Well, unfortunately, I've had technical difficulties with my computer (pos finally broke down on me..) so I'm in the midst of fixing it (or hopefully just buyin a new one)
I have huge plans for AL and myself in 2010. We should be having a wargame come out soon (omg!) and maybe a new easter egg for the site..? (keep your eyes open) Also we intend to have a bigger, better, badder, and phreakier ConfCon than last year.
L0veMilw0rm may just come back and me, ThoughtPhreaker and a couple other guys have some pretty neat phone ideas in the works.
I'm really sorry for not being to make as consistent posts as I wanted to. Its hard maintaining a blog while juggling school and work hehe. So, as always, we're still open for new bloggers and authors for articles here at AL. Also drop us a line if you have some ideas for the site or future projects for AL.
Thanks for keepin up with us even in our slow days.
P.S: Yes, I will fix the source code link very shortly! Check back for updates!
Hey guys,
I hope you don't mind me double-posting like this, but this really needs your attention. As I've previously discussed, the Australian Government wants to make a move to censor our internet regardless of what the public, isp's and state governments have said. Here is an excerpt from a facebook group that is against it which shows it much more detail:
"The Australian Federal Government is pushing forward with a plan to force Internet Service Providers [ISPs] to censor the Internet for all Australians. This plan will waste tens of millions of taxpayer dollars and slow down Internet access.
You will not be able to Opt-Out of this filter, as was previously claimed.
Despite being almost universally condemned by the public, ISPs, State Governments, Media and censorship experts, Communications Minister Stephen Conroy is determined to force this filter into your home.
What do we know so far?
* Filtering will be mandatory in all homes and schools across the country.
* The clean feed will censor material that is "harmful and inappropriate" for children.
*All "fetish" pornography will be blocked.
*All games intended for people over the age of 18 will be blocked.
* The filter will require a massive expansion of the ACMA's blacklist of prohibited content.
* The Government wants to use dynamic filters of questionable accuracy that slow the internet down by an average of 30%.
* The filtering will target legal as well as illegal material.
* $44m has been budgeted for the implementation of this scheme so far.
* The clean-feed for children will be opt-out, but a second filter will be mandatory for all Internet users.
* A live pilot deployment is going ahead in the near future.
What we don't know is just as important.
* What age level is the country's Internet to be made appropriate for? 15? 10? 5 years old?
* Who decides what material is "appropriate" for Australians to see?
* How are lists of "illegal" material compiled?
* Who will maintain the blacklist of prohibited sites?
* How can sites mistakenly added to the list be removed?
* Why can't we, as Adults, choose what we want to see?
All of us want to see children protected from content that could be disturbing or harmful. The clean-feed filter is not a good way to go about this, and could actually reduce the safety of children online."
What I personally find horrifying is the fact they want to push this through much the same as climate change, which is sad really considering we do not know all the facts on what they are capable of doing/not doing when it comes to legislature, which could encompass restricted liberties on internet use in this case.
More as the story continues.
Hey guys! Been ages since I was on and Im here to say, YES I'm Alive for 1! And merry christmas and happy new year as #2 =).
A friend of mine wrote this article which I found particularly interesting, and I figured I'd reprint it as I think you might find it just as interesting, so enjoy: (original Article by lmn8r c/o www.clan-si.com;
"It is a hobby of mine to follow prices and find deals for everything. I also enjoy running servers, and I have been doing so for a long time now. I can save you 15 percent or more on your hosting by switching to... Lately bandwidth, datacenter efficiency, and hardware costs have plummeted. From what I can tell this is due to (the ones that survived the bubble) large IT companies making advances in hosting technology, and that slowly trickles down to wholesalers, resellers, colocation, webhosting companies. This inexpensive access to the world wide web has given birth to inexpensive cloud computing.
