Yes it is possible to track
a hacker but unless you have proof and can trace it to someone in the US it's a
moot point. If you want to trace an attacker you should have the
following:
1. An active intrusion
detection system (IDS) that can perform a trace back to the source regardless of
spoofing.
2.
Detailedlogging of your perimeter router, firewall and intrusion detection
system.
3. Daily review of the
log filesand immediate actionif any penetrations are detected.
Immediate action is required because most ISPs do not maintain adequate records.
4. Proof that a crime
was actually committed, i.e., server, firewall, ids logs. The DOJ will not
prosecutedoor knocking. (Most ISPs have abusepolicies and will
terminate service for door knockers.) . To aid in the prosecution of
perpetrators security banners should also be in place.
Most of our attack attempts come from Eastern Europe
and China. In this case finding that an attack came from Chinese university is
useless. Since the key to security is prevention I use the IDS to dynamically
block sites once a hack attempt is detected. While you may not have an IDS,
youshould monitor your log files and place access lists on you perimeter
router and firewall.Also,security patches,updated software,
and browser and system security settingsmight have prevented your Netbus
attack.
- Original Message -
From:
[EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, January 06, 2002 5:30
PM
Subject: Is It possible to trace a
hacker, and on Diffie-Hellman
My background is not computer security, but
mathematics, and I was wondering if I might be humbly allowed to ask a
question:
Last summer my PC was attacked by a
malicious hacker who used a Trojan Horse NetBus. My Norton Personal Firewall
alerted me about all five attacks, but I panicked, shut down and rebooted, but
by doing that, somehow the malicious hacker got my username and password and
even my email address (all replaced). He even took over my Norton firewall
somehow and shut me out so that I could not reconfigure it or even do anything
at all in my MSDOS screen to find mysterious or renamed Windows files. I was
terrified that somehow this malicious hacker would get into the computer
network at the university I am affiliated with. Incidentally, two months ago a
hacker got into the Apple computer of one of the professor's in the
Mathematics Department. I learned after he gave me a research paper to read,
because there was a computer technician there working on his PC to help him
reinstall his backed up files.
I know hackers use what is known as "spoofing" IP
addresses. But in spite of that I was wondering is there any way law
enforcement experts or computer security specialists can trace a hacker's
whereabouts? Some years back there wereseveral Scientific American
articles in one issue on these matters, that is, firewalls, malicious
hackers, attacks on networks, denial of service attacks, etc. But I could not
follow very well the peculiar, nearly "fictional narrative" one of the
contributors to these Scientific American articles gave to show how the
network administrator and the FBI caught the fictitious hacker in the article.
If there presently is no way at all for
someone in authority, network administrators, or computer security specialists
to locate a hacker's whereabouts, then perhaps research should best be
focused in this area.
Incidentally someone posted some information
about the Diffie-Hellman algorithm (actually called in Number Theorya
certain kind of exponentiation cipher), saying that the keys are found
by using elements of a finite group (a finite field, actually), which is quite
true.
Suppose parties A and B want a common key. Then
if they use a cryptosystem like DES, they take two elements h and k from that
finite field, multiply them together, then raise the integer b to the power
hk, or b^hk. This is the common key, and A sends b^h to B, B sends b^k to A,
and both are able to decipher the encrypted messages. Usually the integers h
and k are very large prime numbers, too large for a malicious hacker to
guess.
Thanking you for your patience in advance,
Robert
Betts
