Profiles of Participants
Tools of the Trade
Internet Relay Chat
Cracked super-user account on well-connected enterprise network
Super-user account on university residence hall network
“Throw-away” PPP dial-up accounts
IRC Users, Operators, and Servers
Providers who eliminate troublesome users’ accounts
- An attacker relies on anonymity when attacking hosts/networks so that he/she can do so without being identified.
- Attacks like “Smurf” and “Fraggle” (described in the next few pages) work only when IP source-address spoofing is possible, because of the reflexive nature of the attack. Without spoofing, they would just be flooding themselves.
- Other attacks, such as the fragmentation attacks mentioned, simply use spoofing as a way to avoid being identified.
- Large lists of super-user accounts, as well as user-level accounts, are passed around in order to help deter the identification process when an attack occurs and it can be traced. Hopping from account to account increases the chance the attacker will not be found due to uncooperative administrators.
- Internet Relay Chat (IRC) is a tool used by many to pass around exploit information. It’s also used by many attackers to “show off” their attacks to their peers.
- Unfortunately, the wide use of IRC by attackers makes IRC servers, operators, and users a target when the attacker wants revenge. The first targets of the “smurf” program were IRC servers.
- Providers who do terminate accounts due to abuse are usually targets as well, just like IRC servers who ban users from using the servers.