Navy Network Information Center (NNIC) tries to crack and hack this website
Some peope using IP addresses 22.214.171.124 and 126.96.36.199,
identified as United States Navy Network Information Center (nnic) in Chesapeake, Virginia, United States,
on 13 Feb 2013 timed 02:07:56 and 02:08:06, Jakarta time,
has been detected of using Rippers to access this website.
03-20-2011, 09:07 PM
I’m wondering how unusual it is to get hits from these agencies: Homeland Security in DC, USAISC (United States Army Information Systems Command) and NNIC (Navy Network Information Center). The last one had four sequential IP addresses showing four separate hits all at the same time more or less and all looking at the same pages with small differences in sequence or specific page.
I had them all in that order. I’m not expressing paranoia, on the contrary, I would like them to be examining the info on my website as closely as possible as it gives the location of a historical site that needs to be recognized and protected.
I’m wondering how much I can read into these visits if anything. usaisc seems to do a lot of checking around on the net.
03-27-2011, 03:11 AM
186 views and no replies must mean no one else gets these types of hits, and I’m free to assume I”ve mobilized the US armed forces.
I also got visits from the Florida Legislature, the state of Delaware, and the state of Minnesota – can that just be people using computers on those servers to surf around the web?
All this started after I contacted a cartography expert at a US college and asked him to spread the news after he confirmed the correct reading of Piri Reis map on the website. Someone at that college spent 7 hours on the website shortly after I sent the email – except that statcounter only shows him/her accessing the index page (twice, short first visit) with no referring link and then leaving again 7 hrs later with no page views in between.
Last edited by Jarthur; 03-27-2011 at 03:16 AM. Reason: clarity
Thursday, September 03, 2009
Navy Network Information Center
Update: 6/9/2011: This is probably the post where I get the most hits, and before I get any more crazy comments (which are moderated), I thought I would set the record straight. I have since learned that NNIC shows up ANY time someone is accessing my blog (or anyone’s site) from a Navy Controlled computer. Whether that be some admiral in Washington DC, a petty officer on the Enterprise, or a land locked recruiter at his computer in Kansas City, it will all show up the same. So conspiracy theorists, put your theories to rest. No one is stalking you.
I am intrigued. Someone from here has been scoping me out more than once! Apparently they find my ebay purchases and VS PINK pants exciting. I am sure I have been flagged because I occasionally talk about our crazy navy life. Or perhaps the crazy women of the San Juan have started to ruffle more feathers than those of the BB housing office. Perhaps they are worried I am going to divulge national secrets amongst my my musings. No secrets to be had here. I think that is the one thing that I find most annoying…I can ask my husband a question that seams pretty innocent, but the lack of comment and the nasty look that follows indicates that information is not for my ears. I love secrets, and living with a man who has more than me is a royal PITA. Honestly, I could really care less about classified submarine tactics. I just don’t like it that he knows something I don’t know. (Seriously, if he knew how many licks it took to get to the center of the tootsie roll pop, and couldn’t tell me….it would drive me insane!) I will have to live with this disappointment. I will have to be satisfied knowing that he did something very cool or very boring in the time he spends away from me, and thats about it. Occasionally I hear stories about the removing of stateroom doors and san tanks exploding. I get to hear about the mushroom omelets, float tests, and the halo marathons. I suppose these topics are probably the most exciting day to day activities for him anyway.
I will continue to be intrigued that Big Brother is watching…maybe they will leave a comment next time!
John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms (eleven architecture-specific flavors of Unix, DOS, Win32, BeOS, and OpenVMS).
It is one of the most popular password testing and breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker.
It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash.
Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL, and others.
One of the modes John can use is the dictionary attack. It takes text string samples (usually from a file, called a wordlist, containing words found in a dictionary), encrypting it in the same format as the password being examined (including both the encryption algorithm and key), and comparing the output to the encrypted string. It can also perform a variety of alterations to the dictionary words and try these. Many of these alterations are also used in John’s single attack mode, which modifies an associated plaintext (such as a username with an encrypted password) and checks the variations against the encrypted hashes.
John also offers a brute force mode. In this type of attack, the program goes through all the possible plaintexts, hashing each one and comparing it to the input hash. John uses character frequency tables to try plaintexts containing more frequently used characters first. This method is useful for cracking passwords which do not appear in dictionary wordlists, but it does take a long time to run.
Rippers, John The Ripper, is a prominent password cracker program. John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, plus lots of other hashes and ciphers in the community-enhanced version.
John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of “native” packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance.
Proceed to John the Ripper Pro homepage for your OS:
Download one of the latest official free versions (release notes):
Download the latest community-enhanced version (release notes, previous release notes):
This version integrates lots of contributed patches adding GPU support (CUDA and OpenCL), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features. Unfortunately, its overall quality is lower than the official version’s. Requires OpenSSL 0.9.7 or newer. There are unofficial binary builds (by John the Ripper user community members) for Windows, Linux, Solaris, and Mac OS X.
