Copy Link
Add to Bookmark
Report
Keen Veracity Issue 14
--------------------------------------------------------------------------------
_ _ _ _ _
| | / ) | | | | (_)_
| | / / ____ ____ ____ | | | |___ ____ ____ ____ _| |_ _ _
| |< < / _ ) _ ) _ \ \ \/ / _ )/ ___) _ |/ ___) | _) | | |
| | \ ( (/ ( (/ /| | | | \ ( (/ /| | ( ( | ( (___| | |_| |_| |
|_| \_)____)____)_| |_| \/ \____)_| \_||_|\____)_|\___)__ |
(____/
--------------------------------------------------------------------------------
I S S U E (14) L e g i o n s o f t h e U n d e r g r o u n d
----------------------------------------------------[www.legions.org]-----------
--------------------------------------------------------------------------------
M E M B E R S :
lothos Digital Ebola Firewa11
DataShark Overdose1 Phriction
ntwak0 pr00f havoc
TouchTone archim phemetrix
crabby gridmark bantrix
--------------------------------------------------------------------------------
[CONTENTS]------------------------------------------------------------[CONTENTS]
[1]====================================[Editorial - Lothos <lothos@lothos.org> ]
[2]============================================[Squatters Exposed! - Anonymous ]
[3]========================[The Art of: Social Engineering - danny@away.net.au ]
[4]=======================================[ciscoBNC.c - chrak <chrak@b4b0.org> ]
[5]===================[Wireless Technology Exposed - Vortek <vortek@gmail.com> ]
[6]==================================[Harriet the Spy - Dreid <dreid@dreid.org ]
[7]=============================================[Review of ToorCon - Overdose1 ]
[8]=====================================================[This issues LAMER.log ]
[9]==============================================================[/dev/urandom ]
[CONTENTS]------------------------------------------------------------[CONTENTS]
--------------------------------------------------------------------------------
[Editorial]=========================================[Lothos <lothos@lothos.org>]
--------------------------------------------------------------------------------
When I decided to take over the job of editing Keen Veracity, Legions of
the Underground was dead. Maybe not maggot-ridden dead, but on life
support kind of dead. The last issue of Keen Veracity, kv13, was released
over a year ago, and that was just a rehash of old articles with little
original content, so it hardly counts. I can understand the old school
articles, becuase it's difficult to pull something together when the
group doesn't contribute. The last kv with original content, kv12, was
published 7-27-2002, over three years ago. That issue had over 21
original articles written by group members and others. This issue, as you
can see, has 9, which is sad because Keen Veracity used to be a quality
magazine that was well respected in the security community.
I have tried to breath some life into Legions of the Underground. For
years now the members have done nothing constructive, have released no
code, no advisories, nothing. I have tried to get it going again with
a new issue of Keen Veracity, but the only other member to contribute
something was overdose1. (Thanks bro)
The irc channel, #legions on undernet, had degraded as well. People
brought their girlfriends in the channel, there was a lot of drama
involved with that and there was a lot of other infighting and
dick-waving. DigiEbola, our "leader," was one of the biggest dick-wavers
when he was supposed to be holding everything together instead of banning
people for no reason other than he didn't like what they said. A lot of
members have confided in me that they're not happy with digi but are
afraid to say anything for fear of being banned. I registered the
#legions channel with undernet channel services in an effort to provide
some stability for the channel. Everyone who had ops received ops on X,
no one was banned anymore for their opinions, and I figured it was a good
move to make.
A few people didn't see it as I did. Digi was upset because he lost
control over the channel. Another member accused me of "taking over" the
channel. I don't see how it could be considered a takeover, since
everyone who had ops before the registration was given ops after the
channel registration. Nothing changed, with the exception that people now
got auto opped when entering the channel. Big deal. Anyways, I'm the
most senior member still in the group. From the first published members
list of Legions of the Underground, from KV3:
optiklenz cap n crunch tip
icer Bronc Buster sreality
Zyklon havoc HyperLogik
Defiant Duncan Silver Slfdstrct
lothos
I don't see DigiEbola listed there, and I don't see how my registering the
channel on undernet was considered a "takeover." As the most senior group
member left, there is an argument that I should inherit Legions of the
Underground to counter the "takeover" cry. Our current "leadership"
definetly isn't doing the job. I have put a lot of time, energy, effort
and hard work into this group and I wasn't content to sit back and let it
die. I had considered becoming the new group leader, weeding out the
stagnant members and adding some new blood from the people I had recently
brought to the irc channel. Unfortunetly digi controls the domain name,
and while I could always get a new domain, I frankly don't believe it's
worth the effort anymore.
I hereby resign my membership from Legions of the Underground. It's been a
wild ride and I enjoyed every minute of it, but it's time to move on to
bigger and better things. I've made a lot of good friends along the way,
and hope nothing will change that. I have tried as best as possible to
refrain from airing our dirty laundry in the public, but some things just
had to be said. Nothing personal was meant by any of this, and Digi,
please don't take my comments personally. I know we've butted heads over
the future of legions, it wasn't personal, and I still consider you a
friend. I will be transfering ownership of the #legions undernet channel
to you, effective immediately.
Lothos - lothos@lothos.org
http://www.lothos.org
And now, on with the show. I have decided not to include my article in
this issue, it may be released later on my website. Anyways, I hereby
present you with what is likely the last issue of Keen Veracity.
Enjoy!
--------------------------------------------------------------------------------
[Squatters Exposed!]=================================================[Anonymous]
--------------------------------------------------------------------------------
Squatters Exposed!
by anonymous
I had my domain name stolen by squatters. Now, before you start
complaining that I should have renewed it if I wanted to keep it, let me
explain. When your domain expires, it goes into a redemption period where
it can be renewed. In my case, the redemption period was cut short and I
was unable to renew my domain. My domain was stolen by a group of squatters
who also happen to be spammers, pornographers, and domain registrars. How this
group became domain registrars is beyond me.
Now, before I get ahead of myself, a little background information and some
detective work:
This is the relevant whois data from my domain:
Sponsoring Registrar:Intercosmos Media Group Inc. (R48-LROR)
Registrant ID:ODN-676871
Registrant Name:Orion Web
Registrant Organization:Orion Web
Registrant Street1:1st Floor Muya House
Registrant Street2:Kenyatta Ave.
Registrant Street3:p. o. box 4276-30100
Registrant City:Eldoret
Registrant State/Province:KE
Registrant Postal Code:30100
Registrant Country:KE
Registrant Phone:+254.0735434737
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:info@kenyatech.com
The admin and tech contacts are the same as above.
Name Server:NS0.DIRECTNIC.COM
Name Server:NS1.DIRECTNIC.COM
This shows that a company called Orion Web in Kenya, Africa now owns my
domain. Pulling up the web page for my domain shows a page filled with ads,
with a "Click here to buy this domain" button that leads to
www.kenyatech.com, the company that now owns my domain name. They also own lots
of other domain names. Lots and lots, in the range of 140,000 or more.