Cloud computing to the laymen is another fancy catch phrase that marketing think tanks come up with. Similar to "go green" and "smart grid" their goal is to entice investors to invest. To people who actually deal with cloud computing on a day to day basis, all it really is is offloading computer tasks to another computer. We do this already at home, we keep a gaming computer with the latest hardware specifically to game on while neglecting that old laptop we still use. Both computers are just as useful, they each have their purpose, but in terms of gaming, your 'cloud' is your gaming computer. The cloud, thanks to the common practice of drawing the internet as a cloud on network topology maps, is the internet et al. What makes cloud computing special is that these computers exist solely on the internet. You don't take them home with you, and they don't turn off. With assembly lines churning away in Bangladesh or wherever, companies now can make wholesale purchases of computers for an extremely cheap price. Everyone is now realizing that you don't need anything special to run a datacenter, just a large warehouse with a thick wire to the electric grid and a fiber optic loop. With the introduction of 10-gigabit ethernet standard and 100-gigabit already in prototype, core network routers and switches are fast enough to deliver cheaper and cheaper bandwidth.
At the time of this article, the cheapest wholesale bandwidth with an SLA you can buy is about $1.50/mbps. Moore's law effects more then just your desktop cpu, all networking hardware is governed by the advancement of information technology. Only two years ago when I purchased colocation from what was at the time the best deal around, the internet costed roughly $3/mbps per month. You might say now that my internet service provider is paying less, I must be getting ripped off if i'm paying the same. Not true, because they have away around that: offer more. More bandwidth, just give it to me like cheap beer, gushing out of switches. Oh by the way, a pure ISP is not making money unless every single port on every single switch is utilized. It's all about margins, like sharing the last joint among friends, everyone wants a puff once it's passed. Medium and large sized hosting companies are now realizing they make more money off selling to resellers then they do themselves. The 10% discount they give to resellers gives them enough margin, enough piece of the pie to make resellers do all the marketing grunt work for them. Why do they need to spend $200,000 buying ad space when they can simply cut $100,000 out of their network operations by offering discounts to resellers. After all, once the computers are on, and the switches filled they basically run themselves. No creativity needed. This has created fledgling fire sale of never before seen prices on hosting, aka cloud space.
This glut of bandwidth and computing power is great if you want to host pet videos or create RSS feeds of other RSS feeds. It's also useful for not so legitimate uses like denial of service attacks. A non technical person would picture cloud computing as rows and rows of computers in a datacenter, but with DoS attacks don't need that much to succeed. If you had malicious intent and rows computers on the internet you could take down any website on the internet with ease. That's exactly what happens when you hear about distrubuted denial of service attacks using botnets. Botnets, which use infiltrated home computers to commense attacks have their own advantages and disadvantages. A botnet is like an army of ants. Home computers aren't typically very fast, but most importantly are usually poorly connected to the internet. A bot with a 384kbps upload speed is an ant. You need a lot of them to swarm say a wildebeest if you were performing a DDoS attack. They're also good if you want to send spam, since it's damn tough to block spam from 20,000 different IP's. Other then that, botnets aren't very efficient. The problem is herding them. Like it's natural cousins, herding animals is difficult, and the difficulty and complexity increases the more you have to herd. Botnets are weapons of opportunity rather then intention. Pretty much all of the time, botnets are created by some exploit found in some popular software (like Windows) and that is how a machine is taken over. Exploits will always exist as the low hanging fruit for hackers, since they are known and readily usable. Another problem with botnets, and the reason they've remained uncommon is because it's damn hard to create one. Reverse engineering software takes a ton of patience, and when you do succeed you have a laundry list of to-do's to make and keep a functional bot computer. Reporting servers need to be dynamic, the way it seeks out other bots needs to be dynamic, it never ends. Nobody wants to put all that work into something that may be patched tomorrow. Like how most industries start, a need exists where someone says "why can't I just pay and have it done?" Well, that is exactly what i'm talking about.
No, not hiring the teenager next door to code you an OMFG!111 ub3r L33t worm a la carte, we're not that evolved yet. However, we have gotten to the point where servers and/or hosting has become cheap enough where you can purchase a gorilla to take down the wildebeest. Just recently as an experiment I purchased a VPS hosting package for the low price of $5/month. It came with the usual things, root access of course, limited CPU time and a RAM ceiling for my applications. It came with a monthly transfer quota. But here is the kicker: 100mbps port. Now you may be laughing now about how serious I take 100mbps since it's so common these days amongst ISP's, but 100mbps is no laughing matter. Put it into perspective. 100mbps or 100,000kbps is the equivalent to 260 bots assuming a bot's upload averages to 384kbps. This for only $5/mo. I'm pretty sure launching denial of service attacks is against the terms of service but do they care? No, this is unmanaged hosting, like I said before once it's on it basically takes care of itself. They have their fee, and as long as your smart about not going overboard, especially at peak times, your hosting company will be none the wiser. This deal I purchased was indeed a deal, a one-time offer but offers like these are on the cusp of becoming common and competitive. Now that I have 100mbps what shall I do? I can't leave it maxing out all the time, remember I have a monthly transfer quota. This is where smart denial of service attacks come into play.