To verify authenticity and integrity of your John the Ripper downloads, please use our PGP public key. You will most likely need to download a “Windows – binaries” archive above. However, if you choose to download the source code instead (for a specific good reason), then please refer to these pages on how to extract John the Ripper source code from the tar.gz and tar.bz2 archives and how to build (compile) it. You may also consider the patches and unofficial builds on the contributed resources list further down this page.
These and older versions of John the Ripper, patches, unofficial builds, and many other related files are also available from the Openwall file archive.
You may browse the documentation for John the Ripper online, including a summary of changes between versions. Also relevant is our presentation on the history of password security.
There’s a wiki section with John the Ripper user community resources. The more experienced users and software developers may browse the source code for John the Ripper online, along with revision history information for each source file.
There’s a collection of wordlists for use with John the Ripper. It includes lists of common passwords, wordlists for 20+ human languages, and files with the common passwords and unique words for all the languages combined, also with mangling rules applied and any duplicates purged.
Additionally, you may download or purchase Openwall GNU/*/Linux on a CD, which includes a pre-built copy of John the Ripper 1.7.8 ready for use without requiring another OS and without having to install on a hard disk (although that is supported). You may not even have a hard disk, or it may be fully occupied by an existing OS install which won’t be used or touched. You just boot off the CD, enter the shell (bash and tcsh are included), optionally configure networking with the setup tool (say, if you need to transfer password files to the RAM disk), and start using John! The CD-booted system is fully functional, you may even let it go multi-user with virtual consoles and remote shell access. Besides John, also included and available for use right off the CD are Nmap port scanner, SSH (OpenSSH), FTP (lftp, vsftpd), and Telnet clients and servers, a text Web browser with SSL support (ELinks), an SMTP mail system (Postfix), a POP3 daemon (popa3d), a MUA with POP3 and IMAP client support (Mutt), and more.
An implementation of one of the modern password hashes found in John is also available separately for use in your software or on your servers.
There’s a proactive password strength checking module for PAM-aware password changing programs, which can be used to prevent your users from choosing passwords that would be easily cracked with programs like John.
We may help you integrate modern password hashing with crypt_blowfish and/or proactive password strength checking with pam_passwdqc into your OS installs, please check out our services.
There’s a mailing list where you can share your experience with John the Ripper and ask questions. Please be sure to specify an informative message subject whenever you post to the list (that is, something better than “question” or “problem”). To subscribe, enter your e-mail address below or send an empty message to <john-users-subscribe at lists.openwall.com>. You will be required to confirm your subscription by “replying” to the automated confirmation request that will be sent to you. You will be able to unsubscribe at any time and we will not use your e-mail address for any other purpose or share it with a third party. However, if you post to the list, other subscribers and those viewing the archives may see your address(es) as specified on your message. The list archive is available locally, as well as via Gmane and MARC. Additionally, there’s a list of selected most useful and currently relevant postings on the community wiki.
A separate mailing list exists for John the Ripper development discussions (that is, if you want to discuss and contribute to the source code). Its archive is available locally. To subscribe, enter your e-mail address below or send an empty message to <john-dev-subscribe at lists.openwall.com>.
Contributed resources for John the Ripper:
- The jumbo patch for 1.7.9, revision 7 (signature)
This patch integrates lots of contributed patches adding GPU support (CUDA and OpenCL), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features. Most likely, this is the only patch you may need to apply. Requires OpenSSL 0.9.7+.
- There are patches, custom builds, benchmarks, parallel and distributed processing instructions, and other information available on the community wiki
- custom builds for Linux (up to 1.7.9-jumbo-5)
- custom builds for Mac OS X (up to 1.7.9-jumbo-6)
- custom builds for Solaris (packages up to 1.7.6, non-packaged up to 1.7.8-jumbo-7)
- custom builds for Android (1.7.8)
- BeOS port of 1.6 and 1.6.29 by Adam Milner
- OpenVMS and SYSUAF.DAT support (signature) by Jean-loup Gailly
OpenVMS executables for Alpha and VAX (signature)
- Local copies of the above files by Jean-loup Gailly and a much newer implementation by David Jones
Local copies of these and many other related patches and packages are also available from the Openwall file archive.
Please refer to the wiki page on how to apply the patches.
John the Ripper is part of Owl, Debian GNU/Linux, EnGarde Linux, Gentoo Linux, Mandriva Linux, and SUSE Linux. It is in the ports/packages collections of FreeBSD, NetBSD, and OpenBSD.
John the Ripper is a registered project with Freecode and Ohloh, and it is listed at SecTools.
Support further work on this software with donations.
Came here looking for password recovery for e-mail accounts or popular file formats (such as Word, Excel, or PDF documents, or ZIP archives) rather than ways to detect weak OS passwords? You’ll find that kind of software at ElcomSoft, Rixler Software, and also in the collection of pointers to password recovery resources available locally.