Yes it is possible to track a hacker but unless you have proof and can trace it to someone in the US it's a moot point. If you want to trace an attacker you should have the following:

 1. An active intrusion detection system (IDS) that can perform a trace back to the source regardless of spoofing. 

 2. Detailed logging of your perimeter router, firewall and intrusion detection system.

 3. Daily review of the log files and immediate action if any penetrations are detected. Immediate action is required because most ISPs do not maintain adequate records.

 4. Proof that a crime was actually committed, i.e., server, firewall, ids logs. The DOJ will not prosecute door knocking. (Most ISPs have abuse policies and will terminate service for door knockers.) . To aid in the prosecution of perpetrators security banners should also be in place.

 Most of our attack attempts come from Eastern Europe and China. In this case finding that an attack came from Chinese university is useless. Since the key to security is prevention I use the IDS to dynamically block sites once a hack attempt is detected. While you may not have an IDS, you should monitor your log files and place access lists on you perimeter router and firewall. Also, security patches, updated software, and browser and system security settings might have prevented your Netbus attack.  

 

 
 
 
  
 
 
----- Original Message -----
Sent: Sunday, January 06, 2002 5:30 PM
Subject: Is It possible to trace a hacker, and on Diffie-Hellman

My background is not computer security, but mathematics, and I was wondering if I might be humbly allowed to ask a question:
 
Last summer  my PC was attacked by a malicious hacker who used a Trojan Horse NetBus. My Norton Personal Firewall alerted me about all five attacks, but I panicked, shut down and rebooted, but by doing that, somehow the malicious hacker got my username and password and even my email address (all replaced). He even took over my Norton firewall somehow and shut me out so that I could not reconfigure it or even do anything at all in my MSDOS screen to find mysterious or renamed Windows files. I was terrified that somehow this malicious hacker would get into the computer network at the university I am affiliated with. Incidentally, two months ago a hacker got into the Apple computer of one of the professor's in the Mathematics Department. I learned after he gave me a research paper to read, because there was a computer technician there working on his PC to help him reinstall his backed up files.
 
I know hackers use what is known as "spoofing" IP addresses. But in spite of that I was wondering is there any way law enforcement experts or computer security specialists can trace a hacker's whereabouts? Some years back there were several Scientific American articles in one issue  on these matters, that is, firewalls, malicious hackers, attacks on networks, denial of service attacks, etc. But I could not follow very well the peculiar, nearly "fictional narrative" one of the contributors to these Scientific American articles gave to show how the network administrator and the FBI caught the fictitious hacker in the article.
 
If there presently is no way at all for someone in authority, network administrators, or computer security specialists  to locate a hacker's whereabouts, then perhaps research should best be focused in this area.
 
Incidentally someone posted some information about the Diffie-Hellman algorithm (actually called in Number Theory a certain kind of  exponentiation cipher), saying that the keys are found by using elements of a finite group (a finite field, actually), which is quite true. 
 
Suppose parties A and B want a common key. Then if they use a cryptosystem like DES, they take two elements h and k from that finite field, multiply them together, then raise the integer b to the power hk, or b^hk. This is the common key, and A sends b^h to B, B sends b^k to A, and both are able to decipher the encrypted messages. Usually the integers h and k are very large prime numbers, too large for a malicious hacker to guess. 
 
Thanking you for your patience in advance,
 
Robert Betts

Reply via email to