1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Poll connected to the "Network Admin" thread.

Discussion in 'Legal' started by Jim March, Dec 6, 2004.


Pick one (and I'm making these choices public, which is unusual...)

  1. I think there's probably nothing nefarious going on with this box.

  2. I think there *might* be some "implanted data connection" to allow vote-hacking.

  3. I think there's *probably* some "implanted data connection" to allow vote-hacking.

  1. Jim March

    Jim March Mentor

    Dec 24, 2002
    SF Bay Area
  2. Erich

    Erich Participating Member

    Dec 24, 2002
    Albuquerque, New Mexico
    I'm confused but amused. :) And I didn't vote.
  3. foghornl

    foghornl Mentor

    Dec 27, 2002
    Dieiold is so sloppy and non-security aware that I changed banks when my former bank put in a new bunch of Diebold ATM's. Same transaction now takes about twice as long, because you have to select Engish or Spanish, and then confirm EVERY choice. And you can't complete a transaction from they keypad or the touch-screen exclusively, you have to keep jumping back and forth.
  4. DigitalWarrior

    DigitalWarrior Active Member

    Apr 22, 2003
    Nashua NH
    I am geek.

    I think that there is nothing nefariousabout that message, but there may be some interesting vulnerabilities now that that message has been comprimised.

    Why is the machine specifically denied with a NACK? No answer is not a NACK. Where was it?

    I know what IP range they are using. I would be interested in finding out what would happen if the machine got it's IP. Does it periodically report it's findings?

    You might be able to shut the whole thing down with a DOS by in-lining a custom bit of hardware that screams I am all IPs in the segment, or more devious, in-line a DHCP sever that issues bad IPs (there is no Authentication function with DCHP), orders releases of good ones. All that and in size of a pager.

    What is the authentication process between these?

    I now have a MAC address (and probably a range of MACs that are "Diebold machines"
  5. Flyboy

    Flyboy Participating Member

    Apr 19, 2004
    Oklahoma City, OK

    I can probably help you track this down, but I'll need more information from you. I'm a sysadmin/netadmin by trade (radiology networking), so I'm reasonably familiar with this sort of stuff. If you're interested, PM me, and I'll give you my phone number, or we'll figure something out so I can talk to you a little more directly; it'll be a lot easier to troubleshoot semi-interactively.

    Just as an initial impression, I'm going to guess that this thing is trying to get a DHCP lease because it was originally configured over the network (yes, four years ago, when it was built), and they just never removed the card or disabled it in Windows. Odds are, it's just carelessness (never ascribe to malice that which can be adequately explained by stupidity), but I'll help you figure it out if you like.
  6. why_me

    why_me member

    Dec 3, 2004
    i dont think there is anything nefarious

    but diebolds software is an embarrasment
    there is no hacking involved in hacking it. its totally sick there security implementation.
  7. anapex

    anapex Participating Member

    Jun 10, 2003
    Free at last in PA!
    Without seeing the full logs I can't say for certain but right now it doesn't seem like anything harmful is going on. I can say though that after 3-4 years in the Information Assurance field that I'm GLAD none of my projects looked like Diebolds.
  8. RevDisk

    RevDisk Participating Member

    Apr 27, 2004
    If possible, set up your own network, include a computer with the listed IP address and see what flows. There are dozens of good packet sniffers around. Without access to the machine, I'd say it's likely a development feature or a misconfigured box.

    I'd be rather interested to see what the code looks like. Even if you could nab the code, I assume these Diebold machines have some specialized firmware. Ideally, a Diebold machine plus source code would probably provide a lot of "interesting" facts. Is there any legal way to get your hands on either (or preferably both)?

    From what I gather, Diebold's information assurance is non-existent. Watching the Diebold video Mr March created, I was cringing every ten seconds. To any computer geek, it was painful to watch. Heck, employing MD5 hashes would seem like an excellent way to make sure the data wasn't tampered.

    Unofficial Intro to MD5

    I'd vote that Diebold is extremely incompetent. Bordering on criminal stupidity, ditto for the people that certified the program. Malicious intent, aside from the stupidity, would be a little harder to prove without efficient evidence. In other words, I'm not yet convinced it's an intentional voting rigging attempt.

    It's possible that it could be another way to hack a Diebold machine. (Ie, plug a small computer or PDA into the ethernet port on any Diebold machine, and use it to change data on the Diebold machine. People now use the GameCube to do so on normal networks.
  9. Ham Hock

    Ham Hock New Member

    Dec 27, 2002
    192.168.x.x is reserved for your own network, be it home or business (as has been stated before).

    I usually number my networked computers,, etc, but after 192.168. you can put just about any numbers you want. is not really that unusual.
  10. geekWithA.45

    geekWithA.45 Moderator Emeritus

    Jan 1, 2003
    SouthEast PA
    There's always a _slight_ possibility something shifty is going on, but my take on it is that this is a fairly normal looking config snafu that takes place all the time when staging these sorts of things.

    MS OS's have a LOT of stuff running on them that aren't apparent, even to the skilled eye, and killing off all default, fundamental, and generally desirable behaviors of the system (like finding itself a LAN IP address, for example) is pretty durned hard, as the system will often "helpfully" turn on sub dependent systems for you, and simple requests cascade.

    To make it worse, most of the NT family assumes that they're in play to provide NT services to the network, and have a full complement of Internet and MS related services up and at 'em out of the box.

    This is exactly the sort of thing that would escape the notice of your garden variety, marginally competent QA/config management team.
  11. Dave Markowitz

    Dave Markowitz Mentor

    Dec 24, 2002
    Plymouth Meeting, PA
    Unless and until we are able to see the logs in questions all comments are mere speculation. It would be beneficial to see ALL the logs on the box under investigation.

    From a legal standpoint, unless an adequate chain of custody can be proven the relevance of these logs is iffy.
  12. cfabe

    cfabe Member

    Oct 5, 2003
    NE Ohio and Flint, MI
    I too would like to see the logs, but my initial reaction is that nothing shady is going on here. Nobody in this thread knows exactly how the diebold software works, and how exactly it uses window's networking facilities to connect over the modem, over a direct serial cable, etc. There are numerous situations where sloppy software design could be causing these DHCP messages to be generated. The fact that these messages exist in a log somewhere is not evidence to indicate that the computer is or was ever connected to any unauthorized network. No offense to you jim, but I think you might want to loosen up the tin foil hat a bit.
  13. HEiST

    HEiST member

    Oct 18, 2004
    I think it's proof of Diebold being idiots.
    Last edited: Dec 12, 2004

Share This Page