Re: Hackers Out of Business?

[cklaus () shadow net (Christopher Klaus)]

>   This all sounds like hyped up free software to me. Anyone disagree?
> -Mike

I disagree.  It is security that strikes back!  Now we all can sleep at nite
now that someone has finally figured out security and implemented it 
correctly.  8-)  

I grabbed their technical FAQ from ftp.sctc.com.  Rather amusing.  They
talk about how they deal with UDP packets and they say,'We dont allow any
services that UDP packets.'.  Well, Gee, I guess sidewinder isnt going to
work well in a client-server based setup.  But the most amusing part of
the faq was their 'security that strikes back.' They make the biggest deal
out of it, and when you finally get to it, its a big anti-climax. 
Security that Strikes back is recording the attacker's IP address and
providing the attacker with false information, so when he is caught, you
can bust him, because he has that false information that only he could've
gotten from a sidewinder system.  The false information is also to keep
the intruder entertained long enough to do phone taps, etc. Atleast thats
what they say.  I guess they got the idea out of Cuckoo's Egg.  But 
recording the attackers IP-address?  Hey guys, heard of tcp_wrappers? 
welcome to 1994 security.

Appended is a Sidewinder FAQ that you might like also. (imho, i thought
the comment about their arrogant post on usenet was done by an AI losing 
its grip on virtual reality was pretty cool.  Id much prefer to have an
AI that sends such arrogent attention getting messages to annoying 
people, then some hyped-up expensive public-domain based GUI security 
system.)

Subject: Consider this a personal invitation.
From: sidewinder () sctc com (Sidewinder Info)

-----BEGIN PGP SIGNED MESSAGE-----

FAQ for the Sidewinder(tm) [1]  Challenge:

[Numbered notes at the bottom]

- --------------
Q. Is this another missive from that pompous blowhard "able baker"?

A. No. He was an AI we used as an attention-getting mechanism.  We
shut him down when it was clear he had lost his grip on virtual
reality.  
- -------------- 
Q. Then is there any reason whatever I shouldn't hit 'n' right now?

A. Yes. The Sidewinder(tm) [2] Challenge.  
- -------------- 
Q. [Yawn] And what's a Sidewinder(tm) [3]? Another one of these lame
"firewalls?" A package of public domain software with a GUI tacked
on for the marketing brochure?

A. About as far from that as you can get.  It's a secure,
application-layer gateway between two TCP/IP networks. It uses the
Type Enforcement mechanism to encapsulate applications and eliminate
the need for "bastions," extra routers, or "proxies."
- ---------------
Q. And what's "Type Enforcement?"

A. A patented security mechanism, described in the technical FAQ.
(Read on for how to get a copy of that).
- ---------------
Q. So what's the Sidewinder(tm) [4] Challenge?

A. An open test of its security features, beginning as soon after
the 15th of October as we can make it and lasting as long as we offer
the product.  
- --------------- 
Q. What kind of test is this, since the serious crackers know you're
monitoring the site to a fare-thee-well?

A. We aren't doing any more monitoring than any of our customers would
do. And if that keeps the "serious" crackers away from
sidewinder.com, then it will probably keep them away from other
Sidewinder (tm) [5] sites.  Which is, after all, the point.

- --------------- The Challenge ----------------------------------

OK, here's the deal: having demonstrated to our own satisfaction that
you can't easily get *into* a Sidewinder(tm) [6] from the *outside*,
we now will now test how hard it is to get *out* of one from the
*inside*.  Herewith, the rules:

Rule 1. There are no rules.  There are, however, some things you have
to do to claim the reward:

A. Log into butler.sidewinder.com as "demo."  The door's wide open, no
need to knock.

You'll find yourself in a limited service environment that looks a lot
like a C shell.  It isn't.  Among the services denied to you is telnet
and ftp. (Mail works fine, to show that we can control function
instead of just ports.)  Note that this demonstrates our ability to
encapsulate and protect an arbitrary service.  You don't have to waste
a lot of time figuring out how to fool Mosaic or some such to perform
a particular command sequence; just log in and do it directly.

