Ambrosia Garden Archive
    • Passive trace unbreakable?

      6 14 440

      I got a job to hack a mainframe and delete all files, which I did. I deleted the corresponding routing logs on InterNIC AND on Uplink Test Server (using v4 log deleter). This was a while (back) - about a day or so. The hack made the news long ago. Now Uplink erased my account, because they found me. :frown:(

      Luckily, I got a backup. I supposed this was a passive trace, so I went to UTS and deleted ALL logs on the server using a v4 log deleter. I left just the line where I connected to the server (so that the disconnection line would not be suspicious). I did the same for InterNIC, too.

      2 hours later, they found me again. I still have the backup to revert to, but I am at loss how to stop them.

      I have the best gateway, equipped with motion sensor / autodestruct, so I was able to escape by nuking the gateway. A few minutes later I got an email from Uplink that my former box was seized and the investigators found nothing on it.

      But I would like to find a cleaner solution. It's half a million lost - all hardware, all software. (Just my neuromancer rating went way up.)

      Does anybody have an idea how they could find me / why this happens?

      ------------------

    • you only need to delete the logs at internic. if your hacking somewhere else to delete the logs, they are probably tracing you too, so dont bother. If you let them complete the active trace, it doesnt mater how fast you are deleting logs, they will have already found you. is this the case?

      if not, all i suggest you do is upload all your software to a fileserver, (one you got in a mission) ie, accept a "copy research data" mission, and use that to store your programs. then, destroy your gateway, go back, and there they are. you'll need to upgrade your hardware, but the software is still there 🙂

      this is all you can do, but it's better then nothing 🙂

      ------------------
      We dont stop playing cos we get old.
      We get old cos we stop playing

    • Quote

      Originally posted by elDiablo:
      **you only need to delete the logs at internic. if your hacking somewhere else to delete the logs, they are probably tracing you too, so dont bother. If you let them complete the active trace, it doesnt mater how fast you are deleting logs, they will have already found you. is this the case?
      **

      No - of course they never completed an active trace - in fact, I never let them complete more then half of it. The first two hops on my path are Uplink Test Server and InterNIC. I regularly delete logs from both. They do start an active trace from Uplink Test Server, but if I understood correctly a passive trace is never started from there - so I do hack in there quite often to remove the routing logs.

      Also - if they would complete the active trace, they would jail me immediately I suppose. Which is not the case. The news about the hack came out about 10 hours ago. So this must be a passive trace or some other sort of conviction.

      (quote)Originally posted by elDiablo:
      **if not, all i suggest you do is upload all your software to a fileserver
      (...)
      this is all you can do, but it's better then nothing 😕

      ------------------
      **

    • Just an idea: have you checked to make sure that noone has tampered with your criminal record? I mean, if you can do it to frame other people...

      'glove

      ------------------
      Compilers - the ultimate god games.
      (edit) I wish there was a preview feature on this board. (/edit)

    • Quote

      Originally posted by Kidglove II:
      **Just an idea: have you checked to make sure that noone has tampered with your criminal record? I mean, if you can do it to frame other people...
      **

      Somehow on my criminal record appeared Unauthorized access. But that was a while ago, I hacked the Global Criminal Database and cleared my record. Nothing ever since - my record is clean.

      Also, I check back and here is an update on what I did: I hacked Walker Tech. Mainframe on aprox. 2AM, 3rd April 2010. This was a mission where I should copy 70Gq from the server. I always hacked the LAN without problems but as soon as I entered the main server and hacked an admin on it, the real admin would connect and start an active trace. I tried to copy files as fast as I could, but he would disconnect me about half way through the active trace. Since it was 8 files, I had to connect several times over, but I always deleted the routing records on both InterNIC and UplinkTS as soon as I got disconnected. I used all the bypassers (latest versions) so I am not sure why I couldn't complete this totally silently. 😕

      Now my agent is at 4:30AM and I know that slightly after 5AM they are going to come for me. I have made all the preparations: all my software is uploaded to a file server (I wonder why I can't use the Uplink Test Server fileserver - I can't upload there). I also hacked another fat account with 600k$, so that I don't starve after I have to blow my gateway. 😉

      Still, if anybody has an idea what I did wrong - any suggestion is welcome.