Kenyatech claims that they're located in Kenya, Africa. They also accept
PayPal. Paypal does not do business with firms located in Kenya. Using
GeoBytes reports that the ip address for www.kenyatech.com, 209.16.83.2,
is located in Larose, Louisiana. Looking up the same address in the ARIN
database shows this IP is assigned to I-55 Internet Services in Hammond,
Louisiana.
A little research on the www.kenyatech.com site, browsing through all the
domains, shows a few patterns. The oldest dated domain I could find
registered to them was in August of 2004. The most current I could find
was August 23 2005, a week before this writing. Most are registerd to
kenyatech, but some of the older ones are registered to:
NOLDC, Inc.
838 Camp Street
4th Floor
New Orleans, LA 70130
US
504-523-0360
Some of the domains are registered to Domain Contender, with the majority
being registered through InterCosmos Media Group, DBA directnic.com.
Curious about where they're from? They're both owned by the same people,
and the address is:
650 Poydras Street
Suite 1150
New Orleans, LA 70130
US
(504) 679-5170
Is it just me, or is there a pattern developing with all these Louisiana
addresses?? The Camp Street address and the Poydras street address are
within blocks of each other.
I filled out a form on www.kenyatech.com offering to buy the domain for $50.
This offer was turned down. They instead suggested that I pay $300 plus a $30
fee, according to the following:
Hello,
NOLDC, Inc. accepts wire, money order or certified or cashiers check
(international checks please add an additional US$50 processing fee) only.
Checks and money orders must be made payable to NOLDC, Inc., and sent to:
NOLDC, Inc.
838 Camp St., 4th Floor
New Orleans, Louisiana 70130
NOLDC, Inc. Wire Information
(Note: Please be sure to add wire fees to final price of domain purchase.
Also, be sure to include the domain name that you are purchasing in the
Additional Information Section.)
Wire Fees for US Banks is $10.00
Wire Fees for Banks outside of the US is $50.00
Bank: Hibernia Bank
2412 Manhattan Blvd
Harvey, La 70058
USA
ABA#: 065000090
Account#: 2080083613
Swift Code: HIBKUS44
Beneficiary: NOLDC, Inc.
650 Poydras St Ste 1150
New Orleans, La 70130
USA
Sincerely-
NOLDC, Inc.
This links the Camp Street address with the Poydras Street address, by their own
admission. Now, who owns Intercosmos a.k.a directnic.com, who owns Domain
Contenders, and who owns NOLDC, Inc? A man by the name of Sigmund Solares. I
suspect that kenyatech.com is also owned by Sigmund Solares, given all the
evidence provided above. Sigmund Solares has a history of domain squatting, and
a history of hiding behind non-existant entities for the purpose of hiding his
squatting. This WIPO arbitration decision clearly outlines this:
Complainant claims that Respondent has no rights or legitimate interests
in the disputed domain name. According to Complainant, this conclusion is
suggested by Respondent's name: "Legal Services." Additionally, based on
an investigation conducted by Complainant, Complainant claims that Legal
Services is a fictitious identity adopted for the sole purpose of
registering the disputed domain name. According to the investigation report
there is no business by the name of Legal Services at the address listed in the
.biz Whois database. Further, there is no business by the name of Legal Services
at the address provided in the registration information. The only business
listing found at that address is a business called "Ingrid's Beauty Salon."
Likewise, the telephone number listed in the .biz Whois database is the number
for an individual named "Sigmund Solares" who claims that he is not affiliated
with Respondent. In fact, according to Complainant, Sigmund Solares is a
principal in and primary contact for the Registrar of Respondent's domain name.
Based on the above, Complainant asserts that Respondent has taken active steps
to conceal its true identity and provided false contact details in connection
with its domain name registration. Complainant concludes that the use of false
and misleading contact information suggests that the domain name was registered
for improper purposes.
Complainant also asserts that the fact that its trademark has a strong
reputation and is widely known is further support of Respondent's bad faith.
Finally, Complainant notes that the administrative, billing and technical
contacts for the registration is Joseph Tambert whose e-mail address is
listed as "josephtambert@homeville.com". Complainant states that the
website at <homeville.com> is a pornographic website. Thus, Complainant
claims that a risk exists that Complainant's valuable and well-known
trademark and service mark will be associated with a pornographic site and
will be tarnished as a result.
SOURCE:
http://arbiter.wipo.int/domains/decisions/html/2002/dbiz2002-00190.html
Joseph Tambert may be Sigmund's partner. This is his address:
Joseph Tambert
838 Camp Street
New Orleans
Notice the Camp Street? Sigmund and Joseph are linked together on the
whois info for fbi.biz, as well as the above arbitration case. Joseph's
email address, as explained in the above WIPO arbitration quote, links to
a pornographic website. Sigmund's email, as listed on the whois for
sigmundsolares.com, also points to a porn site. This group has had IP
addresses blocked for sending spam. They have a history of domain
squatting. How the hell did they become domain registrars?
As domain registrars, this gives them access to the whois database. I
believe that they use that access to aquire a list of domains entering the
expiration period. They would then be able to flag that domain as being
under their control, allowing them to transfer ownership to the Kenyatech
entity and cutting short the redemption period.
There is also evidence that suggests they abuse the whois database. The
whois database is used to find information on a domain name, including if
it is available for purchase. They may have access to what names are
looked up, and if it is available, and there is evidence to suggest that
they register these names for themselves before others have a chance to.
They also have a script on every domain they own, to judge the domain's
popularity. This script stores its data on a machine owned by
directnic.com. The more popular sites have to pay more money to buy the
domain back. I have seen less popular sites go for as little as $50, and
I've seen some offers of a thousand dollars turned down. The more popular
sites are renewed, and the less popular are allowed to expire. Being
domain registrars, they might not have had to pay anything to aquire the
144,000+ domains they own.
So, what can you do? If your domain was snatched, by all means don't
visit it or the kenyatech web site. Hopefully it will be allowed to
expire. Contact anyone linking to your website, and have them change the
link. If you have a popular domain, your only hope may be to go through
arbitration, or sue. There is a class action lawsuit being organized by
rederon.net. Complain to ICANN.org, and hopefully we can have their
domain registrar status revoked. By all means, don't pay them and support
their bad habits!
[ Editor's note: I also had my domain stolen by kenyatech.com, so when I
received this I couldn't resist including it. The domain name was for
RootFest, my computer security convention held in Minneapolis, Minnesota.
I am selling RootFest t-shirts to raise the funds needed to get my domain
back. If you're interested in supporting me, or just want to know more
about my specific case, please visit http://www.rootfest.net. -lothos ]
--------------------------------------------------------------------------------
[The Art of: Social Engineering]====================[danny\ <danny@away.net.au>]
--------------------------------------------------------------------------------
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% The Art Of: %%
%% Social Engineering %%
%% %%
%% danny\ <danny@away.net.au> %%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
http://www.legions.org/kv/kv14.txt
**********************************
%%%%%%%%%%%%%%%%%%%
%% Introduction: %%
%%%%%%%%%%%%%%%%%%%
Social engineering is one of the most effective way's to pulling off some
of the largest security breaches. With a concunction of being technically
savvy, and being organised and believable, you are a major security
threat.
