When the network that is now the Internet was first designed, it was assumed that all users wanted to be found. No one had reason to hide, and it seemed sensible that researchers should be able to locate each other. Utilities were therefore created to facilitate such finding.
Since those early days, the rise of multiple protocols has made finding people even more convenient. As you will see later in this chapter, the old days demanded a high level of networking knowledge from the user. Today, finding or identifying most individuals is trivial. Throughout this chapter, I examine those techniques, as well as some concepts about wholesale tracing (tracing many individuals at one time).
You may wonder why this is deemed a security issue. In truth, it really isn't--not yet. As you read this chapter, however, you will learn that the Internet is a powerful tool for domestic spying. Law-enforcement and intelligence agencies already conduct such practices on the Internet, and for them, the Network is a bonanza. No search warrant is needed to "study" the activity of someone on the Internet. Likewise, no warrant is needed to compile lists of individuals who law enforcement perceive to be involved in illegal (or even seditious) activity. This is not a joke. If you harbor radical political views, by the end of this chapter, you may elect to forever keep those views to yourself (or gain a decent education in cryptography).
What's in a Name?
There are two forms of user identification that apply to all platforms: your e-mail address and your IP address. It is often theorized that if one is obscured, the other can never be found. That is untrue. Without chaining messages through a series of trusted anonymous remailers (remailers that are purportedly secure), anonymity on the Internet is virtually impossible. Anonymous remailers are discussed in Chapter 7, "Birth of a Network: The Internet."
It is possible, however, to make yourself relatively invisible, and that is probably what most individuals would like to do. Before I get more specific, however, there are some utilities you need to know about, as well as methods of tracing individuals. I'll start with finger.
finger
The finger service is a utility common to the UNIX platform. Its purpose is to provide information about users on a given system. In practical operation, finger works like most other services available in UNIX.
The finger service relies on the client/server model, which is a recurring theme in Internet applications. This model works as follows: machines running server applications distribute information to clients. Clients are programs designed to accept and interpret information from server applications. For example, you use a Web browser (or client) to read information forwarded by a Web server (the HTTP server).
In any event, the finger client-server relationship works as follows: On the targeted machine (almost always a UNIX system), there is a server running called fingerd. This is more commonly referred to as the finger daemon. Its purpose is to answer requests from finger clients from the void.
The finger daemon can return different information, depending largely on the configuration of the server and the user's personalized settings. For example, sometimes an "open" UNIX server (that is, one not running a firewall) will disallow finger access. This is done by disabling the finger daemon, removing it from the file /etc/inetd.conf. In this case, the finger service is never started. Any client-issued finger request forwarded to such a machine will meet with a blank response (or perhaps, Connection Refused.).
Many organizations, particularly ISPs, government sites, and private corporations, disable finger services. Each has an interest in preserving the privacy of its users, and that is usually the reason given for disabling the service. As you will learn later, however, their motivation may also be system security.
Some sites do not disable finger services altogether, but instead put restrictions on what type of information can be accessed. For example, by default, the finger daemon allows a systemwide finger. Anyone can be fingered, including special or privileged accounts. When systemwide fingering is allowed, one can gather information on all users currently logged to the machine. This is done by issuing the following command at a UNIX command prompt:
finger @my_target_host.com The @ symbol has essentially the same effect as the asterisk does in regular expression searches. When it is used, the user is fingering all users currently logged to the target machine. This is most useful when targeting small providers that have few customers, or when conducting such a finger query late at night. Certainly, fingering a company as large as Netcom in this manner would be foolish. (The response forwarded by the server would likely be many pages in length. The only valid reason for doing this would be to generate a database of Netcom users.) At any rate, some organizations will disallow such a request, instead forcing the requesting party to specify a particular user.
Other sites make use of hacked finger daemons, either created in-house or available as distributions from other sites across the Internet. These are finger daemons that have enhanced features, including advanced configuration options.
At any rate, taking you through the process of a finger inquiry will take just a few moments, but in order for you to exploit the example, you need a finger client. UNIX users, however, have no need for a finger client, because this is included in the basic distribution.Finger client for Windows can be found at ftp://papa.indstate.edu/winsock-l/finger/wsfngr14.zip
A Few Words About Cookies
You have seen the message many times. You land on a WWW site and a dialog box appears. The server at the other end says it wants to set a cookie. Most users have no idea what this means, so they simply click the OK button and continue. Other users actually read the dialog box's contents and get a little worried. (This is especially true when the cookie is going to be set for sometime into the year 2000. The user may not be sure what a cookie is, but almost all users balk when that cookie is going to hang around for 3 or 4 years.)
What are cookies? The cookie concept is very much like getting your hand stamped at a dance club. You can roam the club, have some drinks, dance, and even go outside to your car for a few minutes. As long as the stamp is on your hand, you will not have to pay again, nor will your access be restricted. But cookies go much further than this. They record specific information about the user, so when that user returns to the page, the information (known as state information) can be retrieved. The issue concerning cookies, though, isn't that the information is retrieved. The controversy is about where the information is retrieved from: your hard disk drive.
Cookies (which Netscape calls persistent client state HTTP cookies) are now primarily used to store options about each user as he browses a page. The folks at Netscape explain it this way:
- "This simple mechanism provides a powerful new tool which enables a host of new types of applications to be written for Web-based environments. Shopping applications can now store information about the currently selected items, for fee services can send back registration information and free the client from retyping a user-id on next connection, sites can store per-user preferences on the client, and have the client supply those preferences every time that site is connected to. "
The WHOIS Service
The WHOIS service (centrally located at http://who.is) contains the domain registration records of all Internet sites. This registration database contains detailed information on each Internet site, including domain name server addresses, technical contacts, the telephone number, and the address. Here is a WHOIS request result on the provider Netcom, a popular Northern California Internet service provider:
NETCOM On-Line Communication Services, Inc (NETCOM-DOM) 3031 Tisch Way, Lobby Level San Jose, California 95128 US Domain Name: NETCOM.COM Administrative Contact: NETCOM Network Management (NETCOM-NM) dns-mgr@NETCOM.COM (408) 983-5970 Technical Contact, Zone Contact: NETCOM DNS Administration (NETCOM-DNS) dns-tech@NETCOM.COM (408) 983-5970 Record last updated on 03-Jan-97. Record created on 01-Feb-91. Domain servers in listed order: NETCOMSV.NETCOM.COM 192.100.81.101 NS.NETCOM.COM 192.100.81.105 AS3.NETCOM.COM 199.183.9.4 Here, the snooping party has discovered that the provider is in the state of California !
No comments:
Post a Comment