Page 257


Undergound. Go to Table of Contents.

   telling the gateway to make a connection. X.25. TCP/IP. Whatever lay

   beyond the gateway didn't respond. Anthrax looked around until he

   found a sample of addresses in a help file. None of them worked, but

   they offered a clue as to what format an address might take.

  

   Each address had six digits, the first three numbers of which

   corresponded to telephone area codes in the Washington DC area. So he

   picked one of the codes and started guessing the last three digits.

  

   Hand scanning was a pain, as ever, but if he was methodical and

   persistent, something should turn up. 111. 112. 113. 114. 115. On it

   went. Eventually he connected to something--a Sunos Unix system--which

   gave him a full IP address in its login message. Now that was handy.

   With the full IP address, he could connect to System X again through

   the Internet directly--avoiding the gateway if he chose to. It's

   always helpful in covering your tracks to have a few different routing

   options. Importantly, he could approach System X through more than

   just its front door.

  

   Anthrax spiralled through the usual round of default usernames and

   passwords. Nothing. This system required a more strategic attack.

  

   He backed out of the login screen, escaped from the gateway and went

   to another Internet site to have a good look at System X from a

   healthy distance. He `fingered' the site, pulling up any bit of

   information System X would release to the rest of the Internet when

   asked. He probed and prodded, looking for openings. And then he found

   one. Sendmail.

  

   The version of Sendmail run by System X had a security hole Anthrax

   could exploit by sending himself a tiny backdoor program. To do this,

   he used System X's mail-processing service to send a `letter' which

   contained a tiny computer program. System X would never have allowed

   the program to run normally, but this program worked like a letter

   bomb. When System X opened the letter, the program jumped out and

   started running. It told System X that anyone could connect to port

   2001--to an interactive shell--of the computer without using a

   password.

  

   A port is a door to the outside world. TCP/IP computers use a standard

   set of ports for certain services. Port 25 for mail. Port 79 for

   Finger. Port 21 for FTP. Port 23 for Telnet. Port 513 for Rlogin. Port

   80 for the World Wide Web. A TCP/IP based computer system has 65535

   ports but most of them go unused. Indeed, the average Unix box uses

   only 35, leaving the remaining 65500 ports sitting idle. Anthrax

   simply picked one of these sleepy ports, dusted off the cobwebs and

   plugged in using the backdoor created by his tiny mail-borne program.

  

   Connecting directly to a port created some problems, because the

   system wouldn't recognise certain keystrokes from the port, such as

   the return key. For this reason, Anthrax had to create an account for

   himself which would let him telnet to the site and login like any

   normal user. To do this, he needed root privileges in order to create

   an account and, ultimately, a permanent backdoor into the system.

  

   He began hunting for vulnerabilities in System X's security. There was

   nothing obvious, but he decided to try out a bug he had successfully

   used elsewhere. He had first learned about it on an international

   phone conference, where he had traded information with other hackers

   and phreakers. The security hole involved the system's relatively