In this paper, I hope to help unleash, and evolve, the social engineering
skills within you, because of course, everyone has at one stage in their
life social engineered.
%%%%%%%%%%%%%%%%%%%%%%%%%%
%% What Is: %%
%% Social Engineering %%
%%%%%%%%%%%%%%%%%%%%%%%%%%
Social Engineering is decieving and manipulating a target. Social
engineering tactics are usually done with the medium of a telephone; It's
easier to attack without being seen, and when carried out correctly, is
mostly flawless granted that you manipulate the operator into beliving
that you are, acutally who you say you are.
For most operators, if someone rings up, it's not out of the ordinary to
be requesting information, and their job description consists of supplying
you with this -- It's not hard to get something you want, from someone
that is offering it to you!
%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Doing Your Homework: %%
%%%%%%%%%%%%%%%%%%%%%%%%%%
Doing your homework on the target that you will be attempting to gain
information from is a vital part of the social engineering proccess. You
need to know what you want, how you want it, and you have to get the
point across with a very positive and confident attitude -- Make it
believeable! Do not stumble over your words; Everything has to be clear,
concise and professional.
When studying about the target, it is essential to only concentrate on
the details that actually matter. Study the terminology used in the
industry, you don't want to sound clueless when asked a question,
background information is imperative.
%%%%%%%%%%%%%%%%%%%%%%%%
%% Being Manipulative %%
%%%%%%%%%%%%%%%%%%%%%%%%
Being manipulative when carrying out a social engineering attack is a
neccessity, this is how you will influence the target and controlling them
to do, what you exactly want them to without them even realising it. It's
a very skillful, under the radar technique that will help you graciously.
Again, being manipulative means you have to be familiar with the target,
referring back to the "Doing your homework" section, Study the corporate
information of the target, find out how their operation runs, and use it
to your advantage.
Use the operators name when being greeted; It's usually procedure for them
to introduce themselves to the call -- This shows that you are calm,
confident, and alert. Refer to an employee that works there, this gives
the operator the impression that you are familiar with the company, and
takes the call to a more personal level; This relieves the thought of them
thinking otherwise when requesting the information you desire.
There are two levels you can manipulate on. You can either claim to be a
customer of the target; Used to obtain legitimate customers account
information, Or claim to be a staff member in another department/employee
of a company that the target deals with.
NOTE: Both can be very effective if the attack is carried out correctly.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Finding A Target: %%
%% Practice Makes Perfect %%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Before attempting to carry out a social engineering attack on a high
profile target, practicing on smaller, more vulnerable companies is very
valuable; There's no room for mistakes, especialy when the consequences
can mean a pretty heavy jail term.
Attempt to social engineer your local ISP; Most local ISPs resell their
services from a larger mainstream provider. Claim to be an employee of the
company which resells their services to the target; Remember to introduce
yourself in a clear and concise manner, sound confident, and ask for the
right people in the correct department.
This opens an array of doors of where you want to take the attack, whether
it be updating their payment details in your system, or confirming radius
server logins for an urgent security maintenance which needs to be
undertaken immediatley on their managed server -- Have this planned, you
need to know exaclty what you have to say, every step of the call, do not
miss a beat.
Do not sound too eager to gather the information, remember, manipulate
them. Make them believe that it a security issue on their behalf, and
without the proper fix, their current operation won't be running smoothly;
It's all about them! Advise them on how long it will be before the
maintentance is complete.
Once the supposed maintenance has been completed in the timeframe you have
given them, provide them a courtesy callback that the issue has been
resolved. This strikes out the risk of them calling the mainstream
provider to see whats happening with the update, and minimises the risk of
being caught.
%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Easy? Not Quite. %%
%%%%%%%%%%%%%%%%%%%%%%%%%%
It's not always going to be so easy, at times you may find yourself to be
in a heated situation, remain calm, stay in character, offer a callback
from one of your superiors to have the situation sorted out, do whatever
means neccessary.
Remember, once you start digging your way through the inner workings of a
target, it's only going to get harder. The most vulnerable part of a
company are their employees. Operators may be easy to exploit, but when
speaking to senior representatives, and executives of the company, it's
going to be a whole lot more challenging.
%%%%%%%%%%%%%%%%%%%%%%%%%%
%% Conclusion %%
%%%%%%%%%%%%%%%%%%%%%%%%%%
So, This concludes my paper. Hopefully this outlines what you need to
know on your journey as a Social Engineer. There are social engineers
everywhere, so the next time you pick up a call, You may have to try twice
as hard to identify who you are actually talking to!
Have Fun!
%%%%%%%%%%%%%%%%%%%%%%%%%%
%% References %%
%%%%%%%%%%%%%%%%%%%%%%%%%%
Here's some papers and books that will help you. There are alot of factors
to cover, please visit some of these offsite links for your benefit:
- Paper: Social Engineering
- Link: http://www.sans.org/rr/whitepapers/engineering/1365.php
- Author: Aaron Dolan
- Book: The Art Of Deception: Controlling the Human Element of Security
- Link: http://www.amazon.com/exec/obidos/tg/detail/-/0471237124/102-1921421-8544955?v=glance
- Author: Kevin Mitnick
- Paper: Social Engineering: It's a matter of trust
- Link: http://www.computerworld.com/securitytopics/security/story/0,10801,82894,00.html
- Author: Douglas Schweitze
--------------------------------------------------------------------------------
[ciscoBNC]==============================================[Chrak <chrak@b4b0.org>]
--------------------------------------------------------------------------------
[ Editer's note: Chrak was supposed to do a writeup of this for kv, but
he's been missing in action for a while. I decided to include it as is. ]
/*
Written 2005 by chrak <chrak@b4b0.org> <http://www.chrakworld.com>
shoutoutz to #b4b0 and #c1zc0 @ EFNet
ircclient -> ciscoBNC -> router -> ircserver
/server ciscoBNCserv 7777
/quote doitup 1.1.1.1 mypass irc.LOL.com 6667
this is version 0.9, next will have more bug fixes, error checking,
password pro
tection,
ability to disconnect and resume irc sessions, lists of DOITUPs stored!
can someone email me if they know how to turn off IOS> shell echoing?
This code is distributed under the GNU Public Licence (GPL) version 2.
See http://www.gnu.org/ for further details of the GPL. If you do not
have a web browser you can read the LICENSE file in this directory.
