#-----------------------#
#// Page 33 | Issue 1 //#
#=======================#

http://page33.port5.com
page33@mail.com

STAFF //	blakmac -- editor in chief, webmaster
		diversereality -- resident genius, penetration specialist

TOC //		Introduction -- blakmac
		Information on Denial of Service(DoS) Attacks -- Ness
		Fun sounds in QBasic -- Ness
		How I Knew When I Was a Hacker -- Revelation
		Dan's Desktop: The Wonder of Coffee

=======================================================================
Introduction // blakmac	[page33@mail.com]

Welcome to the first issue of Page 33.  I do realize that this content
has been on the site for quite some time now, however the earlier docu-
ments were not very well organized and/or put together (I believe that
may be redundant).  Basically, we just took the original issues 1-1 and
2-2 and compiled them into this handy single-file format.  We also killed
off krypt0n0mic0n's rantings, simply due to the fact that we felt they 
really did not belong, no offense.  

As you may have noticed, we have been working on the website a little bit
[http://page33.port5.com] and we intend to keep working on it until it
becomes a very nice security site.  Currently, we are looking for a content
management system, or simply people to write up some content for it.  The
catch to this whole thing is that we want a streamlined site that looks
good without rendering our web design skills totally useless.  Any content
can be submitted to [page33@mail.com] for approval.  We are looking for
content that discusses security/telecommunications/social engeneering, but
we do not plan on hosting any warez/anarchy/opinion files.  Why?  Because,
we are first and foremost a security site.  Vulnerabilities, exploits, open
source code, and the like are also welcome (and preferred, I might add).

We haven't totally decided to release a second issue, however it is very
possible.  More than likely, issue 2 will be a compilation of the articles
we release on the website in addition to articles we might find on the web.
Also, if articles are not published on the site, it is still possible that
they will be published in the zine.  Therefore, it is advised that one might
read the site and the zine...

Thank you for spending some quality time with Page 33.  If you like this site/
zine, please tell your friends about it.  If you didn't enjoy the experience, 
please tell your friends anyways, and tell your enemies as well.  The more 
the word is spread, the better we will become.  Submit all articles/rants/raves
and the like to the aforementioned email address.  Until next time, enjoy.
============================================================================

============================================================================
Information on Denial of Service(DoS) Attacks // Ness

//The Ping of death: The ping of death uses the system utility. (ping in MSDOS 
and most other operating systems). It uses the program utility to create a packet 
that exceeds the maximum 65,536 bytes of data allowed. The oversize packet is then
 sent to a system. The system may crash, halt, or even reboot when they get these 
big fucking packets. But all new operating systems vendors fixed this to handle 
people and there oversize packets.
 
//Syn Attack: Weaknesses in the TCP/IP(Transmission control protocol/internet 
protocol) specification leave it open to Syn attacks, executed during the three-way
 handshake that kicks off the conversation between two applications. Under normal 
circumstances, the application that initiates a session sends a TCP SYN synchronization 
packet to the receiving application. The receiver sends back a TCP SYN-ACK 
acknowledgment packet and then the initiator responds with an ACK acknowledgment. 
After this handshake, the applications are set to send and receive data.
 
But a SYN attack floods a targeted system with a series of TCP SYN packets. 
Each packet causes the targeted system to issue a SYN-ACK response. While the 
targeted system waits for the ACK that follows the SYN-ACK, it queues up all 
outstanding SYN-ACK responses on what is known as a backlog queue. This backlog 
queue has a finite length that is usually quite small. Once the queue is full, the 
system will ignore all incoming SYN requests. SYN-ACKs are moved off the queue only 
when an ACK comes back or when an internal timer (which is set at relatively long intervals)
 terminates the three-way handshake. A SYN attack creates each SYN packet in the flood 
with a bad source IP address, which under routine procedure identifies the original 
packet. All responses are sent to the source IP address. 
 
But a bad source IP address either does not actually exist or is down; therefore the 
ACK that should follow a SYN-ACK response will never come back. This creates a backlog 
queue that's always full, making it nearly impossible for legitimate TCP SYN requests 
to get into the system. Firewall vendors such as Checkpoint, Cisco, and Raptor have 
incorporated features into their products to shield your downstream systems from SYN 
attacks. In addition, your firewall should make sure that outbound packets contain 
source IP addresses that originate from your internal network, so that source IP 
addresses can't be forged (or spoofed) from the network.
 
