Controla tu fututo
  my proyect secret Y.A.D.I.R.A.


Tracing route to []

over a maximum of 30 hops:

1 * * * Request timed out.

2 150 ms 144 ms 138 ms

3 375 ms 299 ms 196 ms []

4 271 ms * 201 ms []

5 229 ms 216 ms 213 ms []

6 223 ms 236 ms 229 ms []

7 248 ms 269 ms 257 ms []

8 178 ms 212 ms 196 ms []

9 316 ms * 298 ms []

10 315 ms 333 ms 331 ms

11 * * * Request timed out.

12 * * * Request timed out.

13 reports: Destination net unreachable.

What the heck is all this stuff? The number to the left is the number of computers the route has been traced

through. The "150 ms" stuff is how long, in thousandths of a second, it takes to send a message to and from

that computer. Since a message can take a different length of time every time you send it, tracert times the

trip three t imes. The "*" means the trip was taking too long so tracert said "forget it." After the timing info

comes the name of the computer the message reached, first in a form that is easy for a human to remember,

then in a form -- numbers -- that a computer prefers.

"Destination net unreachable" probably means tracert hit a firewall.

Let's try the second AOL domain server.


Tracing route to []

over a maximum of 30 hops:

1 * * * Request timed out.

2 142 ms 140 ms 137 ms

3 246 ms 194 ms 241 ms []

4 154 ms 185 ms 247 ms []

5 475 ms 278 ms 325 ms [192.103.74.


6 181 ms 187 ms 290 ms [


7 162 ms 217 ms 199 ms []

8 210 ms 212 ms 248 ms []

9 207 ms * 208 ms []

10 338 ms 518 ms 381 ms

11 * * * Request timed out.

12 * * * Request timed out.

13 reports: Destination net unreachable.

Note that both tracerts ended at the same computer named Since AOL is

headquartered in Reston, Virginia, it's a good bet this is a computer that directly feeds stuff into AOL. But

we notice that ,, and all have numerical names beginning with 140, and names that end with "" So

it's a good guess that they all belong to the same company. Also, that "t3" in each name suggests these

computers are routers on a T3 communications backbone for the Internet.

Next let's check out that final AOL domain server:


Tracing route to []

over a maximum of 30 hops:

1 * * * Request timed out.

2 138 ms 145 ms 135 ms

3 212 ms 191 ms 181 ms []

4 166 ms 228 ms 189 ms []

5 148 ms 138 ms 177 ms [192.103.74.


6 284 ms 296 ms 178 ms [


7 298 ms 279 ms 277 ms []

8 238 ms 234 ms 263 ms []

9 301 ms 257 ms 250 ms []

Trace complete.

Hey, we finally got all the way through to something we can be pretty certain is an AOL box, and it looks

like it's outside the firewall! But look at how the tracert took a different path this time, going through Atlanta

instead of St. Louis and Reston. But we are still looking at addresses with T3s, so this last

nameserver is using the same network as the others.

Now what can we do next to get really wondering if you could actually break into his

account? We're going to do some port surfing on this last AOL domain name server! But to do this we need

to change our telnet settings a bit.

Click on Terminal, then Preferences. In the preferences box you need to check "Local echo." You must do

this, or else you won't be able to see everything that you get while port surfing. For some reason, some of

the messages a remote computer sends to you won't show up on your Win 95 telnet screen unless you

choose the local echo option. However, be warned, in some situations everything you type in will be

doubled. For example, if you type in "hello" the telnet screen may show you "heh lelllo o. This doesn't mean

you mistyped, it just means your typing is getting echoed back at various intervals.

Now click on Connect, then Remote System. Then enter the name of that last AOL domain server, dnsaol. Below it, for Port choose Daytime. It will send back to you the day of the week, date and time of

day in its time zone.

Aha! We now know that is exposed to the world, with at least one open port, heh, heh. It is

definitely a prospect for further port surfing. And now your friend is wondering, how did you get something

out of that computer?

[vt100] InterNIC > whois

Connecting to the rs Database . . . . . .

Connected to the rs Database

ANS CO+RE Systems, Inc. (ANS-DOM)

100 Clearbrook Road

Elmsford, NY 10523

Domain Name: ANS.NET

Administrative Contact:

Hershman, Ittai (IH4) ittai@ANS.NET

(914) 789-5337

Technical Contact:

ANS Network Operations Center (ANS-NOC)


Zone Contact:

ANS Hostmaster (AH-ORG) hostmaster@ANS.NET

(800)456-6300 fax: (914)789-5310

Record last updated on 03-Jan-97.

Record created on 27-Sep-90.

Domain servers in listed order:



... and this is what I get

250 The following SMTP commands are recognized:


250 HELO hostname startup and give your hostname

250 MAIL FROM:<sender address> start transaction from sender

250 RCPT TO:<recipient address> name recipient for message

250 VRFY <address> verify deliverability of address

250 EXPN <address> expand mailing list address

250 DATA start text of mail message

250 RSET reset state, drop transaction

250 NOOP do nothing

250 DEBUG [level] set debugging level,default 1

250 HELP produce this help message

250 QUIT close SMTP connection

Let’s next do the obvious. The header says this post was composed on the host So we telnet

to its nntp server (port 119):

telnet 119

We get back:

Trying ...

telnet: connect: Connection refused

find  / -perm +4000 2>/dev/null

  Hoy habia 1 visitantes (1 clics a subpáginas) ¡Aqui en esta página!  
=> ¿Desea una página web gratis? Pues, haz clic aquí! <=