**/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <signal.h>
#include <time.h>
#define D_VER "0.9"
#define D_PORT "7777"
#define D_REALNAME "ciscoBNC user"
int create_server (unsigned int port);
int server_notice (int sock, char *msg);
int server_notice_from (int sock, char *msg, char *from);
int serve_client (int sock);
int relay_client_and_router (int sock, int r_sock);
int rnd1toN (int max);
void
startdaemon (void)
{
switch (fork ())
{
case -1:
perror ("fork()");
exit (1);
case 0: /* child */
break;
default: /* parent */
exit (0);
}
if (setsid () == -1)
{
perror ("setsid()");
exit (1);
}
//fclose(stdin);
//fclose(stdout);
}
// vhost = NULL for no bind()
int
connect_to_tcphost (const char *hostname, unsigned int port,
const char *vhost)
{
int sock;
struct hostent *he, *hel;
struct sockaddr_in saddr;
struct sockaddr_in localaddr;
if ((sock = socket (AF_INET, SOCK_STREAM, 0)) == -1)
{
perror ("socket()");
return -1;
}
if (vhost)
{
if ((hel = gethostbyname (vhost)) == NULL)
{
herror ("gethostbyname()");
close (sock);
return -1;
}
memset (&localaddr, 0, sizeof (struct sockaddr_in));
localaddr.sin_family = AF_INET;
localaddr.sin_port = 0;
localaddr.sin_addr = *((struct in_addr *) hel->h_addr);
/* this is to use VHOST */
if (bind (sock, (struct sockaddr *) &localaddr, sizeof (localaddr)))
{
perror ("bind()");
close (sock);
return -1;
}
}
if ((he = gethostbyname (hostname)) == NULL)
{
herror ("gethostbyname()");
close (sock);
return -1;
}
saddr.sin_family = AF_INET;
saddr.sin_port = htons (port);
saddr.sin_addr = *((struct in_addr *) he->h_addr);
if (connect
(sock, (struct sockaddr *) &saddr, sizeof (struct sockaddr)) == -1)
{
perror ("connect()");
close (sock);
return -1;
}
return sock;
}
int
readline_from_sock (int sock, char *line, int max_read)
{
int i = 0, retval = 0;
bzero (line, max_read);
retval = recv (sock, line, max_read, MSG_PEEK);
while (line[i] != '\n' && i != max_read && i != retval)
++i;
retval = read (sock, line, ++i);
line[i] = '\0'; /* terminate the string */
// sloppy but to kill it
if (strlen (line) == 0)
{
fprintf (stderr, "KILLING THIS CONNECTION\n");
exit (0);
}
return retval;
}
int
main (int argc, char *argv[])
{
int sock, csock, l;
struct sockaddr_in caddr;
fprintf (stderr,
"ciscoBNC V%s\nrun with additional arg to make daemon (%s
-)\n(chrak@b4b0.org) (http://www.chrakworld.com)\non port %s\n",
D_VER, argv[0], D_PORT);
if ((sock = create_server (atoi (D_PORT))) == -1)
{
// change to stdout so we can see it from PHP!!@!@
fprintf (stderr, "create_server FAIL\n");
exit (-1);
}
if (argc > 1)
startdaemon ();
// stop zombies
signal (SIGCHLD, SIG_IGN);
while (1)
{
l = sizeof (struct sockaddr_in);
if ((csock = accept (sock, (struct sockaddr *) &caddr, &l)) == -1)
{
perror ("accept()");
exit (-1);
}
fprintf (stderr, "connection from: %s\n", inet_ntoa (caddr.sin_addr));
switch (fork ())
{
case -1:
perror ("fork()");
//write(csock,"fork():ERROR\r\n",strlen("fork():ERROR\r\n"));
exit (1);
case 0: /* child */
server_notice (csock, "connected to ciscoBNC!");
{
serve_client (csock);
}
close (csock);
exit (0);
default: /* parent */
close (csock);
}
}
}
int
create_server (unsigned int port)
{
int sock, l = 1;
struct sockaddr_in saddr;
if ((sock = socket (AF_INET, SOCK_STREAM, 0)) == -1)
{
perror ("socket()");
return -1;
}
setsockopt (sock, SOL_SOCKET, SO_REUSEADDR, &l, sizeof (int));
saddr.sin_family = AF_INET;
saddr.sin_port = htons (port);
saddr.sin_addr.s_addr = INADDR_ANY;
if (bind (sock, (struct sockaddr *) &saddr, sizeof (struct sockaddr)) == -1)
{
perror ("bind()");
return -1;
}
/* only 5 connection at a time heh!@ */
if (listen (sock, 5) == -1)
{
perror ("listen()");
return -1;
}
return sock;
}
int
serve_client (int sock)
{
char buf[1024];
char doitup[250];
char mbuf[1024];
int connected_to_router = 0;
int connecting_to_irc = 0;
int sent_pass_once = 0;
int r_sock;
char *routername;
char *routerpass;
char *ircservname;
char *ircport;
char myuser[20], mynick[20];
srand (time (NULL)); // seed random # generator
snprintf (myuser, sizeof (myuser), "user%d", rnd1toN (99));
snprintf (mynick, sizeof (mynick), "d0ud%d", rnd1toN (99));
repeatdoitup:
routername = NULL;
routerpass = NULL;
ircservname = NULL;
ircport = NULL;
server_notice (sock, "**************TO CONTINUE*******************");
server_notice (sock,
"HELP ME OUT CLICK ADS AT http://www.chrakworld.com !!");
server_notice (sock,
"/QUOTE DOITUP router routerpass ircserver
ircserverport");
server_notice (sock,
"EXAMPLE /quote doitup 1.1.1.1 mypass irc.LOL.com 6667");
while (1)
{
if (readline_from_sock (sock, buf, sizeof (buf)) == -1)
{
perror ("readline_from_sock()"); //change.
return -1;
}
if (!strncasecmp (buf, "DOITUP", strlen ("DOITUP")))
{
char *p;
strncpy (doitup, buf, sizeof (doitup));
if ((p = strtok (doitup, " \r\n")))
{
while ((p = strtok (NULL, " \r\n"))
&& (!routername || !routerpass || !ircservname
|| !ircport))
{
if (!routername)
routername = p;
else if (!routerpass)
routerpass = p;
else if (!ircservname)
ircservname = p;
else if (!ircport)
ircport = p;
}
if (!routername || !routerpass || !ircservname || !ircport)
goto repeatdoitup; // fuck you
snprintf (buf, sizeof (buf),
"OK.. connecting to router %s with pass
%s,ircserver %s:
%s\n\nQUOTE something else if nothing happens\n",
routername, routerpass, ircservname, ircport);
server_notice (sock, buf);
goto doitup_done; // goto
}
else
{
goto repeatdoitup; //LOL
}
}
}
doitup_done:
while (1)
{
if (readline_from_sock (sock, buf, sizeof (buf)) == -1)
{
perror ("readline_from_sock()"); //change.
return -1;
}
if ((r_sock = connect_to_tcphost (routername, 23, NULL)) != -1)
{
connected_to_router = 1;
snprintf (mbuf, sizeof (mbuf), "connected to %s", routername);
server_notice (sock, mbuf);
while (1)
{
if (readline_from_sock (r_sock, buf, sizeof (buf)) == -1)
{
perror ("readline_from_sock()"); //change.
// do something
}
else
{
// buf[strlen (buf) - 1] = '\0';
if (strstr (buf, "assword:")) // send router passwd
{
if (sent_pass_once) // failed already. reprompted
{
// test this
server_notice (sock, "ROUTER PASSWORD FAILED!!!");
return -1;
}
sent_pass_once = 1;
server_notice_from (sock, "Logging into router...",
"ciscoBNC");
write (r_sock, "cisco\r\n", strlen ("cisco\r\n"));
}
else if (buf[strlen (buf) - 1] == '>') // got cmd prompt
{
if (connecting_to_irc) // failed. back at prompt.