//Land attack: A simple hybrid of the SYN attack--hackers flood SYN packets into the 
network with a spoofed source IP address of the targeted system. Even with SYN fixes 
in place, a Land attack can cause problems for some systems. Although this type of 
attack is new, most OS vendors provide fixes. Another way to defend your network against 
the Land attack is to have your firewall filter out all incoming packets with known bad 
source IP addresses. Packets that come into your system with source IP addresses that 
identify them as generated from your internal system are obviously bad. Filtering packets 
will neutralize exposure to the Land attack. Among the known source IP addresses that 
you should filter are 10.0.0.0 to 10.255.255.255, 127.0.0.0 to 127.255.255.255, 
172.16.0.0 to 172.31.255.255, and 192.168.0.0 to 192.168.255.255.
 
//Smurf Attack:(Same used in the Yahoo, and CNN attacks)A lot more dangerous than any 
initiative launched by their cartoon namesakes, the Smurf attack is a brute-force 
attack targeted at a feature in the IP specification known as direct broadcast addressing. 
A Smurf hacker floods your router with Internet Control Message Protocol (ICMP) echo 
request packets (pings). Since the destination IP address of each packet is the broadcast 
address of your network, your router will broadcast the ICMP echo request packet to all 
hosts on the network. If you have numerous hosts, this will create a large amount of 
ICMP echo request and response traffic.
 
If a hacker chooses to spoof the source IP address of the ICMP echo request packet, 
the resulting ICMP traffic will not only clog up your network--the "intermediary" 
network--but will also congest the network of the spoofed source IP address--knows 
the "victim" network. To prevent your network from becoming the intermediary, you can 
turn off broadcast addressing if your router allows it (unless you need it for multicast 
features, which haven't been fully defined yet), or you can let your firewall filter the 
ICMP echo request. To avoid becoming the victim of a Smurf attack, you must have an 
upstream firewall--preferably a border router--that can either filter ICMP echo 
responses or limit echo traffic to a small percentage of overall network traffic.
 
//UDP Flood: The User Datagram Protocol (UDP) Flood denial-of-service attack also 
links two unsuspecting systems. By spoofing, the UDP Flood attack hooks up one 
system's UDP chargen service, which for testing purposes generates a series of 
characters for each packet it receives, with another system's UDP echo service, 
which echoes any character it receives in an attempt to test network programs.  
As a result, a nonstop flood of useless data passes between the two systems.  
To prevent a UDP Flood, you can either disable all UDP services on each host in 
your network or--easier still--have your firewall filter all incoming UDP service 
requests. Since UDP services are designed for internal diagnostics, you could 
probably get by with denying UDP service access from the Internet community. But 
if you categorically deny all UDP traffic, you will rebuff some legitimate 
applications, such as RealAudio, that use UDP as their transport mechanism.
===============================================================================

===============================================================================
Fun sounds in QBasic // Ness

When I was attending SWIC (South Western Illinois College) I wanted to take C 
but to get there I had to take QBasic, yes, I know, QBasic sucks and it is very 
easy.  The fun part about the class was messing around with QBasic.  I found 
information (while looking in the manual) about Sounds, and, I wanted to be 
uber-sexy-techo-cool-programmer-guy so here is a program you can execute to 
make funky music, you must have a PC speaker to do this by the way.
 
CLS
DO
  f% = RND * 1000
   IF f% < 30 THEN f% = 30
     d% = 1
       SOUND f%, d%
   LOOP UNTIL INKEY$ = CHR$(27) 'Hit ESC to stop it.
END
================================================================================

================================================================================
How I Knew When I Was a Hacker // Revelation LOA/ASH [8/24/96]

I have heard the question many times, "How do I know when I am a
hacker?". Each time that I heard it, I would ponder it for days at a time,
thinking, how did i know when i was a hacker. It has taken me a long
time to discover what makes a person a hacker, and what traits a true hacker
has. I decided to write this file in order to help newcomers know when they
have become hackers, and to provoke the thought of this question in the minds
of the advanced hackers.

There are many things that make us what we are. One, is the
determination and the drive the gain knowledge. I had always thirsted to gain 
knowledge about computers. They have intrigued me in a way few things have done. 
My mind had flooded with questions about them. So, the only way to satisfy my 
thirst, was to learn. I enjoyed learning in general, and I could never learn 
enough about computers and the way they work. I learned about computer hardware, 
software, and operating systems in my spare time. I downloaded all of the 
information that I could off of the Internet. And still, I thirsted for more.

