Various off topic questions

[WallShadow]

Good morning HTS,

It's been a while. With Sandy stopping in town this week, we sat down, poured some tea, and lit a candle while discussing our infinite qualms with lack of electricity and gasoline. A few questions came to mind in my period of my insanity:

1. If I design a scanner which slowly and methodically lists every IP in order and connects via HTTP to each one and sends each both a HEAD request and an OPTIONS request, would anyone go after me for that? Would you use a VPN to do something like this? Or does no one really care?

2. I've been googling this for a while but can't seem to find an answer. On Windows systems, if you have a domain of usernames established, what is the system that is used in requesting, receiving, and so forth, from the resolution server? Are there any logs created in the process of requesting a login, whether successful or failing?

3. This I've been searching for a month now; is there any way to create/edit/access files on windows systems without your username being written to the authors field?

Thanks for reading!

- WallShadow <3

[0phidian]

1. If I design a scanner which slowly and methodically lists every IP in order and connects via HTTP to each one and sends each both a HEAD request and an OPTIONS request, would anyone go after me for that? Would you use a VPN to do something like this? Or does no one really care?

I actually remember someone doing something similar with nmap, methodically scanning every ip address. However every IP address included some semi-secret government systems, so the guy had feds knocking on his door. I dont think he was ever charged with anything though. His ISP also thought his computer was infected with malware and was a bot, so they shut off his connection and gave him a call. He told them his machine was not infected and he was doing it on purpose. They didnt like that very much.

[WallShadow]

1. If I design a scanner which slowly and methodically lists every IP in order and connects via HTTP to each one and sends each both a HEAD request and an OPTIONS request, would anyone go after me for that? Would you use a VPN to do something like this? Or does no one really care?

I actually remember someone doing something similar with nmap, methodically scanning every ip address. However every IP address included some semi-secret government systems, so the guy had feds knocking on his door. I dont think he was ever charged with anything though. His ISP also thought his computer was infected with malware and was a bot, so they shut off his connection and gave him a call. He told them his machine was not infected and he was doing it on purpose. They didnt like that very much.

Ah, thanks, so I should probably do it through a way that it wouldn't be registered as virus activity, and possibly also have it skip over any government-assigned blocks of ips.

[Acidiferous]

I actually remember someone doing something similar with nmap, methodically scanning every ip address. However every IP address included some semi-secret government systems, so the guy had feds knocking on his door. I dont think he was ever charged with anything though. His ISP also thought his computer was infected with malware and was a bot, so they shut off his connection and gave him a call. He told them his machine was not infected and he was doing it on purpose. They didnt like that very much.

You story reminds me about this: http://www.youtube.com/watch?v=Hk-21p2m8YY

[weekend hacker]

I like to think port scanning in itself is not illegal but it would probably be against your ISPs terms of service/acceptable use policy. You should read it and find out.
They 'probably' won't sue for that though, at most they'd cut off your internet and blacklist you. But they probably wouldn't even do that.
There is a big debate(wel.. big as far as hacker terms go) on the legality of port scanning, you should check out http://nmap.org/book/legal-issues.html



But remember, terms of service can say that they don't permit behaviour even if that behaviour is totally legal.

[LoGiCaL__]

Are there any logs created in the process of requesting a login, whether successful or failing?

Under event viewer within the security log. It logs logins either successful or failed.