A denial of service attack works by introducing ratios. A medium popular website, say tomshardware.com, has probably 4-5 different servers that operate solely as HTTP servers. Each of these servers probably has it's own 100mbps port. To overload the website to the point of denying service, I would need to meet a 1:1 or higher ratio to what their bandwidth can handle. At around 500mbps total I would need at least five VPS packages running at full steam to begin overloading their website. A botnet could do it just fine, one the size of 5,000 could create up to 2,000mbps of garbage being sent to their web servers, creating a 4:1 DoS ratio. The only problem is I don't have a botnet, or know anyone who does. Do I want to spend months trolling various IRC channels hoping to meet the right people,? No, instead I spend time learning my target. Behind those 4-5 HTTP servers lies probably two database servers, and an SAS storage server. Contrary to popular belief, all but the largest websites are basically oversold and stretched thin. Tomshardware probably makes decent money from the articles they write, ad revenue, and sponsorships they get. Still, their money goes towards writers and hardware to be tested. They, like every small and medium sized company only wants to spend as much as they need to on hosting. The probability is low they will ever get attacked, so they only meet the minimum of requirements to host a speedy and reliable website. After all, computers are upgradable, and when your website or server becomes to slow you simply upgrade. This is where smart denial of service attacks have their advantage. Conventional military tactics don't apply when it comes to the internet. When you go into battle, the army that is the most well prepared usually wins. On the internet, companies don't need to prepare because they know types of internet warfare, such as denial of service attacks, are rare. The internet is still a peaceful place, people are gleefully trading with p2p, posting their private information on public blogs. The status quo has been you either need a lot of money, or exceptional computer skills to become a threat to your average joe on the web. This is beginning to change.
Now that I know the limitations on my end such as my port speed, I can now begin to learn the limitations of my target. Although Tomshardware's HTTP servers are the front line, they're too obvious and well fortified target. The HTTP servers need the database and storage servers to pull data onto their website. A smart company keeps more vulnerable servers like these off the web, but on the private network. This may be the case, if so you may be forced to go after the HTTP servers. If they are indeed vulnerable and you can find out their IP's it isn't very hard to begin flooding them. How you do it is a matter of fashion and necessity. My style is doing UDP floods, since UDP is pretty arbitrary even to most network admins, but is mainstream enough to not immediately be detected. Some people do SYN packets, or ICMP I hear is popular. I never liked ICMP for any real DoS attacks because theres so many ways to identify and block those types of packets. You can also send custom packets specific to your attack or whatever.
For all practical purposes, I don't have the money to get enough VPS's or dedicated servers to launch an attack on a target as large as Tomshardware. My target is smaller and more manageable for my budget. I'm going after a gameserver. Gameservers are my specialty, I know a lot about them since I run them myself. You don't truly know a computers weakness until you've had to secure against it from others. I picked one server that I would like to attack. It's not that I don't like this particular server, it's just there. It's a specimen and I hold the hour glass and i'm gonna burn it. It helps if the gameserver i'm going after has an active website where people discuss the server. I can use peoples angst complaining about the server being unavailable as a measure of my accomplishment. Gameservers are unique in that they're already CPU intensive applications as it is. That is their weakness. I don't need to flood the gameservers entire network port to slow it down, I go after the weakest link. My weapon of choice is a specially crafted packet designed to force the gameserver to do more work to discard it. It's actually a really old KNOWN exploit but like most things, people never expect someone to actually attack them. Since i'm using custom packets I only really need to push about 20mbps outbound from my VPS in order to lag the server to steady 600 ping with heavy packet loss. It's not enough to crash it, or even cause disconnects, but it works because people get fed up and leave. Nobody wants to play in a laggy gameserver. Since I have a monthly bandwidth quota I don't push a steady stream of bandwidth out either. I only need to flood in small bursts. 20mbps will never catch the eye of network admins at my hosting company so I need not worry about that.