{
server_notice (sock, "connect irc port FAILED!!");
return -1;
}
server_notice_from (sock, "trying connect irc server",
routername);
// write (r_sock,
// "telnet Sterling.VA.US.UnderNet.org 6667\r\n",
// strlen
// ("telnet Sterling.VA.US.UnderNet.org 6667\r\n"));
snprintf (buf, sizeof (buf), "connect %s %s\r\n",
ircservname, ircport);
write (r_sock, buf, strlen (buf));
connecting_to_irc = 1;
}
else if (strstr (buf, "Open")) // connection opened!
{
snprintf (buf, sizeof (buf), "USER %s %s %s %s\r\n",
myuser, routername, ircservname, D_REALNAME);
write (r_sock, buf, strlen (buf));
snprintf (buf, sizeof (buf), "NICK %s\r\n", mynick);
write (r_sock, buf, strlen (buf));
relay_client_and_router (sock, r_sock);
return 0;
}
}
}
}
else
{
// fail!
return -1;
}
}
}
int
server_notice (int sock, char *msg)
{
char buf[1024];
snprintf (buf, sizeof (buf), "NOTICE * :%s\r\n", msg);
return write (sock, buf, strlen (buf));
}
int
server_notice_from (int sock, char *msg, char *from)
{
char buf[1024];
snprintf (buf, sizeof (buf), "%s: %s", from, msg);
return server_notice (sock, buf);
}
// assumes we are connected to irc server from router already.
int
relay_client_and_router (int sock, int r_sock)
{
char buf[1024];
char buf1[1024];
fd_set rfds;
int retval;
while (1)
{
FD_ZERO (&rfds);
FD_SET (sock, &rfds);
FD_SET (r_sock, &rfds);
retval = select (1023, &rfds, NULL, NULL, 0);
if (retval)
{
if (FD_ISSET (sock, &rfds))
{
if (readline_from_sock (sock, buf, sizeof (buf)) > 0)
{
write (r_sock, buf, strlen (buf));
strncpy (buf1, buf, sizeof (buf1)); // save last thing sent.we will need this to stop shell echo from IOS.
} // else..
}
if (FD_ISSET (r_sock, &rfds))
{
if (readline_from_sock (r_sock, buf, sizeof (buf)) > 0)
{
if (strcmp (buf, buf1))
write (sock, buf, strlen (buf));
else
{
// printf ("IGNORING IOS ECHO\n");
} // else
}
}
}
}
}
int
rnd1toN (int max)
{
return (rand () % max) + 1;
}
--------------------------------------------------------------------------------
[Wireless Technology Exposed]========================[Vortek <vortek@gmail.com>]
--------------------------------------------------------------------------------
Wireless Technologies Exposed
Security and Specifications demystified
VORTEK
Knowledge is a process of piling up facts; wisdom lies in their
simplification
Martin H. Ficher
Greetings, the purpose of this article is to explain a few things
about wireless. I will not go in depth to the security features of IEEE
802.11 specification families. However, I will cover the basics so you
will understand enough to distinguish between the different
specifications. You will know which to apply based on its level of
security, And hopefully you will have enough knowledge to decide for your
self.
NOTE: I Will assume you know the RAW basics of some things. If you do
not google.com them. This article is not meant to be a novel. Besides you
will learn a thing or two.
Now Grab your favorite beer, wraps or stimulant drink and lets get
started! Grab that shit I'm serous!
The IEEE 802.11 family of specifications are broke down into 4 types. Well
3 officially. We will begin by breaking down the basics of each type and
its features. We will cover its air waves its basic features of speed
range and such. And its basic security.
The first Specification we will start with is older than an unpatched
chinese server. I didn't cover plain 802.11 Because its ANCIENT!
802.11A
This specification operates on the 5GHz band. Which is good because most
of your current house hold phones work on the overcrowded 2.4GHz band. The
downfall to this higher frequency range is its inability to penetrate
walls and obstructions, which can be quit cumbersome. It also carries a
higher cost for its equipment. Let alone its crappy range. Expect to get
a maximum speed of 54 Mbps
Now the A specifaction uses orthogonal frequency division multiplexing
(OFDM). OFDM basically splits radio signals into a lot of smaller
sub-signals, which in turn are transmitted simultaneously to different
frequencies towards the receiver. This reduces some of the crosstalk also.
If you'd like more info on OFDM google it. This is an article not a
novel.
802.11B
This specification operates in the 2.4Ghz band. This means overcrowded,
Don't use close to microwaves or 2.4Ghz Cordless phones. Now this
frequency penetrates walls a heck of a lot easier. Set your channels
right on your Wireless Router and your signal can go 3 floors down. You
also get much more range with B. Now don't expect much speed from this
specification it's only 11 Mbps, But its more of a stable signal. These
products also tend to be cheaper in cost and more widely used.
The 802.11B Specification uses direct sequence spread spectrum (DSSS).
Basically there is a chipping code that uses a redundant bit pattern for
each bit that is transmitted, which in return aids in resistance to
interference. If any of the bits are corrupted the original data will be
recovered due to the redundancy of the transmission. Basically THIS MEANS
ERROR CORRECTING! Want more info google for DSSS.
802.11G
This is nothing more then the best of A and B mixed. It's 2.4Ghz At
54Mbps. It is also backwards compatible with b. G also uses OFDM. Now
there are some routers that go way beyond 54Mbps with Turbo modes, But
why? Your not running a some huge FiberObtic network are you?
802.11 (pre) N We will cover this after the security section which I will
explain later.
Ok the security of these are basically all the same. Crappy WEP and WPA1
which is basically nothing more then what was working from 802.11I at the
time. We all know why WEP is insecure. It breaks the #1 cardinal RULE OF
RC4 NEVER EVER REPEAT THE KEYS.
The problem with WEP is not in RC4 in itself as you can see. The problem
is the idiots who made 802.11 did not specify how IV"s "Initial Vectors"
should be created, also the algorithm is pure crap. WEP uses 24 bits for
its IV value range which as you can see, we could easily use this up with
high volume traffic. This basically means that the same IV will be used
with a different datapacket! "BREAKING THE RC4 Cardinal RULE!" What, you
ask well what if there is no traffic? There are methods to force traffic.
>:) IF you want to know them Read a WEP cracking tutorial. There are
plenty of good ones on google.com. Now just to clarify a few things, You
may wonder what the IV really is. 24-bit values are attached to the
secret key and used in the RC4 cipher stream. The reason we have IVs is to
ensure that the value used as a seed for the RC4 PRNG "Pseudo Random
Number Generator" is always different.
Ok what does all this mean ? I record all your wep traffic until I receive
2 packets that have the same IV aka RC4 keys I can use a XOR function to
link 2 packets and compute the key. In other words Do not use WEP AT ALL.
I don't care how elite your crypto key is.
