I was just commenting to a friend who will recognize himself, that I am content. I have nothing burning in my gut to do before I die. And I actually don’t like being in this state. I want something to occupy me and to cause flow. (Finding Flow, Mihaly Csikszentmihalyi ) Well…. I may have found it. Read on.
I was doing one of my favorite things last week: Browsing books and drinking coffee at B&N. I found a book that really grabbed me. It’s called “Stealing the Network, How to own the box.” It’s so good, I actually bought it ($50) and dropped a Clive Cussler in mid-book! Basically, it’s a collection of fictional short stories by internet experts in security. The grabber for me is that it is just barely fiction. The stories are about hackers breaking into some computer network and the technology and techniques they use are real. I’ve always wanted to REALLY understand what’s going on behind the scenes on the internet. Because I feel like I’m halfway there already. I’m an electrical engineer, I’ve built computers from the chip level. I’ve written a simple operating system. I’ve programmed calculators at Texas Instruments (Z80 machine language.) I also know Linux fairly well, and have an internet business that’s heavy in C, PHP and MYSQL programming.
So, reading this new book, has gotten me all fired up to learn more about worms. The worm chapter (ch 2) is the one that got me. Because I don’t really give a hoot about breaking into computer systems. I would like to know how they do it, so I can take countermeasures. But anyway, worms are the really interesting things. Why is that?
I think it has something to do with changing from being prey, to being a predator. There’s things called “honeypot’s”, that sit on computers and look like sitting ducks for worms. They’re not. They are actually biding their time waiting to trap the latest circulating worm. Once you’ve trapped one, and have a copy of the source code, it’s then a big race to see who can figure out how it works, how it spreads, what it’s “payload” is and how to clean it. This process involves detective work, and a vast knowledge of exploits, and of how prior worms worked. Winning the race to figure out a worm, would give some level of fame, but the fame is not what I’m after. I want the unsolved mystery and the good guy fights bad guy aspect of it.
Obsessions like this one don’t last long. I give it 2 weeks tops. Of course I hope this new “interest” is the exception to the rule.
FYI, let me quote the teaser from Chapter 2, “The Worm Turns” by Ryan Russell and Tim Mullen:
“After a few hours, I’ve got a tool that seems to work. Geez, 4:30 A.M. I mail it to the list for people to check out and try.
Heh, it’s tempting to use the root.exe and make the infected boxes TFTP down my tool and fix themselves. Maybe by putting it out there some idiot will volunteer himself. Otherwise the tool won’t do much good, the damage is done. I’m showing like 14,000 unique IPs in my logs so far. Based on previous worms, that usually means there are at least 10 times as many infected. At least. My little home range is only 5 IP addresses.
I decide to hack up a little script that someone can use to remotely install my fix program, using the root.exe hole. That way, if someone wants to fix some of their internal boxes, they won’t have to run around to the consoles. Then I go ahead and change it to do a whole range of IP addresses, so admins can use it on their whole internal network at once. When everyone gets to work tomorrow, they’re going to need all the help they can get. I do it in C so I can compile it to a .exe, since most people won’t have the Windows perl installed.”
Leave a Reply