[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: A ReYou'll be the judge. (was: Hackers from leb.net)
Hi,
Mr Nussbacher, who seems to be such a "big" guy in some circles,
sent me an bmp file of 400 kb which shows these lines:
Sevice Source Destination Proto. Rule S_Port Info
http 106.127.55.2 192.116.131.239 tcp 0 20899 mssage
SYN->SYN-ACK ->Timeout
as proof for a hack attack. Sending this bitmap which holds no sign of
a hack to me disqualifies him in my eyes as a security expert and someone
to deal with.I never claimed to be such an expert but I can judge what he is.
Not a single line of a log file which would show any sign of a hack
file could be shown to me.
On Wed, 28 Oct 1998, Ira Abramov wrote:
>
> On Tue, 27 Oct 1998 hzo@goldfish.cube.net wrote:
>
> > I'm here to defend Alex Khalil from leb.net and me against these
> > incredible allegations about a "hack attack" against Israeli servers.
> > In the meantime the whole thing seems to go out of control and changes
>
> we are not the one you need to explain this to, since we are well aware of
> the implications and problems. my personal oppinion is that you should
> actually let it be, because this could actually start to become dangerous
> to you. Hank Nusbacher is no small fish and can pull as many strings as he
> wishes. you have already wrote to all of ISOC-IL's management, and this is
> the most you can do right now...
>
> just some points:
>
> 1. the computer having a lebanonian name is not working for your benefit
> 2. the fact you're German may also not help in some people's minds
> 3. a DOS attack means "Denial Of Service". Do you call yourself a network
> expert, or are you a kid who thinks he discovered QueSO? answering
> people with "I'm using Linux, how can it be a DOS attack" sounds very
> unprofessional
I never claimed to be a network expert. In contrary to some other
gentleman.
> 4. before everyone on this list puts their good name on the line and
> defend you, could you make sure your machine has indeed never been
> broken and used by crackers as a homebase and camouflage for break in
> attempts? your obvious mistake (see 3) makes me think that beirut box
> may have indeed initiated attacks, maybe not by the incompetants that
> run it, but by people they blindly let in.
Yes because only local acces is allowed.
>
> > from something where you could laugh about into a pretty severe case. A
> > gentleman from a security company c
> > is shining up in an Israeli news paper.
>
> that could be a publicity stunt maybe, and there is not much you can do
> about it. money talks, and the guy will not let go of it.
>
> > I'm not willing to remain quiet when I get drawn into something which
> > are pretty serious allegations.
> > It is really a shame that these people who released a false alarm which
> > was triggered by my operating system survey now try to save face by
> > accusing others of _criminal_ behaviour.
>
> and following it will be a formal complaint at the interpol. do yourself a
> favor and shut up about it.
I'm trusting the German justice system....
>
> > These who triggred the false alarm behaved unprofessional and hysteric
> > when the packets of my survey were registered by firewalls. This survey
>
> it doesn't matter. Nusbacher rules the entire Israeli Academia network,
> the ISOC , the IBM net for Israel and more. rules not de jure but de
> facto. you do NOT want to talk becak to him. you want to appologize and
> watch your ass. I have argued with him in the past, but NOT when a
> criminal charge was hanging above my head.
I feel sorry for everyone who knows this and cannot speak out freely. I
would not want to live among such people where justice does not seem
to be worth too much.
>
> > Hi ----,
> >
> > sorry for the disturbance.
> >
> > system is determined. For details and statistics, please visit
> > http://www.hzo.cubenet.de/ioscount/
> > More than 940 000 hosts were queried until today.
>
> when you started this adventure, did you really never think about the
> legal implications if someone was to see this as an attack? how naiive
> were you when you started? did you not think of pasting a nice big legal
> disclaimer and explanation on your site after talking to a lawyer "just in
> case" before starting?!
It is no "attack". If you knock at a door to see if someone is at home and
the whole house crashes, should I have asked a lawyer before I knocked?
>
> > To prevent further irritation I can put host into
> > the exclude file and they will no longer be queried.
> > If you want to exclude further hosts from the survey,
> > please send me the domain name(s) which should be excluded.
> > I'll put them on my exclude list.