Ok now lets cover WPA1, Which is basically nothing but a TKIP "Temporal
Key Integrity Protocol" wrapper around wep. For starters this prevents the
repeat attacks that WEP has by extending the IV to 48 bits. And by now we
all know that IV's are used to encrypt the data in the packet. Now TKIP
adds a few security enhancements to wep. The first is Cryptographic
message integrity code (MIC). Which prevents forgery. Its basically a
cryptographic checksum that protects against forgery attacks. The second
feature IV sequencing (TSC) "TKIP Sequence Counter" prevents replaying
of data. Basically if the TSC in the IV better match with in a certain
range when received or the packets are drooped. The 3rd method is the
Per-Packet mixing function. Basically this means that were changing the
encryption key every now and then for the client. It also provides a
message
integrity checker. This method is a little to advanced to cover here..
Now remember boys and girls this is all based on RC4.
Now the good stuff WPA2
WPA2 is a full implementation of certified 802.11I. It uses AES-CCMP
"(AES-C)Gunter Mode (C)BC-(M)AC (P)rotocol" This is also the standard for
the Pre N serious of routers.
WPA2 utilizes many advanced features over WPA1 The #1 feature is AES
(Advanced Encryption Standard) It's basically Military crypto warez.
So no more crappy RC4. It also uses PMK (Pair-wise Master Key) which
allows you to reconnect to your access point if lets say you walked to
another AP and back. "You will not have to re authenticate." Also
Pre-authentication allows you to pre-authenticate to another AP, While
holding your connection to your existing AP. Basically you only need
1/10th of second to change AP's while roaming. Now if you don't use
Pre-authentication with PMK caching It would take more then a second and
some of your time sensitive crap like video, VoIP and other crap will go
FUBAR!
Ok for the other features. For starters we get forced 128 bit keys!!!
h0h0h0h0! Basically every thing else is the same as wpa accept for the AES
standard and PMK. But for you people who want more info.. I will just
post information from the computing dictionary.
Official Computing Dictionary Definition below
AES-Counter Mode CBC-MAC Protocol) The encryption algorithm used in the
802.11i security protocol. It uses the AES block cipher, but restricts the
key length to 128 bits. AES-CCMP incorporates two sophisticated
cryptographic techniques (counter mode and CBC-MAC) and adapts them to
Ethernet frames to provide a robust security protocol between the mobile
client and the access point.
AES itself is a very strong cipher, but counter mode makes it difficult
for an eavesdropper to spot patterns, and the CBC-MAC message integrity
method ensures that messages have not been tampered with. See 802.11i,
AES, counter mode and CBC-MAC.
"IF you want more info on this your really going to have to do a LOT of
reading." There is no point on trying to refine something so short and
true.. Call me a copy cat if you like.
Ok now time for the phat lady to sing! 802.11 (pre-N)
802.11 (pre-N)
This is basically 802.11I with certified WPA2 which in turn is a Full
certified implantation of 802.11I. Now the reason we use pre-n Is because
there is a battle going on in standards. We will not get into that here.
But basically its like what happened in the old days with the 56k modem
standards. Rockwell Vs Us Robotic. Now the advantages to PRE-N are huge.
You get GREAT EXTENDED RANGE. This is achieved by using something called
MIMO (Multiple Input Multiple Output), in which a number of antennas
transmit many unique data streams in the same frequency channel (other
Wi-Fi products transmit data in a single stream in a single channel).
MIMO also uses OFDM. Which you should remember from above. You basically
get 3 antennas. The advantages Are more range less interference and a
funky looking evil router. Oh yeah its backwards compatible with B and G.
Now you know the VERY raw basics of wireless. Well what happens beyond
the GUI in your Wintendo XP Wireless configuration. Be sure to upgrade XP
to support WPA2.
Now lets all go to France And do some war driving, We can hack there
WHITE-FLAG Linux boxes. After One failed login you get root and a system
message of I surrender. I don't hate French people don't worry!
And one last message to all you knew skewl kiddies. READ READ LEARN! And
be glad you can google.com For it was not always this easy to GET
INFORMATION!
Send Hate mail to vortek@gmail.com
h0h0h0h0h0h0h0h0h0h0h0h0h0h0h0..........................................
--------------------------------------------------------------------------------
[Harriet the Spy]======================================[Dreid <dreid@dreid.org>]
--------------------------------------------------------------------------------
Harriet the Spy
===============
What is Harriet the Spy?
------------------------
Harriet the Spy is designed to be a relatively low cost solution for
creating a stationary battery-operated wireless packet capture system.
Yes but what does that mean?
----------------------------
It means that it's a computer, whose only job is packet capture, and
it can be left in one place for an extended period of time, to capture
packets for a specific wireless network or set of wireless networks.
What is it made of?
-------------------
The most basic configuration for Harriet requires a 802.11a or b or g
router that is similar or compatible with the Linksys WRT54G(S) series
of routers, in that it can run an open source linux based firmware.
For my experiments I used a WRT54G version 2 [1], and OpenWRT [2]. It
also includes a battery pack made of 4 1.5v Alkaline batteries.
How to make it.
---------------
The Battery pack.
+++++++++++++++++
The battery pack used will likely fall somewhere in this rough
description no matter what kind of compatible router you get. The
number of batteries you need might vary depending on the actual power
usage of the router. I'm not an electrical engineer but I do know
that most consumer electronics devices do not require the full output
voltage of their DC wall adapters. The WRT54G's for instance has a
power output of 12v DC. But it can on 6v DC without any problem. So
the basic parts list for this part of the project is this:
* 1 DC Size M plug.
* 4 1.5v alkaline batteries.
* 1 battery holder of the same size.
In theory the only thing the cell of the battery would affect in this
case would be runtime. So you could use anything from AA to D. I
chose D for this as I just wanted to see how long I could keep it
running for. The manufacture of this battery pack is very simple and
requires very minimum soldering skill (read: you should know which end
to hold.) Simply take the wires from the battery holder, and solder
them to the positive and negative leads on the DC Size M plug. Insert
the batteries into the holder, and that's all she wrote about
that. You can now power any device which can be sustained on 6v DC.
The Router and OS
+++++++++++++++++
Flashing OpenWRT onto a WRT54G or compatible router is a well
documented process, and can be found here [3]. The client mode
configuration is also well documented and can be found here [4].
When installing kismet you should install the kismet_server package,
and turn off the wireless interface prior to starting it.
The Test
--------
The base test for battery life was to plug in the router, start up
kismet, and then take a voltage reading of each battery under load.
Then after an hour I'd take the readings again, and approximate how
many hours before the batteries were operating at less than 30% capacity.
The initial readings where:
1.31, 1.36, 1.35, 1.34 for a total of 5.36V
After two hours the voltages read:
1.01, 1.08, 1.05, 0.95 for 4.09V
That's a 1.27V difference, if we assume the voltage drop to be linear
then every two hours we would lose 1.27V, with 1.78V being the magical
30% capacity mark. So that's about 6hrs of battery life. Which isn't
too shabby for the cost of production. You could capture a lot of
packets in 6hrs.