Like anything busy, there are peak times and slow times. There are also two types of hosting packages you can purchase on the cheap. One is metered hosting, which is why I have now as an experiment. The other is unmetered hosting. Metered hosting usually gives you the benefit of more guaranteed available bandwidth, especially at peak times. Everyone else on the network is metered too, so people will limit themselves. Unmetered on the other hand is like an all you can eat buffet, only fatties show up and consume everything. Unmetered transfer means off-peak hours yield better throughput then peak time, but on the other hand you have unlimited transfer, so you can flood it nonstop. Since i'm attacking a gameserver i'll want to attack it specifically at peak time to do the most damage. That's when the most amount of people want to play, and i'll get the most "raged" server regulars bitching about it on their website. Keeping my monthly quota in mind, I write a short script to time my flooding on and off in regular intervals scheduled around peak time. This way the server lags out to the point where everyone leaves, and it usually takes a little while to build up players again. The more monthly transfer I have available the more intervals, and longer they can be. Like I said before i'm not targeting the network port, i'm going after the gameserver application itself in order to max out it's CPU. Being only 20mbps, and also it being irregular, network admins on either side often dismiss it. Most network admins still expect the old style continuous and ratio based denial of service attacks. This same idea works the same on websites. Most network admins measure traffic coming to the HTTP servers not other application, database, or storage servers. They don't see a traditional DoS attack according to their mrtg graphs and netflow reports so they don't think there is an attack, which buys you time.
The best thing about my experiment is that if I wanted to take down a competing gameserver it only costed me $5. I didn't need to upgrade my own server, or offer any incentives to people that might cost me money. I'm not limited to just one gameserver either, if well planned, I could probably have launched an attack on the top 10 gameservers in the game. All this for the price of a pack of cigarettes. No contract either, so when i'm done with what I need I just let my VPS expire and move on. It's like a disposal mini botnet. In terms of business sense this has a lot more merit. E-commerce websites traditionally are pretty hardy, but it's come to the point now where a company could simply purchase a bunch of servers to temporarily take down their competitors website for a month. By then nobody would visit their competitors website anymore because it's always down or extremely slow, and move on. Nothing ever stands still on the internet so this type of tactic could have the potential to become a highly controversial, yet effective competitive edge business have. Likewise, once DoS attacking becomes a business tactic, prosecuting it will become that much harder. Whenever you hear about a botnet being taken down it's always because the owners either kept an obviously tracable connection to it at all times, they were dumb and did something like naming it after their mom, or insecurely bragged about it to all their e-friends. By this time concealing this tactic will be as hard as cooking the books financially.
This style of smart denial of service attacking is a temporary thing. Eventually people will figure out how to mitigate it, and it will become mainstream that hosting companies automatically can block it. Right now though it's fresh and unexpected. In the future I forsee inexpensive 1gbps connections under the $100/mo mark. That's faster then what your average hard drive can usefully read at. If the internet were at a bandwidth equilibrium, DoS attacks wouldn't happen. Right now it's unbalanced, and if your able to find a good deal on a cheap server, you've just bought yourself a botnet."
The thoughts in this article can be adapted to other uses, therefore do not represent my views in specific, I just thought it was an interesting standpoint =)
Hope you guys have a good Christmas Holiday peroid.
Alpha.
When most people think of the modern telephone network, the first word that usually comes to mind is "dull". Most people just assume uniformity blankets the network, and don't give it a second thought. With a keen ear and a bit of research, this usually turns out not to be the case. The reality of this behavior, though, is that like software vulnerabilities, one issue won't apply across the board for every program; to be able to identify or execute exploits properly, you have to know what you're dealing with.
That's what this article is here for. The idea of being able to tell the difference between modern digital switches just by the way the ring sounds may be batshit insane, but it's the sort of batshit insane that actually works. Before we begin, though, just keep a few things in mind.
This trick doesn't work from everything. If you're planning on doing this with a cellphone, a cheap VoIP provider like MagicJack, Skype, anything based on Asterisk without a noanswer hack present, or even Google Voice, you may as well stop reading right now. The reason a lot of cheaper VoIP providers aren't up to the job is because to save bandwidth, they feel the need to superimpose their own fake ring over the audio in an unanswered call. Codecs can pose a bit of a problem as well. Whether or not you think GSM or g.729 sounds alright, it's going to be giving you a hard time in the presence of subtle details. First chance you get, find yourself something that lets you hear what's going on with real uLaw.
