Zapatista Tribal Port Scan: A Demonstration Tool
From
ricardo dominguez <rdom@thing.net>
Date
Mon, 15 Jan 2001 20:27:28 -0500
[: hacktivism :]
Zapatista Tribal Port Scan:
A Demonstration Tool
by the Electronic Disturbance Theater
Chiapas, Mexico - January 3rd, 2000 - the Zapatista Air Force "bombarded"
the federal barracks of the Mexican Army with hundreds of paper airplanes.
Each airplane carried a message of peace for the Mexican Army soldiers
monitoring the borders of the Zapatista communities. In remembrance of
this event the Electronic Disturbance Theater (EDT) releases a demonstration
of this electronic translation of the Zapatista Air Force Action:
the Zapatista Tribal Port Scan.* A direct-action tool for net.activist,
net.artists, and net.hacktivist everywhere.
*For the source code distributed on Jan, 3, 2000 by EDT of the
"zapatista tribal port scan (ZTPS)", go to EDT’s homepage.**
Electronic Disturbance Theater
http://www.thing.net/~rdom/ecd/ecd.html
P.S. On December 2, 2000, subcomandante Marcos announced that
the central command of the Zapatista National Liberation Army (EZLN)
will travel to Mexico City in February, to lobby for passage of the
San Andres Accords. For Marcos and the Zapatista leadership, this
will be their first public appearance outside of Chiapas since their
uprising began in 1994. In announcing their historic trip to Mexico City,
Marcos has invited the accompaniment of national and international civil society
to join the Zapatistas from February 24 to March 10. The trip to Mexico City
will start in San Cristóbal de Las Casas, Chiapas, on February 24 and
end in Mexico City on March 6. The Electronic Disturbance Theater will
join the procession - we invite all of you to join also.
Zapatista March 2001
http://www.ezlnaldf.org
Zapatistas
http://www.ezln.org
***[[Message Sideload]]***
Zapatista Army of National Liberation.
Mexico.
January 12, 2001.
To Civil Society:
Madame:
I am writing to you while it is raining and we are waiting here for the
return of the companeros and companeras who went to the march in San
Cristobal de Las Casas. In a manner which is not customary for us, we are
trying to keep you informed as to how things are going here through letters
like this.
The Zapatista Information Center's mailbox has been quickly filling, being
emptied, and filling up again. Greetings and mobilization proposals from
various states in the Republic are arriving. In the D.F., for example, a
very detailed proposal came from U.A.M. which, however, presents serious
inconveniences. For example, they invite us to dine, but how are we going
to eat with our ski-masks on? Ah, really? So the promises about improving
the menu are of no use if, whenever they want, we're going to end up being
fed intravenously. In Ciudad Juarez, Chihuahua, they were handing out
flyers in the streets today, and in Tijuana, B.C., they held a rally. From
Guanajuato, Morelos, Oaxaca, Puebla and Hidalgo, they are asking us for the
dates and our itinerary in their states. Fine, we're going to make this
public when we have it ready. Don't worry, and have the parties ready.
On the international level, the influx is no less: a delegation of
Italians, between 200 and 300 persons, confirmed that they will be arriving
in Mexico in February, and they'll be prepared for being expelled. From
San Francisco, California, U.S., they are advising us they will be coming
to accompany the delegation, and they will be informing the "Frisco"
community of everything that happens along the route and during the stay in
the D.F. From Switzerland, they have confirmed the attendance of a
delegation. We are being advised of the same from Argentina and France.
In the State of Spain, they don't stop. In addition to hanging from towers
and mountains, they are going to set out (they don't say by what means, but
I imagine it won't be walking) to throw themselves into the entire route.
Something verrry important: accommodations. And I'm not referring to the
accommodations for the zapatista delegation, but those for all the people
who, from the states of the Republic and from other parts of the world, are
going to participate in the march along with us. An idea: that
organizations and groups which can offer places to put people up please
advise the Zapatista Information Center, and the "pilgrims" can then be
informed.