Potential Problems and Potential Improvements
---------------------------------------------
So right now Harriet is capable of sitting around, for 6 hours
unattended, and capture packets. Of course since it only has 4mb of
storage if you're using a WRT54G, and 8mb if you're using a GS, it can
only capture so many packets. Especially since atleast 2MB of flash
is being taken up by the OS. However one planned improvement is to
add an SD card [5], which will give up to 2GB of storage, other options
would be adding a USB port and using an IDE storage device. Yet
another option would be using a 802.11b ethernet bridge or usb 802.11b
adapter connected to a nearby network for packet capture (just make
sure you're not capturing that networks packets.)
Another potential problem is that as the batteries lose power, one
could potentially damage the router hardware. This problem could be
overcome by adding a low-power cut-off circuit.
Also the price of D-Cell lead-acid batteries is rather expensive over
time,
and one could find a much more suitable source of power, including
rechargeable NiMH batteries like those used in RC Cars and Airsoft
guns, or even the more expensive though very reliable and long lasting
Li-Poly batteries for the higher end RC vehicles.
Final Thoughts
--------------
All things considered I believe the initial revision of Harriet the
Spy is quite a success, the next steps in it's evolution will be the
abovementioned low-power cut-off circuit, and the addition of an SD
card reader. Then I hope to field test the device in a high traffic
wireless deployment. After that I'll begin experimenting with a
variety of rechargeable and longer lasting battery solutions.
Footnotes
---------
[1] http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Product_C2%26cid%3D1124916802645&pagename=Linksys%2FCommon%2FVisitorWrapper
[2] http://www.openwrt.org/
[3] http://wiki.openwrt.org/OpenWrtDocs/Installing
[4] http://wiki.openwrt.org/ClientModeHowto
[5] http://wiki.openwrt.org/OpenWrtDocs/Customizing#head-00b294c0c885db1d544fbfcd48e9367d20b38b5a
--------------------------------------------------------------------------------
[Review of ToorCon]===================================================[overdose]
--------------------------------------------------------------------------------
Overview of Toorcon, San Diego California's premiere Security conference
By OverDose
Well first things first, I went to Toorcon , and the first night was a
sort of meet and greet. There were a lot of people already there, people
that were affiliated with defcon, Layer 1, and a few other conferences I
had attended. There were hors d'oeuvres and an awesome social atmosphere.
There were of course people talking about newer tools and recent
compromises that were public and things that had happened to end users at
the employer.
Saturday was the day that things got swinging, there were 2 tracks of
speakers cleverly name Smoke and Mirrors. The smoke track which is
synonymous to digital security, had several speakers ranging from a BBS (
documentary about BBSes and a MUST WATCH) Q&A to how hackers get caught.
On the other track Mirrors, synonymous with network security and trust,
talks ranged from hacker versus the mobile phone to anonymous
On the other track Mirrors, synonymous with network security and trust,
talks ranged from hacker versus the mobile phone to anonymous
communication for the Dept. of Defense..and you.
Saturday night was awesome, the wonderful people at toorcon had set up a
party for us in the Galileo 101 in downtown San Diego, really close to the
convention center where Toorcon was held. It was a two story bar of
sorts, with DJ's spinning lots of house, lounge, trance, and many other
electronica styles. The drink were good but expensive. Never the less it
was an awesome time to be had by ANY geek who was down for a party.
Sunday Sept 18th, the day that was wrapping up the con, but don't let that
fool you. There were many people still around and having an awesome time,
chatting among each other as well as checking out the Sunday speeches.
Sunday's Smoke track ran from everything from Infrared hacking to a law
enforcement panel, and the Mirrors portion had Running a small hacker
conference panel to the Future of Phishing, it really DID have it all and
then some.
I want to close by saying thanks to h1kari, nfiltr8, geo, phil,SoMe_BoDy,
freshman, arachne, and everyone else that helped put Toorcon together.
You guys did an awesome job. One thing I HAVE To bring up was the lax
environment and the courtesy towards all of the attendees. If anyone has
been to a hacker con, generally you get souvenirs that you must pay for,
generally from a vendor area. This is one area that delightedly Toorcon
differentiates itself, They gave EVERY attendee an official Toorcon shirt
with dates/locations and things of this nature. How cool is it, that
these people appreciate each and every attendee that they would give them
all an awesome souvenir just for attending?
That's all I can say about Toorcon, if you are in the mood for a relaxing
and informative time in the San Diego area, I highly suggest you attend
Toorcon.
--------------------------------------------------------------------------------
[This issues LAMER.log]=====================================[#espionage @ efnet]
--------------------------------------------------------------------------------
1.9 GIGAHERTZ! 1.9 GIGAHERTZ! Yup! This, from the immature guy who went
off on someone and told them to read an RF (radio frequency) book!
ttransien also claims to be an ex l0pht member, but after talking to him
for five minutes it's clear that he's too much of a moron to ever be in
l0pht.
[20:39] <ttransien> lothos
[20:40] <uplink> trans
[20:40] <uplink> you code?
[20:40] <ttransien> wut
[20:40] <ttransien> of course
[20:40] <uplink> I learned C
[20:40] <ttransien> didn't you download myelite software like everyone
else?
[20:40] <lothos> ttransien
[20:40] <uplink> no
[20:40] <ttransien> :-o
[20:40] <uplink> haven't even seen it
[20:40] * uplink sets mode: +vvvv Christ cia darkhmet lothos
[20:40] * uplink sets mode: +vvvv migzy Rav^ v_id |-|acks
[20:40] <lothos> your bluetooth software?
[20:40] <uplink> :O
[20:40] <ttransien> h0h0 mvoice
[20:41] * uplink sets mode: -vvvv playd0h trans ttransien uplink
[20:41] <uplink> we're leet with +O's
[20:41] <uplink> we don't need voiced
[20:41] <uplink> we don't need voices
[20:41] <ttransien> dewd don't play around you'll soon be out of control
[20:41] <uplink> h0h0h
[20:41] <uplink> I gotta go for a sec
[20:41] <uplink> brb
[20:41] <ttransien> you are 17 it is easy to forget things and go out of
control
[20:41] <ttransien> bye >:D<
[20:41] <ttransien> nevermind you are too young to hug that is way gay
[20:45] <uplink> h0h0
[20:58] <ttransien> hi
[20:59] <ttransien> dood if i sit my cell phone by the monitor
[20:59] <ttransien> my monitor flips out right before my ophone rings
[20:59] <lothos> iden is notorious for that
[20:59] <lothos> speakers as well
[20:59] <lothos> and tv
[21:00] <ttransien> 1watt or so at maybe 1.9GHz
[21:00] <ttransien> but 1.9GHz is not the refresh rate of my monitor!
[21:00] <ttransien> and i doubt it's even a harmonic :D
[21:00] <ttransien> so i wonder what's happening
[21:02] <lothos> those are the worst phones as far as radiation
[21:02] <ttransien> i bet it does it if i make a call too
[21:02] <ttransien> let me try
[21:02] <lothos> yup
[21:02] <lothos> and iden works on 800mhz
[21:02] <ttransien> iden?