      ------------------

    • Quote

      Originally posted by Zzen:
      **Yeah, that could work, it's definitely several hundred thousand saved.
      Still - I wonder how they could find me. And how I could have prevented this. I am sure I routed at least through one of the server (InterNIC or Uplink Test Server) as my FIRST hop and I deleted ALL logs on both of them several hours before the arrest. Any ideas? 😕

      **

      the ALL logs part is your problem... when hacks get this damaging the passive traces become more presistant and will pick up on inferrances of the sources, ie "admin password accepted" and non matching connect/disconnect. The later is your flaw- you need to leave one "connect" so that it will match with the disconnect that's created when you disconnect. However, it may be to late for this, as the trace may already be done at your backup point. Remember, it takes a few hours for them to get to your gateway, and arrest you. So, I'd say the best way to go is to nuke the gateway, but if you have the time and some nice bypassers, rob a bank with an account number from a "trace balance transfer" mission. just remember to delete the logs in the "account statement" at both banks. This way, you can get all your junk back in no time.

      (edit) reading your last post, yeah, that trace is quite done. Steal some money, and nuke it.

      ------------------
      "He has a company that makes computers. Or a computer that makes companies. Anyway, you wouldn't understand."-Homer

      (This message has been edited by joethebarber (edited 06-01-2003).)

    • Quote

      Originally posted by joethebarber:
      **the ALL logs part is your problem (...) you need to leave one "connect" so that it will match with the disconnect that's created when you disconnect.
      **

      This was maybe a bad formulation on my part later on, but I did indeed leave the matching connect line in the log. See my first post, second paragraph:

      Quote

      Luckily, I got a backup. I supposed this was a passive trace, so I went to UTS and deleted ALL logs on the server using a v4 log deleter. I left just the line where I connected to the server (so that the disconnection line would not be suspicious). I did the same for InterNIC, too.

      I don't want to give you the feeling that I dismiss any idea anybody comes up with. It's just that I think I really took care to cover up everything well.

      Quote

      **
      reading your last post, yeah, that trace is quite done. Steal some money, and nuke it.
      **

      Well, I've got older backups, too. But this raises an interesting question: does anybody know how long a hop in passive trace usually takes? I know it takes about 5 minutes from your motion sensor going wild till they arrest you. Anybody have a better idea?

      ------------------

    • If the admin of a lan traces you, you're dead already. You have to disconnect before you get booted.

      When you hack into another machine to clear your logs, make certain you also delete the "admin password accepted from:" field, or whatever that is. They look at anyone who is not authorized to access the thing. You should always make Internic the first hop: it doesn't actively nor passively trace. In fact, you can just hack them directly from your home computer and never be caught (as long as you remove the admin access log).

      It doesn't really matter how long a hop in passive trace takes. Just remove the bounce logs from Internic after every hacking attempt and you're golden. I suppose that it's based on their monitor level, if you really want to know.

      ------------------
      In girum imus nocte et consumiur igni.

    • Quote

      Originally posted by Tacroy:
      **If the admin of a lan traces you, you're dead already. You have to disconnect before you get booted.
      **

      OK, so now we are getting somewhere. So how do you guys hack the LANs? I connected (first hop Uplink TS, second hop InterNIC, last hop their Internal Service System). I applied the v5 bypassers, I clicked on the router, then went to a terminal. Connected to that terminal, ran a password breaker, logged into that terminal. Then I spoofed (LAN_spoof) the network into thinking I was the terminal. Connected to the Access server, hacked into it, changed the security lock. This opened the lock, I connected through it to the mainframe system. As soon as I completed the hack of the mainframe, the real admin would connect. The very second I did this - every time. I figured out you cannot get in without raising alarm, so I just took comfort of hopping around banks and hacked system all around the world - thus the active trace took them aprox. 200s. It never really got down under 100s, since they would boot me of the LAN before that. Now - is that the problem? Should I have disconnected the same moment that admin connected? How do you get silently into the mainframe?

