4) Running Suspicious Programs
If you run a program whose primary use is as a tool to commit computer crime, you are likely to get kicked off your ISP. For example, many ISPs have a monitoring system that detects the use of the program SATAN. Run SATAN from your shell account and you are history. (Note -- you have to be root to install SATAN, so that tells your ISP right away that you have been doing no-nos. But even hacker programs tha you can install as an ordinary user can get you into trouble, too.) 

**********************************************************
Newbie note: SATAN stands for Security Administration Tool for Analyzing Networks. It basically works by telnetting to one port after another of the victim computer. It determines what program (daemon) is running on each port, and figures out whether that daemon has a vulnerability that can be used to break into that computer. SATAN can be used by a sysadmin to figure out how to make his or her computer safe. Or it may be just as easily used by a computer criminal to break into someone else's computer. (And SATAN is now out of date. Run SAINT instead -- from your own computer, on your own network, or you may get kicked off your ISP. SAINT comes with SuSE Linux)
***********************************************************
5) Storing Suspicious Programs
It's nice to think that the owners of your ISP mind their own business. But they don't. They snoop in the directories of their users. They laugh at your email. OK, maybe they are really high-minded and resist the temptation to snoop in your email. But chances are high that they will snoop in your shell log files that record every keystroke you make while in your shell account. If they don't like what they see, next they will be prowling your program files.

One solution to this problem is to give your evil hacker tools innocuous names. For example, you could rename SATAN to ANGEL. But your sysdamin may try running your programs to see what they do. If any of your programs turn out to be commonly used to commit computer crimes, you are history.

Wait, wait, you are saying. Why get a shell account if I can get kicked out even for legal, innocuous hacking? After all, SATAN is legal to use. In fact, you can learn lots of neat stuff with SATAN. Most hacker tools, even if they are primarily used to commit crimes, are also educational. Certainly if you want to become a sysadmin someday you will need to learn how these programs work.

Sigh, you may as well learn the truth. Shell accounts are kind of like hacker training wheels. They are OK for beginner stuff. But to become a serious hacker, you either need to find an ISP run by hackers who will accept you and let you do all sorts of suspicious things right under their nose. Yeah, sure. Or you can install some form of Unix on your home computer. But that's another Guide to (mostly) Harmless Hacking (Vol. 2 Number 2: Linux!).
 
If you have Unix on your home computer and use a PPP connection to get into the Internet, your ISP is much less likely to snoop on you. Or try making friends with your sysadmin and explaining what you are doing. Who knows, you may end up working for your ISP!

In the meantime, you can use your shell account to practice just about anything Unixy that won't make your sysadmin go ballistic.

************************************************************
Would you like a shell account that runs industrial strength Linux -- with no commands censored? Want to be able to look at the router tables, port surf all.net, and keep SATAN in your home directory without getting kicked out for suspicion of hacking? Do you want to be able to telnet in on ssh (secure shell)so no one can sniff your password? Are you willing to pay $30 per month for unlimited access to this hacker playground? How about a seven day free trial account? Email haxorshell@techbroker.com for details.
************************************************************

In case you were wondering about all the input from jericho in this Guide, yes, he was quite helpful in reviewing this and making suggestions. Jericho is a security consultant and also runs his own Internet host, obscure.sekurity.org. Thank you, jericho@dimensional.com, and happy hacking!

_________________________________________________________

Want to share some kewl stuph with the Happy Hacker list? Correct mistakes?  To send me confidential email (please, no discussions of illegal activities) use cmeinel@techbroker.com and be sure to state in your message that you want me to keep this confidential. If you wish your message posted anonymously, please say so! Direct flames to dev/null@techbroker.com. Happy hacking!
Copyright 1997 Carolyn P. Meinel. You may forward or post this GUIDE TO (mostly) HARMLESS HACKING on your Web site as long as you leave this notice at the end.