>
> exclude lists are NOT a solution, as you see. I would SERIOUSLY consider -
> if I were you - to start looking for a lawyer. you don't have to pay him
> or consult him yet, but since this is out in the press, and leading the
> pack in a guy from ISOC, there is a good chance it will leak to
> international newspapers, and you may need one before you know it. YES, it
> may seem paranoid of me, but I'm trying to be a fatalist while maintaining
> a realistic view here.
Since I have log files of my queries, which other "experts" don't seem
to have, I will sleep peacefully.
>
> > answers were evaluated. The principle is available for further
> > evaluation at http://www.apostols.org/projectz/queso
>
> there is something that really bothers me with QueSO's page, btw. the
> URL's name and spelling, as well as the design reeks of hackerism of the
> underground, questionably legal, type. it is definitely not the page you
> want to send to ISOC to make yourself look better.
>
> > correct. It is incredible! He notifies the Israeli press before
> > verifying at leb.net what really happend and then does not contact me
> > despite I send him two emails which refute his claims. I'm sorry to
> > state that I feel that this has to be described as an unprofessional
> > behaviour.
>
> what's done is done, like I told Alex, it will be more usefull for you to
> talk to the Israeli press than Nusbacher and friends right now, IF you
> think you want to stick yout foot in this deeper at all.
>
> > After some time I find out, that some article was posted online by El
> > Haaretz about a hack on Israeli servers. I try to get it, but -yuck-
> > you need a password to read this article. So I'm writing the
>
> well, Mr. Hans "-yuck-" Zoebelin, not all papers are free on the net.
> Haaretz, actually, IS free in the english edition. it was the stupidity of
> whoever you were writing to that sent you the article in Hebrew, I can
> understand how frustrating that is, but if you would have dug a bit in
> their site you would have found it, not password protected even...
>
> > postmaster and explain to him , that I think I'm accused to have hacked
> > these Israeli servers and if he could send me this article. After some
> > time I get response from El Haarez containing a pointer to this article
> > and a comment, that the article will be available there until Sunday.
>
> one more thing. it's Ha'aretz and not "El" Ha'aretz. "El" is the "The"
> preposition in Arabic, and not in Hebrew.
>
> > So I fire up my browser to read it, but -yuck- again I'm questioned for
> > some pass word. It seems as if they are securing their articles better
> > than their military servers.
>
> unlike the US army servers we don't put ours on the web, see... I wonder
> how you would make that comparison... I'm sure you never tried to hack
> into an Israeli army server.
>
> Ha'aretz, lamely enough, seem to be using ASPs on their site, which
> sugests the use of NT, btw.
>
> > reference. And really the article is inclueded as attachment. I open the
> > attachment and -yuck- the article is
> > in Hebrew, which I unluckily don't understand, Only the words "denial of
> > service" and "leb.net" which shine up "unencrypted" seem to show pretty
> > clear, what there is written.
>
> send it to us and we'll translate it if you'd like.
>
> > 2) How can a hacker fire up an "DOS http attack"
> > when the server (leb.net) is running on Linux,
> > an Unix clone.
>
> see my remark aove
>
> > PS: If these allegations about criminal activities will continue to pop
> > up, I'll have set up a web page, where all facts and log files will
> > be presented to the public for closer inspection. These gentlemen who
> > claim to have witnessed a "hack attack" on Israeli servers will then
> > also have the chance to present their evidence and log files to the
> > public for inspection by expert viewers from all the world.
>
> go ahead and set it up now, I wouldn't wait one more minute if I were you.
>
> > Luckily nowadays it is easier to go public than in earlier times. You
> > don't have to own a whole news paper anymore. 10 mb of web space is
> > all you need.
>
> sadly today you don't need to produce a book to make people angry at you,
> you just spew some IP packets over the net with spam of any sort (IP or
> SMTP level) for almost free.
>
> Don't get me wrong, I like the idea of the IOS++ counter very much, but
> only if it was done by a responsable known company with financial and
> legal backing, and not by "some guy who wanted to count some stats" and
> didn't stop for one moment to think. maybe offer this project to netcraft
> or some respectable research firm (like Zona Research that's quoted by all
> the online news sites) so as not to risk your sorry ass.
>
> Good luck. Ira.
>
>
Good luck. I'll let you alone. I have learned a lot these days about
Israel.
Enjoy!
Hans