      Quote

      Originally posted by Tacroy:
      **It doesn't really matter how long a hop in passive trace takes. Just remove the bounce logs from Internic after every hacking attempt and you're golden. I suppose that it's based on their monitor level, if you really want to know.
      **

      Umm - the monitor level would probably be connected to active trace time, but passive trace is done manually by people inspecting the logs - remember? (Naturaly all the routing logs are v5 deleted from InterNIC, and they still get me.)

      ------------------

    • Quote

      Originally posted by Tacroy:
      **If the admin of a lan traces you, you're dead already. You have to disconnect before you get booted.
      **

      Incorrect. You only get disconnected.

      Passive trace hops can range massively. If you do a weak system with tons of jumps, it can take a good many hours. Banks with only a few jumps will be extremely fast, in the range of a few minutes, I think. (Correct me if I'm wrong..) I'm betting your problem was a careless fast forward click, or something along those lines, as you seem to know what you're doing. Just make InterNIC your first bounce every time, and the moment you disconnect from the target server, go nuke the logs. Also, prehaps you did the LAN hack in multiple connections, and didn't delete the logs in between tries? Or maybe you missed the click on InterNIC for one of the connections. Really, though, don't waste too much time analyzing how they caught you, just nuke it and try again.

      ------------------
      "He has a company that makes computers. Or a computer that makes companies. Anyway, you wouldn't understand."-Homer

    • You cannot 'silently' hack the mainframe of a LAN, just like you can't silently log in as admin on any normal machine.

      The admin will log onto the lan and slowly trace you through all the components you've gone through on the lan, if you switch to LAN_view you can see him do it. If you click Reset on LAN_view, you'll stop the admin looking for you, but also effectively reconnect to the lan. You'll still have any active trace going on you though.

    • Quote

      Originally posted by The GoldFish:
      **(...)like you can't silently log in as admin on any normal machine.
      **

      Wierd thing - this is true for normal machines. I thought this was true for banks aswell. I don't know what I changed (maybe I started using v5 bypassers more diligently) but recently I repeatedly managed to hack the whole bank Administration (all 3 protections) log into the administration and browse through for as long as I wanted, without ever raising an active trace.

      This was really cool, I could copy ALL the account numbers in the bank, then close the administration and password-crack all of those numbers - all without ever disconnecting or raising an active trace. So now I 0wn all accounts on 3 of the banks, I didn't care to try more, since all the accounts seem to have only ~5k. It seems the accounts really get any bigger amount of money only after you accept the corresponding trace bank transfer or colleague wants to make a donation or similar mission.

      ------------------

    • Quote

      Originally posted by joethebarber:
      I'm betting your problem was a careless fast forward click

      Just a quick side-note: I rarely fast-forward.
      I am aiming for rocketing up the Rankings board as quickly as possible. So now the date is 4th of April (8 days into the game IIRC) and my rank is Elite, I have 900K in banks and top-of-the-line HW/SW. What's your game date/rank? (Maybe we could start a new topic with this.)

      I still didn't get the news item saying the top agent was found dead from pills overdose (so I haven't started the story-line I conclude). I hope the dead won't really be the top agent in my case - since I am now the top agent on the Uplink Ranking list. 😉

      ------------------

    • Quote

      Originally posted by Zzen:
      I still didn't get the news item saying the top agent was found dead from pills overdose (so I haven't started the story-line I conclude). I hope the dead won't really be the top agent in my case - since I am now the top agent on the Uplink Ranking list.;)

      nah, I'll be the second, lucky for you. The storyline will start real soon, I bet if you look in the news you'll see that he's quite dead already, and the email will soon be sent. (april 11th if memory serves...)

      ------------------
      "He has a company that makes computers. Or a computer that makes companies. Anyway, you wouldn't understand."-Homer