BTW, thanks everyone for your prompt responses. I so love this board.
Semantics over DNS vs. dotted octet addresses aside, not returning ICMP (ping) packets is one of the most elementary security steps taken by anyone who is securing a system. A more likely avenue is to have the Good Guy notice that the Bad Guys are trying to traceroute him to find out where he is physically (by having monitor programs on upstream servers, of course). I’ve used it to find out which neighbourhood server my ISP is serving me from (by using traceroute to my home firewall, even though my firewall swallows ICMP packets), for instance.
IMHO, if you can keep it accurate without being boring, you’ll thrill the geeks. A well-known example is Trinity using nmap in The Matrix Reloaded; meaningless to most people, but kinda cool to those who recognize it (as well as the fact that she actually uses a real-life security hole in SSH to hack the power station’s computer).
I highly recommend The Cuckoo’s Egg by Cliff Stoll. It’s non-fiction story of how a non-geek counter-tracked a hacker, and it’s not boring or lame.
Here, let me do some Geek to English morphing for you…
If you want it to sound realistic, pinging ain’t gonna tell them a whole lot except that the IP is live and the time it took to reply. “Probe”, although not meaning anything in particular, is good for this scenario because a geek will think “Aha! Port scanning or IP tracing!” while a non-geek will still recognise the word and kind of get the idea.
The “real IP” bit is because a hacker wouldn’t access a target system directly. To put it very vaguely - they would go through other systems first to make it look like the intrusion was coming from elsewhere. It is known as IP spoofing.
You don’t need to know an IP address in order to ping it, indeed, there are any number of ping ing/port scanning utilities out there and you can use these to ping a whole block of IP addresses, logging the responses (if any)
Of course the total number of possible IP addresses is rather large, so you can’t just start at 1.1.1.1 and hope to get anywhere particularly fast, but if you’re looking for a specific answer within a known range, or just a specific vulnerability anywhere, then you don’t have to have much of a firm idea of the target IP address until after you discover it.
So, Deadly Accurate, it sounds like you need to have your uber-geek stick with your proposed diaglog, then have an unter-geeg chime in with: “What a bunch of lamers! they go to all the trouble of typing in your IP address when they coulda just used your computer name via DNS.”
I think the original excerpt is OK except that I would replace “IP” with “IP address” (nobody says “ping my IP” - ping my Internet Protocol?), and, per Cerowyn, say perhaps “someone was trying to traceroute me” or “traceroute my IP address”. There wouldn’t be much value in their merely pinging the IP address of a suspected hacker.
I think this is what is hanging everone up here.
To do a ping, you need an IP address. Period.
We all have access to DNS (domain name server), which will happily look up the IP address (which the ping application will pass to it for you) if you provide a text-based address like www.something.com.
But not every address has a named address. and in those cases, you need to know the IP… DNS wont help you.
Agreed, technically, but if someone said “OMG! Someone pinged me! they had to know my IP to be able to ping it!”, I would laugh in their face.
There are any number of reasons why an incoming ping might happen, and most of them don’t have anything to do with knowing who you are.
Is this a contemporary storyline? And is your hacker supposed to be any good?
I ask because for many years now, hackers with any savvy have had the luxury of tapping into armies of compromised systems. So that even when investigators are able to determine an IP responsible for unauthorized access, all they find at the end of the trail is…a compromised system.
Opening that can of worms might kill the plot point though.
It is sometimes possible to do forensic analysis on a compromised system to determine the IP that was used in turn to connect to it, but not if the hacker is any good. And even so, all you’d have is another trail to yet another compromised system, etc, etc.
My coworkers and I sum the whole clusterf*ck up in two words: job security.
Correct me if I am wrong
An IP address is like a telephone number - it is unique
If you know the telephone number you can try dialing it and see what happens.
If you do not know the number, but you have a person’s name you can look up their number in the telephone directory - which is called a Dynamic Name Server.
Just to make things more sinister, behind each telephone number is an exchange with many extensions - some of those extensions are rigged up to modems, dial in on one of those, get a connection, and you are into their system - big time.
These extensions are called ‘ports’.
Here is a site that has ‘caller number recognition’
Here is a site that has a ‘reverse number lookup’ eg: number to name and address
Examine the top right corner, then use the left hand box titled WHOIS Lookup (it is blue)
Now go to this site: https://www.grc.com
Go down to ‘Shields Up’ follow that and keep looking for ‘Shields up’
This guy knows a lot about computer insecurity and has something that will ‘probe your ports’ eg: ring your number and try to get the various extensions to answer.
Some people think Steve Gibson is a nutter - others think he is dead smart.
Personally I detest reading fiction where the author has no idea how the computer really works, and you have an opportunity of describing things as they currently are, and in plain English.
To put it crudely, Frederick Forsyth’s ‘The Day of the Jackal’ was a precise how-to-do-it manual - and I reckon that is what made it such a hit.
You DeadlyAccurate, have a chance of keeping your facts 100% accurate, also putting them in layman’s terms
- there are enough people here who understand a lot more than I do, and many who are capable of whipping it into layman’s terms.
Your White Hat is flustered because his telephone exchange shows that someone is ringing his private number, and he thought he had fixed that by using a relay that he had fitted in someone else’s telephone system.
“Sure,” he says, “any fool can see who is dialing in, but they should be seeing anything but my real number, what really spooks me is that they are going for port xxx, which means they know their stuff - and if they got in they would crack me.”
In this case I would fallback to getting a new IP, just by powering off my DSL router, but I would be worried that anyone had cracked my real IP.
You have a chance of producing a novel containing ‘the Straight Dope’.
I had a hard time making sense of that analogy about the extensions and modems. How about: you phone a telephone number (= IP address) then add an extension (= port number), causing a phone to ring somewhere in the building. If somebody happens to be near the phone they pick it up (= if some server process is listening on that port, it responds). With some smooth talking, or if that person is corrupt, you get the suggestible/corrupt person to do your bidding (= you know of some exploit in the software, or it is malicious software placed there beforehand).
Also it’s Domain Name System, not Dynamic Name Server.
I stand corrected on DNS
The main problem is that some Ports do auto-answer, Steve Gibson is good on that one.
If you have malicious software already installed then all bets are off, the chances are that it will be ringing out.
Only in the sense that some process or server is answering them, surely.
Near future storyline, and he’s supposed to be one of the best. He can break into pretty much anything. It’s just that this time, someone caught him doing it. Mostly I just need him out of the picture so my heroine has to complete her mission without his help.