Re: Attack on DES paper and CRACK

[proff () suburbia apana org au (Julian Assange)]

> I got CRACKERJACK, and once I did, I did not give it to the original
> requester, rather to our security people for a tool for them.  Too
> dangerous, I can't trust that person to restrict who gets it.


Oh yes, its a terribly dangerous peice of software that. Most peopel don't
know the real truth behind it. It was actually first developed in the
late 80's by that bunch at CMU. Both the Unix and PC versions contain
trojan code. The idea it seems was to monitor hacker activity as it occured
remotely. Each time an account is cracked a single ICMP ECHO_REPLY packet
length 96 is sent to 192.88.209.5 containing a 7 bit compressed (so I guess
8 bit high passwords are safe from this to some extent) username:password
tuple encrypted encrypted using a simple CFB repeating xor cipher based on
the 32 bit packet time-stamp (avalanched before keying).

ICMP outgoings get through just about  every CISCO-style packet filtering
model I've seen, so the only real way to defeat this is to pull out
your ethernet connecter until you finish running CJ. I know they state
their intentions are only to catch crackers, but sometimes I really
start to wonder what they do with all those hundreds of thousands un/pw
authentication pairs.

-Proff