Juped

From Hackepedia
Jump to navigationJump to search

Juped in IRC talk means hijacked TCP connections. Back in a time when TCP connections used a lesser random value to set up their 3 way handshake people "juped" others peoples IRC sessions. Someone on IRC with the nick Jupiter did it first and people called it juping from then on. Juping and Hijacking a clear text session is simple, usually the job ends when it's an encrypted session (SSL or similar).

Juping todays Internet

I did a bit of research to this and came to two conclusions which I mentioned later. I used the ISP freenet to connect/disconnect a pppoe session every minute, which gave me a new IP every time I reconnected. What I intended to see was how someone could possibly hide from active scanners who look for a person to abuse them. This broke several concepts, such as keeping connected to IRC which is a sitting duck in networking. IRC requires you be connected for longer periods of time on the same IP. I also noticed that I received the latest connections from people on the IP before me. Apparently Deutsche Telekom forces a reset on pppoe connections every 24 hours. Anyhow I wrote a small program to take over TCP sessions that had states established and one victim was IRC connections. You then give a few commands on the juped connection to find out who had your IP before that. You can be sure that they weren't gone for more than 4 minutes the TCP default timeout. The conclusion I came to in this all is that an ISP pppoe pool should be as large as possible to allow someone to "hide". It should also give out truely random IP's not sequentially picked IP's because a gang of Internauts can find out when you first connected and for how long you were on the link. And then of course it should quaranteen the IP's to reset any left over connections. The software I wrote for this is not available, but it needs a firewall to catch non-connected states and writes into those sessions.