[21:02] <lothos> 806-866 MHz
[21:02] <lothos> nextel is not gsm
[21:02] <lothos> it is iden
[21:02] <ttransien> why do you think i'm on that freq
[21:03] <lothos> if you have nextel that is your freq
[21:03] <ttransien> dood i'm out of the states right now
[21:03] <ttransien> as previously mentioned
[21:03] <lothos> Integrated Dispatch Enhanced Network
[21:05] <lothos> iden is 800mhz
[21:05] <ttransien> you've mentioned that
[21:05] <lothos> yes
[21:05] <ttransien> however i am not in the united states currently as
mentioned two or three times
[21:05] <lothos> do you have a loaner phone?
[21:05] <ttransien> a business phone
[21:06] <ttransien> belongs to the company
[21:06] <lothos> did they give you a phone to use overseas?
[21:06] <ttransien> no, the phone was already overseas
[21:06] <ttransien> purchased locally
[21:06] <lothos> is that thru nextel?
[21:06] <ttransien> of course not
[21:06] <ttransien> we use the local network
[21:06] <lothos> europe?
[21:06] <ttransien> asia
[21:06] <lothos> 900mhz or 1800mhz then
[21:06] <uplink> yo
[21:06] <uplink> I'm gonna get a 5mbit connection
[21:06] <lothos> not 1.9ghz
[21:07] <ttransien> where do they use 1900
[21:07] <lothos> the usa
[21:07] <lothos> 850/1900 is usa gsm
[21:07] <ttransien> rgr
[21:07] <lothos> i'm guessing you're on 900 mhz from the way it interacts
with the monitor
[21:07] <ttransien> what in the monitor would resonate at 800mhz
[21:07] <lothos> who knows, i just know cellular
[21:08] <ttransien> btw my nextel is gsm; it was advertised as such and i
used it in singaporre
[21:08] <lothos> maybe it is then
[21:08] <ttransien> i have to pay more for my plan
[21:08] <lothos> you should be able to use it in asia then
[21:08] <ttransien> i am getting a call in
[21:08] * Christ (c@220-245-133-132-vic-pppoe.tpgi.com.au) Quit (Ping
timeout: 276 seconds^O)
[21:08] <ttransien> i can see it :D
[21:08] <lothos> unless you're in south korea
[21:08] <lothos> they use cdma not gsm
[21:08] <lothos> or japan
[21:08] <lothos> japan does not use gsm
[21:09] <ttransien> i don't know what bands my phone supports
[21:09] <ttransien> i do have it in a box somewhere i just didn't try
[21:09] * Christ (c@60-240-128-36.tpgi.com.au) has joined #espionage
[21:09] <lothos> what country are you in?
[21:09] <ttransien> i have a locally purchased phone paid for y the
company
[21:09] <ttransien> i am in cyberia :D
[21:14] <ttransien> anyway let's talk until my ride gets here
[21:14] <ttransien> i have nothing else to do
[21:14] <ttransien> entertain me
[21:15] <ttransien> ok i'll begin
[21:15] <ttransien> it is interesting to note that the interference only
occurs before the phone rings
[21:15] <ttransien> which leads me to believe 2 things
[21:15] <ttransien> 1 - the phone ramps down power during negotiation with
the tower
[21:15] <ttransien> 2 - i have a good signal
[21:15] <ttransien> 2 is confirmed by my signal bars on the display
[21:16] <ttransien> uplink would you like to interject an observation at
this point?
[21:17] <ttransien> bbl
[21:17] * ttransien (~transient@get-o.net) Quit (^B[^BBX^B]^B Pretzel Boy
uses BitchX. Shouldn't you?^O)
--------------------------------------------------------------------------------
[/dev/urandom]=========================================[Random Facts and links ]
--------------------------------------------------------------------------------
# The Most Annoying way to make a pop-up, EVER.
http://ha.ckers.org/popup.html
# Make a website not display for people using Internet Explorer:
<?
if (preg_match("/MSIE/i", $_SERVER["HTTP_USER_AGENT"])) {
header("Location: http://www.mozilla.org/products/firefox/");
exit();
};
?>
<html>
<head>
<title>This site will not display in Internet Explorer</title>
</head>
<body>
</body>
</html>
# SMS email gateways for the US cellular providers:
Sprint: 10-digit-number@messaging.sprintpcs.com
Verizon: 10-digit-nmber@vtext.com
AT&T: 10-digit-number@mobile.att.net
T Mobile: 10-digit-number@tmomail.net
Nextel: 10-digit-number@messaging.nextel.com
Cingular: 10-digit-number@mobile.mycingular.net
Alltel: 10-digit-number@message.alltel.com
# Practical Resources for Securing Computers:
http://www.SecureThe.Net
--------------------------------------------------------------------------------
S U B M I T T O K E E N V E R A C I T Y
--------------------------------------------------------------------------------
NO! You do not have to be a member of Legions of the Underground to submit to
KV. If you have a idea and would like to toss it out in the wind for general
discussion, or maybe you are researching something and you just want feedback,
KV is a great way to get your ideas out in the open. We at Legions of the
Underground are not prejudice in any way shape or form, so even a AOLer's
article may be published if it seems that it has clue. Or then again, maybe
hell will freeze over! Anyones stuff maybe published, but we will never
know if you don't submit! So get to writing. Because what you don't know
can kill you! Legions of the Underground is a equal opportunity destroyer
(of systems and great walls alike).
--------------------------------------------------------------------------------
All submissions to: kv@legions.org
--------------------------------------------------------------------------------
IRC: Undernet #legions
--------------------------------------------------------------------------------
O F T E N I M I T A T E D N E V E R D U P L I C A T E D
--------------------------------------------------------------------------------
L E G I O N S O F T H E U N D E R G R O U N D
n :.
E% ___ _______ ___ ___ :"5
z % | | (_______) | | | | :" `
K ": | | | | | | | | | | z R
? %. | | | | | | | | | | :^ J
". ^s | |___ | |___| | | |___| | f :~
'+. #L |_____|[] \_____/[] \_____/[] z" .*
'+ %L z" .~
": '%. .# +
": ^%. .#` +"
#: "n .+` .z"
#: ": z` +"
%: `*L z" z"
*: ^*L z* .+"
"s ^*L z# .*"
#s ^%L z# .*"
#s ^%L z# .r"
#s ^%. u# .r"
#i '%. u# .@"
#s ^%u# .@"
#s x# .*"
x#` .@%.
x#` .d" "%.
xf~ .r" #s "%.
u x*` .r" #s "%. x.
%Mu*` x*" #m. "%zX"
:R(h x* "h..*dN.
u@NM5e#> 7?dMRMh.
z$@M@$#"#" *""*@MM$hL
u@@MM8* "*$M@Mh.
z$RRM8F" [knowledge is key] "N8@M$bL
5`RM$# 'R88f)R
'h.$" #$x*
--------------------------------------------------------------------------------
All mention of LoU, Legions of the Underground, Legions, KV, or Keen Veracity,
copyright (c) 2000-2005 legions.org, all human rights reserved outside the US.
--------------------------------------------------------------------------------
[LoU]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=[LoU]
W W W . L E G I O N S . O R G
[LoU]=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=[LoU]