Concerning the technological breakthroughs, I am informing you that the Web
page is now functioning. The address is: http://www.ezlnaldf.org I am
taking the opportunity to make a request of all the web pages that already
exist, or which refer to the zapatones and their movement: please put in a
"link" or "pass", or whatever it's called, so that those visiting your
pages can also have access to the one about the current mobilization. We
also have our e-mail address now. The address is: ciz@ezlnaldf.org
Good, that's how things are up to now. We'll be passing along more
information to you in the next one.
Vale. Salud, and may peace come soon dot com.
>From the mountains of the Mexican Southeast.
Subcomandante Insurgente Marcos.
Mexico, January of 2001.
http://www.ezlnaldf.org
**[[Switch_Over]]**
Zapatista Tribal Port Scan: A Demonstration Tool.
What is a port?
A port is an abstraction for the connection points used for network services,
such as e-mail and the WWW. Every computer connected to the Internet
has 65536 ports through which other computers on the net might establish
socket connections. Common services such as http (the web) and e-mail are
implemented as socket connections, using standard ports such as 80 (http),
and 25 (smtp).
What is a port scan?
It is possible, actually common, to attempt to make a socket connections
on a server's multitude of ports in order to determine what services reside
on that machine. Why scan ports? Port scans should be non-controversial.
If your machine is connected to the Internet, you are exposing all of your
ports, and you should expect connection attempts on any of them. Because
a port scan is sometimes, very rarely, a prelude to hacking attempts,
many fascist leaning system administrators mistakenly classify the port
scan itself as a hostile act. But just because a port scan may on rare occasions
reveal an exploitable weakness, it is not the same as actually exploiting
the weakness. It is no different in principle from counting the windows
and doors of a secure building from a public sidewalk. If a machine is
on the public Internet, the ports are visible from that public sidewalk.
It is the responsibility of building security to evaluate any threat, no
law can be passed against looking. (Except under fascism, of course.)
Who is paranoid about their ports?
Typically it is the most powerful who can afford the high cost
of total paranoia. Some systems utilize sophisticated security
software that report on every attempted connection, or warn
administrators about large numbers of unusual connection
attempts. From this you may draw your own conclusions about
exactly whose machines and people are likely to pay attention
to the kind of tribal scan that ZTPS performs.
What is Tribal?
Tribal is a term that refers to the use of more than one computer
(their different network identities), to distribute the work.
The Zapatista Tribal Port Scan uses the Java Virtual Machine
available in all standard web browsers to implement the port scan.
The participating user simply visits the web site URL of a ZTPS
implementation, and the scanning begins. Designed to be opened
in a smallish browser window and minimized for all day
scanning at home, work, or school, the ZTPS applet will scan
a random port on a particular machine (chosen by the
implementers posting the ZTPS site), from once per minute
to once per hour, selectable by the user. Using both TCP and
UDP socket connections, ZTPS may be configured to
randomly select from an implementer selected list of
text messages, some of which may be logged by targeted
machines. (Messages flying over the fence.) A download
button in the applet interface makes it easy for users to
download ready-to-implement software, and full source
code for their own purposes. ZTPS effectiveness improves
with the number of participating user/activists, so collective
participation, as always, is very important.
Why a Zapatista Port Scan?
The Zapatistas are winning the war. Their intelligent and calculated
application of the responsibility to risk, their creativity and conceptual
edge in terms of activism, and their commitment to provocative
transgressions that turn the opposition's borders into Zapatista assets,
all point toward port scanning as an activist tool, and conceptual art.
(Remember that Subcomandante Marcos was a Professor of Digital Media. ;-)
EDT offers ZTPS to the community of net.activist, net.artists, and
net.hacktivist with a few requests: please improve, mutate, grow
and spread the code.
(Click the download button in the ZTPS interface for a complete archive.)
Please also think of the system administrators who will pick
up your packet airplanes with a poem when they land in the
security logs on the other side of the fence;-)
Implementation
There are two ways to implement ZTPS on the client side.
