ping

**rick barclay** · 09-22-2001

when you ping an ip, you are simply checking to see if anyone
is currently online using that ip. It's like making a phone call.

Ping will send a certain number of dummy data packets to the
ip number you tell it to ping and then wait for a reply. If the ping
is successful then somebody's at the other end. If no answer,
then nobody's home.

A network guy once told me that once he finds a rogue hacker
scanning him, then he (the network guy) will turn around and
ping the rogue to death. I don't know why, except maybe to
annoy the guy if he's even listening. I don't know. I'm still
trying to figure it all out.

There are many packet sniffers and network scanners available.
Some are ridiculously expensive. My favorite it Netscan Tools Pro.

There's also a program that will graphically traceroute an ip. I forget its name right now. I've used it a couple of times. I traced
one guy scanning me all the way back to Great Britain. Most
trace routes seem to end at the main routing or backbone
cities, like Atlanta, etc.

It's very interesting--for about an hour.

rick barclay

**Fordy** · 09-22-2001

>>There's also a program that will graphically traceroute an ip. I forget its name right now

I think its NeoTrace

**iain** · 09-22-2001

Open up MSDOS prompt and type:

ping -h

This will give you a list of switches you can use like specify packet size, number of pings, ttl etc..

**no-one** · 09-22-2001

actually i had zone alarm i got about a few thousand+ hits one day it kinda worried me till i realized it was for ther previous day where i had left Limewire on all night and 15,000+ people tried to get an episode of Co... um well lets just say a very popular series i had mistakenly left in my shared folder.

Moral:
if you use file sharing programs your gonna get hammered with reconnects.

just look for the asses that hammer you all day on every port, i had two of those dumasses in the same day.

**Betazep** · 09-22-2001

>>There's also a program that will graphically traceroute an ip. I forget its name right now

VisRoute

Ping of Death doesn't really work anymore unless the person is running an older version of WIN95 or WIN 3.X.

Increasing the packet size is an interesting thing, but you really can't get the packet large enough with "ping" (the prog) to do much interference in todays cable modem world. (Now twenty people pinging the max size can tend to bog users down, but is quite temporary and worthless.) Plus, doing this causes unneccessary traffic through all of the boxes that you encounter before the computer you are pinging.

Witch_King

CLOSE_WAIT is ok most of the time. It means that you were doing something with that particular protocol on that particular port to that particular port.... but you are no longer doing anything and your computer is waiting to see if you are going to reconnect.

ESTABLISHED means you are currently receiving/transmitting data from a particular source. This can be bad if you have everything closed down. It can mean you have a trojan that is making you bleed access onto the net.

PORT 80 is the standard port for HTTP web applications and web servers. You will see port 8080 used on your machine for web requests. A web server is only vulnerable if the person running it allows it to be. EVERYTHING has exploits... even APACHE. Doesn't mean that your friend's Apache is unsecure tho...

HERE IS A SIMPLE DEMO FOR SECURITY

I noticed that I was being hit considerably by a certain computer on a UDP protocol. UDP is a standard much like TCP but it is fire and forget instead of ACK/NACK. I got the IP of the user attacking me and did a ping to see if he was still on. I got a reply from his computer, so I knew he existed. I then did a tracert to see where he was hitting me from. This gave me his ISP information. WIth this information I got the ISPs abuse email address and telephone numbers to call the person that registered the first outgoing server with INTERNIC. I continued to find more information by scanning his box. He was wide open. Several ports were soliciting connections. I found a telnet port and telnetted into it. There was no welcome message, but it did connect. I typed WHO and hit enter. I got the name of the server (a UNIX box) and an email of the person that owns it. Perfect! I emailed the guy letting him know that there were UDP attacks coming from his box. He replied within the hour and stated that his box was compromised and that he unplugged it from the net until he could figure out how to set it up more securely. Sure enough, the attacks stopped.... I was happy. A week later I received an email from my ISP stating that I was using there service improperly by scanning other computers and I need to stop immediately. I shrugged... and went on with my day. The end...

~Betazep

**Witch_King** · 09-22-2001

Ocassionaly there is an established http when I run netstat. What can I do about it? Can I kill the process?

The tracert only returns me the IP after 19 hops.

**Witch_King** · 09-22-2001

Shame on me, that IP is cprogramming.com!!! If you type in ping www.cprogramming.com you get the IP but if you ping the IP with the -a switch you don't get the URL.

**Witch_King** · 09-22-2001

Also what about the LISTENING state? You didn't mention that. Is this okay? I think I'm going to get a book on TCP/IP. Would this be a good choice? I don't know anything about this stuff.

**Witch_King** · 09-22-2001

I guess we can say that cprogramming is from Europe.

Unregistered · 09-22-2001

Originally posted by Fordy
>>There's also a program that will graphically traceroute an ip. I forget its name right now

I think its NeoTrace

That sounds like it. At least I've heard the name before.

rb

**mithrandir** · 09-22-2001

>The tracert only returns me the IP after 19 hops.

That's a pretty slow return, tracert should return at 14 hops at worst.

I will put what each port number represents on my website if anyone is interested.

**mithrandir** · 09-22-2001

Better yet go here.

**-KEN-** · 09-22-2001

>>A network guy once told me that once he finds a rogue hacker
scanning him, then he (the network guy) will turn around and
ping the rogue to death. <<

I do that, too! Either that or I do a nice, quick portscan (with Blue's portscanner - the fastest I've used). If the person at least has a firewall, it should alert the the rogue/attacker/whatever that he's messing with the wrong person. Have you ever looked at your firewall after a portscan? It's scary.

Ok, LISTENING state could be either fine or bad. It means that your computer is waiting for a connection to that port, which could be a trojan server. I doubt it though. I was just teaching my friend some of this stuff yesterday. He was all "Yeah, let's hack someone and bring down yahoo!" and I laughed hysterically. All I had taught him was how to ping, tracert, and telnet. Which, given the right computer, IS enough to "hack" it, but I doubt any computer is THAT vulnerable.

On this topic, does anyone know any good books on network security etc? I don't care if it's a book on hacking or cracking, either. I really wanna get into network security. All I have right now is a book on the TCP/IP protocol.

the funniest thing is that it's not too hard to do something like mess with a website, but I'm too much of a scaredy-cat to even try it out. Maybe if I got permission from my friend? (he has his own site) but then would his host be mad at me? hmmm...

**mithrandir** · 09-22-2001

>All I have right now is a book on the TCP/IP protocol.

Try looking for something by Cisco.

Don't waste your time with "hacking" books - as the saying goes "a magician never reveals his secrets".

**no-one** · 09-22-2001

>ll I had taught him was how to ping, tracert, and telnet. Which, given the right computer, IS enough to "hack" it, but I doubt any computer is THAT vulnerable. <

I can in fact actually hack a Win2k box with a comand promt using only what comes with winndows that is and an ip, that is if hes a complete newb when it comes to security. and a lot of people don't know about this though anyone pro/knowlegable will shut it down immediatly.