Let's start off with something simple. DMS-100s and 5Es, as it turns out, aren't just the most common switches out there, they're some of the easiest to tell apart. Take this ringing number on a DMS for example - 206-296-0001. You hear that distortion in the ring? If you can't, it's no problem. Lots of people tend to cram their handset right up against their ear, which is generally a bad idea unless you're trying to hear something that's barely audible. Try gradually moving the earpiece of your phone at the most half an inch away from your ear - it'll help exxagerate the sound.
When you've got an idea of what the distortion sounds like, try comparing it to a 5ESS like the one here; 206-236-0004. Doesn't it sound a lot cleaner and harsh? If you know your history, you're probably familiar with all the fucked up sounding imitations of the Bell System cityring there were. Somehow, the 5E ends up being no different.
As you're probably all familiar with, Comcast has it's own competitive home phone line business. From what I can gather, their network is filled with some sort of weird Lucent softswitch contraptions, so this technically isn't a knockoff of 5E ring, but it sounds like an incredibly smooth, cleaned up imitation of what 5ESSes generate; 503-336-0050. This will typically rings for a good while, but some weird little device on a POTS line will pick up if you wait through about six rings. If you're worried about bothering anybody, the CNAM is COMCAST OFFICE, so at the most, there's a slight chance you'll be annoying some bewildered Comcast employee. This ring is especially important since a surprising amount of residential customers will port their numbers over to Comcast, which makes it a lot less apparent that you're hitting a Comcast switch unless you do ported number lookups on everything you call.
Next up are EWSDs. Since I'm lazy, I'm going to pull a number right out of dual's Airport Discovery scan, which if you haven't already, should totally read; 414-747-5303. Beware some of the other numbers on there that terminate to some kind of PBX instead. Anyway, EWSD ring is a lot like what you'd hear in a DMS-100, but it's got a strange way of fading in and out instead of having a clear beginning and end. If you've heard someone overuse the hell out of a noise reduction feature in an audio editor before, you know exactly what I'm talking about.
In the same league of DMS-100 imitators is the Stromberg-Carlson DCO. Unlike the EWSD ring, DCO ring sounds almost exactly like DMS ring, but the distortion is really, really pronounced. Take a listen; 503-633-9921. This number actually goes to a really old Protel COCOT in a near-deserted farmtown. For some reason, unlike it's twin (633-9951 if you're curious), it takes a really, really long time to pick up the phone. As in, after most long distance carriers time out long time. Whether or not it actually accepts incoming calls, it may as well just ring out since there's almost literally no one around to answer it.
For a switch that usually insists upon being batshit insane in almost every way, the GTD-5's ring sounds pretty normal. Imagine DCO ring. GTD ring is a lot like that, but the distortion is a little louder, and has a lot more high frequencies. To hear it for yourself, 503-667-0018 is a live, real GTD-5 number that rings 'til the cows come home. Like the 5E and DMS ring, I have no idea whether or not it actually rings a live pair, but in the many times I've called it, it just rang forever.
With a ridiculous amount of switches out there that sound way too much like a DMS-100, you'd expect a DMS-10 to be the spitting image of it, right? Wrong. In fact, it sounds nothing like it. The DMS-10 ring sounds more like GTD-5 ring, but softer, and slightly more high frequencies. DMS-10 ring is actually one of the trickier ones to identify. Like the DCO ringing number, I decided it'd be easier to give out the number to a payphone in the middle of nowhere. Shouts to filer for getting the number for me. 218-466-9215.
So that about sums it up. Like with any skill, being able to identify these switches takes a bit of practice. In this case, if you're ever unsure, keep a window with telcodata or your favorite switch lookup site handy, and in days, you'll be the envy of phone nerds everywhere! Since, y'know, that's something everyone wants to be...right? Guys?
-ThoughtPhreaker
London Scan, November 7th 2009.
Same drill as last time except I concentrated souly on London ranges. London is covered by 3 area codes 0207, 0208 and 0203 0207 is mainly inner London including the City of London and Canary Wharf (the main financial areas of London).