After i had learned about all of the operating systems, the hardware,
etc. I wondered what it would be like to actually operate one of these
systems. So I began thinking, how could I use an operating system that I
didn't have. Then it hit me. I remembered having watched the movie "War Games"
and remembered how he gained access into a system. He was a Hacker.
I knew what hackers were, and they also intrigued me. They were very
mysterious to me. I wanted to learn about them too. And I wanted to become
one.

I had just gotten an Internet Service Provider, and I began to
understand more and more about the Internet. I began going to hacking
newsgroups, World Wide Web Pages, etc. I downloaded hacking text files and
programs. I began to understand that hacking wasnt about crime, as it was
portrayed in movies. It was about the pursual of knowledge, which is what i
wanted in the first place. I began to take a great interest in this. I would
spend most of the day, if not all, learning and reading about every aspect
of hacking.

Eventually I had felt like I knew alot about hacking, and I had hacked
many, many times. I thought I was a hacker, but yet I felt like I was
still an outsider. I was always nervous about asking questions, but than I
decided not to worry about it. I asked alot of questions and began to make
friends with people throughout the world who were hackers. I felt like I was
finally being accepted by the hacking community.

Then I noticed that there were some very good hackers attending my
school. We started to get together frequently and traded hacking material
and information. That is when I decided to make it an official hacking group.
I named it LOA (Legion Of the Apocalypse). This also made me feel more like
a true hacker.

One day I recieved a few questions from some beginning hackers that
I met on IRC (Internet Relay Chat). I proudly answered their questions, and
I began thinking back to when I was a beginner. I remembered how difficult
it was to gather all of the information I wanted. So I decided to write a
beginners guide called "The Ultimate Beginner's Guide To Hacking And
Phreaking". It is available now on various hacking W.W.W. Pages. These
pages are listed at the end of this file. I sent it out to my friends and
they in turn posted it on their pages.

Then I started recieving a ton of E-Mail asking for the file and
asking me various questions about hacking and phreaking. I answered every one
of them with pride and happiness, because this is what being a hacker is all
about. It's about the pursual of knowledge, the helping of others, and having
fun. It is not about spreading viruses or crashing systems, like the public
seems to think. When I understood all of this, and I learned more about
computers in a several years then most people learn in a life time, i began to
realize who hackers really were, and i was one of them. I understood that
hacking isn't just a hobby, it is a way of life. You cant just
decide one day that you want to be a hacker....you must work at it for a very
long time. Even if you "retire" from hacking, you will always be
a hacker at heart.

It was then that I knew that I was a true hacker, and I
would always be one.

I hope know that you understand what hacking is, and that you will
know when you have become a true hacker. Remember that knowledge is power,
and that only the ignorant take it for granted. Maybe one day the government
will realize that we harm no one, and that all we want is knowledge. I hope
that i have helped you in your quest for knowledge about hacking.

[[LINKS REMOVED -- PAGES NOW DEFUNCT]]

Keep an eye out for the LOA home page coming sometime in October. It
will have everything!!! Also, our quarterly online magazine called " Too
Many Secrets" is coming out, so check that out too. If you have any questions
or comments please email me, Revelation, at:

revelationmail@usa.pipeline.com

LOA/ASH Members:

Revelation
Phreaked Out
Phreak Show
Logik Bomb
Silicon Toad
Punk Phreak


Happy Hacking!!!
==========================================================================

==========================================================================
Dan's Desktop: The Wonder of Coffee

Coffee!  What a wonderfully rich and pungent elixir it is!  Its aroma seduces 
the sense of smell and awakens the hunger.  It courses through a man's veins 
like glorious sun light, awakening the mind and speeding the heart.  The warm 
glow stays in the belly only a short while, and leaves the body with relief.  
It is an inviting friend to all!  For the rich, a status symbol, to the poor, 
a slight reprieve.  For yuppies, a fad, to the working man, gasoline!  
"Hypertension", "Blood Pressure", "Stomach Ulcers":  These are the catch phrases 
of the weak and feebleminded! They who would have us all live in a caffeine free 
world do not properly value our friend.  Nor do they, in their current state, 
fully appreciate the Godsend that is the coffee bean.  They are to be shunned, 
shot for treason!  

So to you Juan Valdez, your silly burro, the thousands of Columbian peasants 
picking through fields of treasure, to customs agents and truckers named Joe, 
many thanks.  I lift my cup to you and drink deep of the nectar you all work 
so hard to bring us!

...hm, needs sugar.
=============================================================================

[END NOTES]

That's it for the first issue.  Number 2 will be better, hopefully (you know how it goes).

[http://page33.port5.com]
[page33@mail.com]

[/END NOTES]