UGN Security
Posted By: Cobweb AY Spy and IP Tools. Trouble? - 04/23/03 09:45 PM
About AY Spy and IP Tools: How much, if any, trouble can you get into with these programs?(At the least and the most) And some random info on these programs would be nice. Why? Because I downloaded them and was screwing around with them and was wondering if I can expect the feds at my door anytime soon...
Posted By: Infinite Re: AY Spy and IP Tools. Trouble? - 04/23/03 10:46 PM
I have no idea what AY Spy is, but I've used IPtools before. The amount of trouble you can get it would depend on how you use it I suppose. Port scanning can make a lot of "noise" if you are scanning whole ranges of ip's. One of the more common types of scans is called a syn scan. This is basically where you send a syn packet to every port on a machine and see what kind of response you get. Because this is so common, a lot of devices will detect this massive rise in syn packets and log it. If you are persistant against a single target they may report you to your ISP. Or it is even possible that your ISP will notice the flood of syn packets coming from you and take action on there own. Either way, moderation is an approach that you should consider as it is anybodies guess exactly how much they (ISP or your target) will tolerate. As for the other utilities in IPtools, there's nothing that you can really get in trouble with there.

Infinite
Posted By: Cobweb Re: AY Spy and IP Tools. Trouble? - 04/24/03 12:35 AM
...Hmm. I was screwing around the Port Scan option. I don't recall messing with a syn scan, but i'm not to sure. But tell me, do I need to worry about my internet service provider taking any actions, if so, whats the least and the worst actions my ISP could do? Plus, I wasnt even sure who my target was. Im just worryed. I shouldnt of been messing with it without studying it a little longer. Hell, I dont even know what a syn packet is- but do recal seeing them come up on the IPtools interface. Oh well. I just hope to god that no one shows up at my doorstep. I stoped messing with it as soon as I got a hunch of what I was doing so I hope they could tolerate that. <img border="0" alt="[[censored]]" title="" src="graemlins/[censored].gif" />
Posted By: Infinite Re: AY Spy and IP Tools. Trouble? - 04/24/03 12:56 AM
Naw, for casual messing around you don't need to worry man. When I say someone might notice, I mean after like 8 hours of sustained scanning. Fot the odd scan here and there you should be fine.

The worst they can do is cut off your internet. I don't think there is anything illeagal in scanning itself. But the thing is why are you scanning other machines in the first place? I sure as hell don't think it's because you are a concerened citizen and are looking out for other people's unsecured machines. But if you find an ISP that does beleive that then let me know so I can get on there network wink Either way, I wouldn't worry about. Just don't leave your puter scanning a class A subnet for a week.

As for syn packets, I'll give you a quick explanationon that.

With TCP (if you don't know what TCP is just pretend this applies to every connection your puter makes), when you connect to a remote machine the first thing that happens is the connection has to be set up by both you and the machine you are connecting to. This is done with what's called a "three way handshake". Because you are the machine that wants to make the connection, you send the other machine what's called a 'syn' packet, which is basically a request for a connection. The remote machine will respond (IF the port is open and a service is listening on the other end) with what's called a 'syn/ack' packet. This is basically an acknowledgement of your request that says "Ok, I'm listening". After you receive a syn/ack you send back an 'ack' packet to let the remote machine know you recieved it's ok, and that you are good to go. After this happens normal transmission of data can happen.

__YOUR__ ----syn---> Remote
COMPUTER <-syn/ack-- Machine
________ ---ack--->

That's it in a nutshell. There is really a lot more involved than that, but this should at least give you an idea of what it is.

So.... When you send a syn packet to a port, if (and I mean IF) there is a service listening on that port then it should send a syn/ack back to you. This is how a scanner knows if a port is open or not. And just as a note, scanners do not send the ack packet back, which is why this type of scanning is sometimes called a "half open" scan, cause as you should be able to see now, it leaves the connection setup halfway through it's natural course laugh

Ok, I'ma go eat dinner now.

Infinite
Posted By: Cobweb Re: AY Spy and IP Tools. Trouble? - 04/24/03 01:18 PM
Thanks for the info. I really appreciate it.
© UGN Security Forum