B. Break out of the limited service environment and get to the machine
on the other side, supervisor.sidewinder.com.

C. Extract the congratulatory note stored in /pub. The note is
signed with PGP. The public key to use to check the signature is:

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.7

mQCNAy6VtUAAAAEEAL3i1Eb3jHY2xsZ7XaednOm/amkXO/0Q3WOloGSYP5eidoqC
gfNetHhzGwc5CXvKElCal+dK1sPfSt9L+MuFcLWbKr4Ye2/XeCxCYFe2dDPnJN0q
IvTd5oB73zbeeYD/8Xk5OCp460Vk2VYZgWHFnaUe5EaqK6hNYxWEZHBwMzD7AAUR
tBNzaWRld2luZGVyQHNjdGMuY29t
=Jl8S
- -----END PGP PUBLIC KEY BLOCK-----


D. Publish the signed congratulatory note on Usenet so anybody on the
net can verify the signature.

E. Publish a description of how you did it in enough detail so that
anybody on the net can duplicate your feat. 

- ---------------- The Rewards -------------------------------

1. World-wide bragging rights on Usenet.

2. A nifty jacket with a Sidewinder(tm) [7] patch on it.

3. A framed paper certificate, signed in ink by the members of the
team, attesting to the fact that you are one smart cookie.

4. Your name in our public documentation, along with a description of
your attack and what we did to close the vulnerability it exploited.
None of this security by obscurity stuff for us.  If you outwit us,
you get the credit and we document and fix the problem.

5. All the media attention that you can handle. Hey, if you want to
further the myth of crackers as romantic outlaws, we can even get you
on a talk show with a bag over your head :-)

- ---------------- Helpful Hints -----------------------------

Download the technical FAQ from ftp.sctc.com; it's in the pub directory,
in both gzip (.gz) and compressed (.Z) PostScript. 

Print it and read it.

Don't waste your time with packet-level games. This is a layer 7
gateway.  It makes no security decisions whatever on the values of
packet headers. The technical FAQ also lists other stuff that isn't
worth trying. Remember, we're letting you *in* for free; no need to
spray the neighborhood with cutely crafted packets.

Control your urge to throw a net.tantrum and fire off a mailbomb or
other denial of service attack.  All that will get your site is a
place on our spoilsport list (published periodically) and no more
connections to the sidewinder.com domain.

Be patient. We're running a slow net connection so we could get on the
air sooner.  And remember, we won't be up until sometime after October
the 15th. So there's plenty of time to get ready.

- -----------------

Notes:

[1] Coo, Harriet, it's a quantum of intellectual property!

[2] Humph. You think up a halfway decent name, and then you have to
stick this stupid string behind it.  I mean, does the Man of Steel
yell, "Stop! This is Superman(tm)"?

[3] Somebody observed you don't have to use it every time, just the
first time on a page.  But since we don't know what a page is on your
terminal, the contract weenies said we had to use it every time. That
only took a four-hour staff meeting to sort out.

[4] Also, nobody was really sure that (tm) had the same effect as the
little superscript blivet you're supposed to use.

[5] Actually, it took two hours of the staff meeting to decide that
nobody knew whether the (tm) incantation worked or not.

[6] The other two hours were spent deciding that whether it worked or
not, we had to use it just in case.

[7] "Just in case" is lawyerspeak for "At least *my* ass will be
covered."
- --
Sidewinder Information, sidewinder () sctc com

-----BEGIN PGP SIGNATURE-----
Version: 2.7

iQCVAwUBLpb73BWEZHBwMzD7AQGbQAQAlFbSQ5i503e4l2KS31zZ8BzzAAFPjX9X
8yjoolybFUMPAPcGrA7m2bp8KkR/UOgV5wR5BkX7ouMJnUW+2yyC6zhs228GliEH
LjntBRfiRmJ8Qno6GrEQ6CC1QAALyruZLC9Oz1Vaq2fEVgbcVVuffq6h8cS4rzrp
hBDtQPaO/Zg=
=PcIv
-----END PGP SIGNATURE-----

 


-- 
Christopher William Klaus  <cklaus () shadow net>  <iss () shadow net>
Internet Security Systems, Inc.         Computer Security Consulting
2209 Summit Place Drive,              Penetration Analysis of Networks
Atlanta,GA 30350-2430. (404)518-0099. Fax: (404)518-0030