Indymedia Hacking - Details recorded - update firewalls now
Sam | 21.02.2007 11:02
Port Scanning at Indymedia
A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.
A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.
I have been asked to check out if as a number of people suspect the Indymedia UK website operates a port scan operation and is also loading spy software onto users machines who are reading the site.
First I analysed the UDP (User Datagram Protocol) UDP is a communications protocol that offers a limited amount of service when messages are exchanged between computers in a network that uses the Internet Protocol (IP). UDP is an alternative to the Transmission Control Protocol (TCP) and, together with IP, is sometimes referred to as UDP/IP. Like the Transmission Control Protocol, UDP uses the Internet Protocol to actually get a data unit (called a datagram) from one computer to another. Unlike TCP, however, UDP does not provide the service of dividing a message into packets (datagrams) and reassembling it at the other end. Specifically, UDP doesn't provide sequencing of the packets that the data arrives in. This means that the application program that uses UDP must be able to make sure that the entire message has arrived and is in the right order. Network applications that want to save processing time because they have very small data units to exchange (and therefore very little message reassembling to do) may prefer UDP to TCP. The Trivial File Transfer Protocol (TFTP) uses UDP instead of TCP.
To do this I accessed thr site using six individual PC and Mac machines at varying locations and with variations of browser and operating system. The Indymedia operation is doing the following via a Python protocol:
A -Scanning the ports of all those who access the site
B - Loading a small spyware program onto all machines which records website usage and sites visited, then reports this info back to Indymedia.
C - Overwriting files on the server of the ISP to hide this activity
First I analysed the UDP (User Datagram Protocol) UDP is a communications protocol that offers a limited amount of service when messages are exchanged between computers in a network that uses the Internet Protocol (IP). UDP is an alternative to the Transmission Control Protocol (TCP) and, together with IP, is sometimes referred to as UDP/IP. Like the Transmission Control Protocol, UDP uses the Internet Protocol to actually get a data unit (called a datagram) from one computer to another. Unlike TCP, however, UDP does not provide the service of dividing a message into packets (datagrams) and reassembling it at the other end. Specifically, UDP doesn't provide sequencing of the packets that the data arrives in. This means that the application program that uses UDP must be able to make sure that the entire message has arrived and is in the right order. Network applications that want to save processing time because they have very small data units to exchange (and therefore very little message reassembling to do) may prefer UDP to TCP. The Trivial File Transfer Protocol (TFTP) uses UDP instead of TCP.
To do this I accessed thr site using six individual PC and Mac machines at varying locations and with variations of browser and operating system. The Indymedia operation is doing the following via a Python protocol:
A -Scanning the ports of all those who access the site
B - Loading a small spyware program onto all machines which records website usage and sites visited, then reports this info back to Indymedia.
C - Overwriting files on the server of the ISP to hide this activity
Sam