Top White Papers
Charges of hacking stop Internet OS CountOct 30, 1998, 16:45 (7 Talkback[s])
by Dwight Johnson
The Internet Operating System Counter run by cubenet.de which has been so useful in bringing to light the predominance of Linux use on the Internet has been stopped because of accusations of hacking in Israeli domains.
The Counter, which uses the freeware probing software Queso currently featured in the InfoWorld article TCP fingerprinting solutions for Linux offer another way to gather security data, was accused of initiating "hack attacks" against "hi-tech companies and banks".
The accusation published October 26 in the Israeli online news site Globes reads:
"In the past three weeks, scores of Israeli companies Internet sites have been attacked by a group of hackers, suspected to be Lebanese, operating from the US. Yitzhak Mozgah, of security company COMSEC, told "Globes" today that the hackers operated from Texas, and were discovered in an investigation carried out by COMSEC and PubliCom."
According to hzo.cubenet.de:
"Today (Friday, 23.10.98 about 4.00 CEST) I got urgent email from the sysadmins of leb.net where my query is running as a background job. The ongoing Oct' 98 survey which also queries all servers of the .il domain (Israel) had brought up sysop complaints about »hack attacks« against »hi-tech companies and banks« There was a statement, that a »Firewall-1 system was bypassed and the log turned off after compromise« (which shouldn' t be triggered by the packets I send to the hosts to query)."
"As I see it, I came in between frontiers where I don't want to be. As I was told, there could be even some articles in today's Israelinewspapers about this whole thing. Therefore I stopped the ongoing host query." The Internet Operating System Counter (ios++) is a survey of operating system usage on the Internet. It collects host addresses and queries these hosts, which operating systems they are running."
Below is a follow-up report issued today:
From email@example.com Fri Oct 30 13:22:16 1998 Date: Fri, 30 Oct 1998 20:23:16 +0100 (CET) From: ios++ mechanic To: firstname.lastname@example.org Subject: Sorry, no Oct. 98 query results. Resent-Date: 30 Oct 1998 19:23:23 -0000 Resent-From: email@example.com Resent-cc: recipient.list.not.shown:; Hi, the Oct. 98 query was stopped because of an incident with servers of the '.il' domain. A complaint concerning a "hack attack" (which usually comes in every 120 000 hosts queried) was "upgraded" into a full alarm for all '.il' hosts. This alarm was triggered at Fri, 23 Oct 1998 00:59:21 +0000 24 hrs after I had provided them full explanation what I was doing and giving pointers to the Counter web pages which were provided at Thu, 22 Oct 1998 01:07:01 +0200 (CEST) Severe accusations shined up in Israeli newspapers (see attached article which was published by http://www.globes.co.il on Sunday, Oct 25, 1998 at 18:00 (GMT+3) ). Security companies seemed to use this incident to bash other security suppliers ( "...a Checkpoint firewall-1 was compromised..." ) and to promote their services. I asked the person who released the Israel wide alarm to publish a log file which could prove these claims. Until now (Fri Oct 30 20:10:14 CET 1998), no log file could provided which would back these claims. The gentleman from Israel responsible for triggering the false alarmdid not defuse it until Thu, 29 Oct 1998 21:13:46 +0200, more than six days after he had triggered it. You can read more about this incident in the Israeli Linux-il mailing list archive: http://plasma-gate.weizmann.ac.il/Linux/maillists/98/10/msg00368.html http://plasma-gate.weizmann.ac.il/Linux/maillists/98/10/msg00378.html http://plasma-gate.weizmann.ac.il/Linux/maillists/98/10/msg00401.html http://plasma-gate.weizmann.ac.il/Linux/maillists/98/10/msg00424.html http://plasma-gate.weizmann.ac.il/Linux/maillists/98/10/msg00425.html http://plasma-gate.weizmann.ac.il/Linux/maillists/98/10/msg00479.html http://plasma-gate.weizmann.ac.il/Linux/maillists/98/10/msg00512.html I'm sorry to tell you that I stopped the Oct. 98 query because of this incident. Further host queries might or might not be done depending on free time and mood. Enjoy! hans --ios++ == The Internet Operating System Counter. ios++ == Counting the operating systems on the Internet. ios++ == http://www.hzo.cubenet.de/ioscount/
0 Talkback[s] (click to add your comment)