak to him. you want to appologize and
> watch your ass. I have argued with him in the past, but NOT when a
> criminal charge was hanging above my head.

I feel sorry for everyone who knows this and cannot speak out freely. I
would not want to live among such people where justice does not seem 
to be worth too much.
  
> 
> > Hi ----,
> > 
> > sorry for the disturbance.
> > 
> > system is determined. For details and statistics, please visit
> > http://www.hzo.cubenet.de/ioscount/
> > More than 940 000 hosts were queried until today.
> 
> when you started this adventure, did you really never think about the
> legal implications if someone was to see this as an attack? how naiive
> were you when you started? did you not think of pasting a nice big legal
> disclaimer and explanation on your site after talking to a lawyer "just in
> case" before starting?!

It is no "attack". If you knock at a door to see if someone is at home and
the whole house crashes, should I have asked a lawyer before I knocked? 

> 
> > To prevent further irritation I can put host into
> > the exclude file and they will no longer be queried.
> > If you want to exclude further hosts from the survey,
> > please send me the domain name(s) which should be excluded.
> > I'll put them on my exclude list.
> 
> exclude lists are NOT a solution, as you see. I would SERIOUSLY consider -
> if I were you - to start looking for a lawyer. you don't have to pay him
> or consult him yet, but since this is out in the press, and leading the
> pack in a guy from ISOC, there is a good chance it will leak to
> international newspapers, and you may need one before you know it. YES, it
> may seem paranoid of me, but I'm trying to be a fatalist while maintaining
> a realistic view here.

Since I have log files of my queries, which other "experts" don't seem
to have, I will sleep peacefully.

> 
> > answers were evaluated. The principle is available for further
> > evaluation at http://www.apostols.org/projectz/queso
> 
> there is something that really bothers me with QueSO's page, btw. the
> URL's name and spelling, as well as the design reeks of hackerism of the
> underground, questionably legal, type. it is definitely not the page you
> want to send to ISOC to make yourself look better.
> 
> > correct. It is incredible! He notifies the Israeli press before
> > verifying at leb.net what  really  happend and then does not contact me
> > despite I send him two emails which refute his claims. I'm sorry to
> > state that I feel that this has to be described  as an unprofessional
> > behaviour.
> 
> what's done is done, like I told Alex, it will be more usefull for you to
> talk to the Israeli press than Nusbacher and friends right now, IF you
> think you want to stick yout foot in this deeper at all.
> 
> > After some time I find out, that some article was posted online by El
> > Haaretz about a hack on Israeli servers. I try to get it, but  -yuck-
> > you need a password to  read this article.  So I'm writing the
> 
> well, Mr. Hans "-yuck-" Zoebelin, not all papers are free on the net.
> Haaretz, actually, IS free in the english edition. it was the stupidity of
> whoever you were writing to that sent you the article in Hebrew, I can
> understand how frustrating that is, but if you would have dug a bit in
> their site you would have found it, not password protected even...
> 
> > postmaster and explain  to him , that I think I'm accused to have hacked
> > these Israeli servers and if he could send me this article.  After some
> > time I get response from El Haarez containing a pointer to this article
> > and a comment, that the article will be available there until Sunday.
> 
> one more thing. it's Ha'aretz and not "El" Ha'aretz. "El" is the "The"
> preposition in Arabic, and not in Hebrew.
> 
> > So I fire up my browser to read it, but -yuck- again I'm questioned for
> > some pass word. It seems as if they are securing their articles better
> > than their military servers.
> 
> unlike the US army servers we don't put ours on the web, see... I wonder
> how you would make that comparison... I'm sure you never tried to hack
> into an Israeli army server.
> 
> Ha'aretz, lamely enough, seem to be using ASPs on their site, which
> sugests the use of NT, btw.
> 
> > reference. And really the article is inclueded as attachment. I open the
> > attachment and -yuck- the article is
> > in Hebrew, which I unluckily don't understand, Only the words "denial of
> > service" and "leb.net" which shine up "unencrypted" seem to show pretty
> > clear, what there is written.
> 
> send it to us and we'll translate it if you'd like.
> 
> > 2) How can a hacker fire up an "DOS http attack"
> > when the server (leb.net) is running on Linux,
> > an Unix clone.
> 
> see my remark aove
> 
> > PS: If  these allegations about criminal activities will continue to pop
> > up,  I'll have set up a web page, where all  facts and log  files will
> > be presented to the public for closer inspection.  These gentlemen who
> > claim to have witnessed a "hack attack" on Israeli servers will then
> > also have the chance to present their evidence and log files to the
> > public for inspection  by expert viewers from all the world.
> 
> go ahead and set it up now, I wouldn't wait one more minute if I were you.
> 
> > Luckily nowadays it is easier to go public than in earlier times. You
> > don't have to own a whole news paper  anymore.  10 mb of web space is
> > all you need.
> 
> sadly today you don't need to produce a book to make people angry at you,
> you just spew some IP packets over the net with spam of any sort (IP or
> SMTP level) for almost free.
> 
> Don't get me wrong, I like the idea of the IOS++ counter very much, but
> only if it was done by a responsable known company with financial and
> legal backing, and not by "some guy who wanted to count some stats" and
> didn't stop for one moment to think. maybe offer this project to netcraft
> or some respectable research firm (like Zona Research that's quoted by all
> the online news sites) so as not to risk your sorry ass.
> 
> Good luck. Ira.
> 
> 
Good luck. I'll let you alone. I have learned a lot these days about
Israel. 

Enjoy!
Hans