AOH :: P29-05.TXT

Covert Paths

				==Phrack Inc.==

		     Volume Three, Issue 29, File #5 of 12

	       [-][-] [-][-] [-][-] [-][-] [-][-] [-][-] [-][-]
	       [-]					    [-]
	       [-]		 Covert Paths		    [-]
	       [-]					    [-]
	       [-]		      by		    [-]
	       [-]					    [-]
	       [-]    Cyber Neuron Limited and Synthecide   [-]
	       [-]					    [-]
	       [-]	       November 1, 1989 	    [-]
	       [-]					    [-]
	       [-][-] [-][-] [-][-] [-][-] [-][-] [-][-] [-][-]

When cracking a system, it is important for you to use a path to the system
that will not lead the authorities to your door step.

There are several methods for doing this and all of them will depend on your
destination, available time, goal and the phase of the moon.  This article
deals mostly with cover attacks via a connected network.

If attacking via a phone link:

  o  Tap in to your local payphone line and red box or "sprint" the call.

  o  Using a long haul service (like Sprint or MCI) to dial into systems in
     remote cities.  [This should hinder a track by a good order of

  o  Use a midnight packet switching network (eg: PC-Pursuit, Tymnet, et. al.)

  o  All the above.

If attacking from a network (eg: the Internet) there are ways of spoofing the
packet headers, but this requires superuser privileges on the system you are
attacking from and a fair amount of 'C' programming expertise.  Therefore, this
will not be discussed here in any more detail.

Another obvious trick is to use network routers and gateways along with guest
accounts to "route" your data path.  This will cause the person tracking you to
have to go though more red tape and hassle to track you.  This gives you more
time to cover your tracks.

Some useful paths I know of are:

    host:		host:
    account: nobody			account: netgate
    net address:		net address:

    host:		host
    account: terminal			account: telnet
    net address:		net address:

    host:	host:
    port: 8033				account: guest
    net address:		net address:

The accounts nobody, netgate, and terminal at Berkeley are accounts that were
installed so that people can use the system to rlogin or telnet to an account
elsewhere without a local login (or so I am told by the local hackers [Hi
Audrey...]).  The lightning path/method can be accessed by the command:
"telnet 8033".

I am interested in hearing about other Internet access accounts that are
available out there.  If you know of any please send them in.

Tymnet is also a useful method of gaining access to systems.  From Tymnet, you
can hook up to just about any computer and use the other methods to go one step
further.  It's not until you are traced back to the computer you linked to from
Tymnet that they can even begin to follow you back.  My understanding is that
for a systen to find your Tymnet node, they must contact Tymnet personally and
ask them to put a trap on their connection.

For more infomation concerning Tymnet see the article "Hacking & Tymnet" by
Synthecide in Phrack Inc. Newsletter Issue XXX.

AOH Site layout & design copyright © 2006 AOH