0208 is outter London, nothing too interesting here a few interesting things can be found with the right amount of research.
0203 is London overspill, because London is heavily populated they were running out of numbers so they created an overspill range, one of these 0203 ranges is actually owned by Skype (0203 032 XXXX).
Remember if dialling in internationally our dialling code is +44 so from the USA you need 011 44207 XXX XXXX and so on. Again as I said in my previous scan memorable combinations often lead to the best results as people will want a number that is easily remembered and easily dialled for whatever reason.
I hope you enjoy this scan, any questions or comments come onto xsbb.antilimit.net and ask us or even come to irc, irc.darkscience.ws #netxs and feel free to ask us.
RP
#######################################################
# 0207 (inner London, 5 numbers in 5 different ranges)#
#######################################################
0207 495 XXXX
+44207 495 0000 Audi Dealership
+44207 495 6282 Burtons (mens clothes)
+44207 495 2000 Really quiet answer phone
+44207 495 0852 BT Callminder (answer phone for when the person is on the phone)
+44207 495 7777 Hoxfield something
0207 113 XXXX
+44207 113 2580 Fax
+44207 113 2000 Fax
+44207 113 2001 Not in use
+44207 113 9999 Not in use
+44207 113 9998 Not in use
(N.B All numbers I dialled in that range bar the 2 fax numbers were dead, how shitty :()
0207 120 XXXX
+44207 120 0000 Callmonitor customer services (www.callmonitor.com)
+44207 120 0001 Fax
+44207 120 0003 Voicemail
+44207 120 0005 Voicemail
+44207 120
(N.B All other numbers apart from these were again dead ...)
0207 763 XXXX
+44207 763 0000 Answerphone
+44207 763 2580 Silent with clicking
+44207 763 9998 Ring off
+44207 763 1000 Robotic voice "this service is no longer available"
+44207 763 0001 Capital Investors
0207 742 XXXX
+44207 742 9999 JP Morgan asset management
+44207 742 2580 A non working number at JP Morgan
+44207 742 1000 Hello JP Morgan?
+44207 742 0852 A non working number at JP Morgan
+44207 742 0001 Ring off
########################################################
# 0208 (outter London, 5 numbers in 5 different ranges)#
########################################################
0208 136 XXXX
+44208 136 0000 Strange tones
+44208 136 0001 French chat line
+44208 136 2580 Same as 0000
+44208 136 0852 Same as 0000
+44208 136 9999 Same as 0000
0208 150 XXXX
+44208 150 0000 Sorry this service is no longer available
+44208 150 8888 Fax
+44208 150 4000 Genesis Housing Group, Number changed to +44208 451 8000
+44208 150 4001 Genesis Housing Group, Number changed to +44207 563 0120
+44208 150 6000 Forwarded to T-Mobile voicemail
0208 634 XXXX
+44208 643 9999 Test number at an IP exchange
+44208 643 2580 Enter your pin and account number now
+44208 643 2581 Enter your pin and account number now
+44208 643 9000 Car Service
+44208 643 3110 Some industrial company or other
0208 779 XXXX
+44208 779 0000 Hold music, no announcements
(N.B This whole range is the same as 0000)
0208 775 XXXX
+44208 775 0000 Welcome to Cheers Communications *hangup*
+44208 775 0001 As above
+44208 775 8000 Please hold *music*
+44208 775 4000 As above
+44208 775 9000 As above
###########################################################
# 0203 (London spillover, 5 numbers in 4 different ranges)#
###########################################################
0203 011 XXXX
+44203 011 0000 No answer at extension, VMB.
+44203 011 0001 As above
+44203 011 2580 As above
+44203 011 9999 As above
+44203 011 5000 As above
0203 002 XXXX
+44203 002 0000 Ring off
+44203 002 2580 Sounds like foreign business tones or a re-order
+44203 002 0852 Does not allow calls from withheld numbers
+44203 002 9000 Debt Review VMB
+44203 002 9001 VMB
0203 029 XXXX
+44203 029 0000 None working number please call blah blah
+44203 029 2580 Unable to complete your call, please leave a message(?)
+44203 029 9000 As above
+44203 029 0852 As above
+44203 029 0002 As above