Mitnik and Shimomura
Shimomura had almost complete packet traces of the break-in, which allowed him to reconstruct the attack.
It was a trap.
It was not a trap. Shimomura was caught with his proverbials down. His arrogance made him complacent and as such he didnt take the most basic steps to keep the attack out. According to Tsutomo's own account of the incident he was only able to decipher what happened because the attacker(s) didnt clean away the info off the hard drive when they were finished. They rm'd sure but he dd'd the raw disk to another drive and worked through the blocks until he found the two tools that were used to effect the intrusion. He was also able to recover the tcpdump logs that were erased. If the intruder(s) had rm'd the data and THEN done a mkfile that filled the disk with 0's then most of what we know today would not be available. As mentioned a week or two back, filling the unused portions of blocks with 0's would probably also be necessary. As to wether Mitnik is capable of effecting the intrusion, that is yet to be ascertained. He claims no involvement in it and based on whats known of his cracking prowess there is a certain truth to it. He's infinitely better with a phone than a keyboard.
On Thu, 11 Jan 1996, Mark wrote:
It was not a trap. Shimomura was caught with his proverbials down. His arrogance made him complacent and as such he didnt take the most basic steps to keep the attack out.
According to Tsutomo's own account of the incident he was only able to decipher what happened because the attacker(s) didnt clean away the info off the hard drive when they were finished. They rm'd sure but he dd'd the raw disk to another drive and worked through the blocks until he found the two tools that were used to effect the intrusion. He was also able to recover the tcpdump logs that were erased.
If the intruder(s) had rm'd the data and THEN done a mkfile that filled the disk with 0's then most of what we know today would not be available. As mentioned a week or two back, filling the unused portions of blocks with 0's would probably also be necessary.
Yes but the the attacker would have been a malicous one wouldnt he?
As to wether Mitnik is capable of effecting the intrusion, that is yet to be ascertained. He claims no involvement in it and based on whats known of his cracking prowess there is a certain truth to it. He's infinitely better with a phone than a keyboard.
And hes not the one that made the phonecalls either. BTW,I'am I the only one bother to see my tax dollars being wasted my scsd.edu hosting www.takedown.com a commercial venture? Iam sure T&M have ebough money after book and movie deals to pay for their net access. Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
participants (2)
-
Aleph One -
Mark