The Unsorted BBS Collection

home *** CD-ROM | disk | FTP | other *** search

/ The Unsorted BBS Collection / thegreatunsorted.tar / thegreatunsorted / misc / security.doc < prev next >

Wrap

Text File | 1989-12-08 | 6KB | 108 lines

<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()> /-- -- \-- P R O F E S S O R F A L K E N ' S --/ /-- --\ \-- GUIDE TO --/ /-- --\ \-- ***** ***** **** ***** --/ /-- * * * * * * * --\ \-- * * * * * ***** --/ /-- * * * * * * * --\ \-- ***** ***** **** ***** --/ /-- P * --\ \-- --/ /-- HACKING SECURITY --\ \-- (C)1988--/ <()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()>-<()> First I'd like to thank the following people for thier contributions to this file and to my knowledge about this fucking world--=-> Frye Guy, Laser, David Lightman, HackerSoft in it's entirety, The Rebel, Digital Logic, L.E. Pirate, Brain Tumor, Boris Crack, Mad Max, Sike III, The Blade, Spartacus, Baby Eagle, Iceman/TOPGUN, Spam Master, & Codebuster. This file is meant for the beginner/novice/amateur code hacker. Anyone have been hacking for over 2 years you probably don't need to read. The first thing I would like to point out is the major LD companies security systems. A couple years ago MCI and SPRINT installed a NEW type of ESS which makes it easier to catch code hacks. This system is able to detect patterns on it's ports, such as one target number being repeated many times or invalid codes repeating every x number of minutes. They thought they were smart, but we just have to be a step smarter. MULTIPLE PORTS--> By having a code hacker that uses multiple port hacking ( that is one that can hack many ports in one session ) you can lower the odds of being caught tremendously. By entering many ports into the hackers database and being able to access them all in one session reduces the LD Co's ability to catch a pattern on one of their port/s. With this feature you are able to throw the LD company off WHERE and WHEN you will strike next. ALSO SEE TIMING PATTERNS. MULTIPLE TARGETS--> The first of the (IBM) programs to have multiple targets was Terminus's Codebuster, it was then implemented into The Brew Associate's Code Thief. By utilizing a program's multiple target option, the chances you being caught by their system's pattern detection is almost NIL. Code Thief's multiple target file contains 369 targets. If you cannot get this target list I suggest you compile a list of TELENET,COMPUSERVE, etc. dial ups and use them for targets. At least you'll have a better chance... PORT PATTERNS & TIMING PATTERNS--> Long distance companies like SPRINT/MCI usually have more than 1 port in large cities/areacodes, thus you can hack on many of their ports. Increasing the number of ports you hack on gives you an edge. The LD's system will get suspicious if it finds many invalid codes attempts on one of its port. Each port is allotted a certain amount of invalid codes attempts. If this number is exceeded an error flag will go on and the security division will be alerted to the port. So in other words by increasing the ports you can decrease your odds of being alerted to and ANI'ed. As mentioned before the LD companies also have timing pattern recognition. This means they can tell if they are getting an invalid code attempt every x minutes. This really is the most deadly features of their system ( next to ANI of course ) because almost every hacker I know of runs on a set amount of time for each thing to happen. Carrier timeout,seconds to wait till code & target are entered, all of these are on a fixed amount of time. Every so many number of seconds the hacker repeats its invalid code timeout & retry time almost exactly. To get rid of this deadly feature is QUITE simple. What I suggest is to add another port or two to your list. However, this port is special because its not a port at all. It's a friend you hate or a disconnected number or some business. That way your timing for the LD's ports will not stay predictable. Also vary the carrier timeout value ( a.k.a. timeout value ) for the fake port numbers. Doing this will make you about as unpredictable as nitroglycerine made from a T-File. TIMES TO HACK--> When I first started code hacking 84' I thought the best time to hack was at 2 a.m. because there wouldn't be anybody at the L.D. company then. Well maybe back then there wasn't because there wasn't any customer service after 6pm. But the times have changed. There is security and customer service and maintenance there 24 hours a day 7 days a week- Even Holidays. So the best time to hack would be when normal customers are using it. Most customers are either business's or households. So your best bet would be hacking when they would use it- M-F 8am to 7pm. This is when most people accidently fuck-up on their code and thus it is the best time to hack. I would suggest hacking in the morning since the LD's system is counting the number of invalid attempts if you do a lot in the morning then the subscribers in the afternoon will get get evil eye, not you. Usually the LD companies system RESETS its value at 12:00 midnight so that the invalid attempt numbers don't keep adding on the the previous days. Also hacking on holidays such as Christmas is excellent because the amount of people calling everyone all over the fucking place is magnanimous.