1.The participant/user enters the URL of a signed ZTPS implementation
their web browser. The ZTPS then loads into the web browser and
begins scanning the domain pre selected by the implementers of
the ZTPS web site. Code signing is necessary, because the ZTPS
applet must be granted special permission to make a network
socket connection to any server other than the one from which
it itself loaded. (*see demonstration link below for an unsigned sample.)
2.Participants or users may download ZTPS, and run it locally
as a Java application. When running ZTPS as an application,
there are no applet security restrictions, so code signing is unnecessary.
When used as an application, the user can choose which site to
scan instead of having that choice made by the implementers
of a ZTPS web site.
Download Archive Here
*Visit ZTPS a demonstration of the ZTPS concept and interface here.
Go here:
http://cadre.sjsu.edu/beestal/ztps/
This demo is hosted by the Computers in Art, Design, Research
and Education Digital Media Laboratory at San Jose State University.
(CADRE)
Code signing:
If you wish to implement ZTPS via the web as an applet, you will need to
acquire a code signing certificate from a certification authority and
sign the applet code. This will enable the mobile code to ask the
individual user for permission to make the network connections
necessary to scan a third site. If you do not, the applet will not
connect to the target server, giving output similar to this:
port 63351: trying TCP="tactical media"; no connection;
com.ms.security.SecurityExceptionEx[socketChecker.run]: cannot connect to
"www.whitehouse.gov"
This is because the applet loaded from (in this case) cadre.sjsu.edu
is trying to connect to another server (www.whitehouse.gov).
The target server is not being scanned. The only work around for
a Mass Demonstration is to sign the applet code (which may
require code modification for some browsers), or to encourage
users to download the ZTPS archive and run it as a Local Application.
Java Code signing resources:
Excellent educational resource by Roedy Green
http://www.mindprod.com/certificate.html
http://www.securingjava.com
Signing Classes with the Netscape Object Signing Tool:
http://www.securingjava.com/appdx-c/appdx-c-1.html
Signing Java Applets with Microsoft's Authenticode
http://www.securingjava.com/appdx-c/appdx-c-2.html
Get a Certificate
http://www.verisign.com
http://www.thawte.com/
Get Java
Users who wish to run ztps as an application can refer to the
following resources. You will need to download a Java virtual machine
suitable for Java 1.1.x programs.
Sun's Java site:
http://java.sun.com/
Java 2 Platform - install the Java runtime environment
on your system and you can run ztps as a desktop
application:
http://java.sun.com/j2se/1.3/
Related links on port scanning
Wired articles on the Draft Convention
on Cyber-crime, a proposed international treaty that
could make port scan illegal world wide.
Privacy a Likely Loser in Treaty
Dec 7th 2000
http://www.wired.com/news/politics/0,1283,40576,00.html
"[The treaty] could also make it illegal to distribute some
kinds of security products used by system
administrators to secure their networks against intruders."
Police Treaty a Global Invasion?
October 17th 2000
http://www.wired.com/news/politics/0,1283,39519,00.html
"Technical experts have said Article 6 of the measure,
titled "Illegal Devices," could ban commonplace
network security tools like crack and nmap, which
is included with Linux as a standard utility."
(nmap is a sophisticated port scanner)
Draft Convention onCyber-crime (Council of Europe)
http://conventions.coe.int/treaty/EN/projets/projets.htm
Wired article on Norwegian Supreme Court Decision:
Let the Web Server Beware
Dec 23 1998 http://www.wired.com/news/politics/0,1283,17024,00.html
"The essence of [the ruling] is that if you want to join the Internet,
you have to assure that you're protected," said Gunnel Wullstein,
president and CEO of Norman Data Security. "If you don't want to be
visited, close your ports."
[[Message_Out]]
Zapatista Tribal Port Scan: A Demonstration Tool.
By
Electronic Disturbance Theater
In Solidarity with the Zapatistas
EDT
http://www.thing.net/~rdom/ecd/ecd.html
EZLN
http://www.ezln.org
Zapatista March 2001
http://www.ezlnaldf.org
[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]