RE: Chasing the kiddies (was: Named Keep crashing)

From owner-freebsd-isp Wed Apr 4 13:15: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id ADB1A37B72B for ; Wed, 4 Apr 2001 13:14:58 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 16:28:46 -0400 Message-ID: From: "Drew J. Weaver" To: "'FreeBSD-ISP@FreeBSD.org'" Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 16:28:44 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD45.D8D3E0B2" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD45.D8D3E0B2 Content-Type: text/plain; charset="iso-8859-1" And people that say that port scanning is harmless, port scanning is just a precursor to being 'rooted' its not going to be the last thing you hear from a script kiddie, its not like someone port scans your box[if insecure] and then just leaves, (i guess then it would be harmless) then they try to hack into it (naturally). -Drew -----Original Message----- From: Scott Lambert [mailto:lambert@cswnet.com] Sent: Wednesday, April 04, 2001 3:56 PM To: FreeBSD-ISP@FreeBSD.org Subject: Re: Chasing the kiddies (was: Named Keep crashing) On Wed, Apr 04, 2001 at 01:16:19PM -0600, Forrest W. Christian wrote: > Date: Wed, 4 Apr 2001 13:16:19 -0600 (MDT) > From: "Forrest W. Christian" > To: Kal Torak > Cc: Enno Davids , freebsd-isp@FreeBSD.ORG > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > On Wed, 4 Apr 2001, Kal Torak wrote: > > > Why should network scanning be a crime at all? If anything should be a crime > > its sloppy admins that let there networks get comprimised... > > But when after you scan, you break in and destroy data, THAT should be the > crime I'm talking about. > > What you don't realize is that a lot of these attacks are now automated > rootkits which basically scan for the hole and if they find it, ROOT YOUR > MACHINE. > > This is wrong. These people who don't think scanning is a problem bother me. I don't have time to hunt down all the scanning kiddies, but I don't like them. I do hunt down the ones I get complaints on. Scanning a network is just like "casing" a neighborhood in my book. The police will stop you and check your background and want to know if you have any business in the area if someone reports you to them. The police call it suspicious behaviour which gives them probable cause to stop the bad guy. They get what information they can from him and if he is not (yet) wanted they let him go. But they watch him. They remember he was in the area and if any complaints do come in they go grab him first. I do the same thing with my scanning kiddies. My kiddies who go scanning my network or other people's networks get a phone call. I talk to their parents and tell them their kids are on the wrong road and could wind up in jail if they ever open one of those doors. Hopefully the parents can straighten the kids out. I hope the kids tell the other kids that they got busted. It lets them know they can get in trouble for it and will hopefully discourage them. I just wish I could go visit them physically so I could make certain they were scared before I let them go. Entering a computer system is breaking and entering. Send them to jail. It doesn't matter if they immediately left without doing anything. If anyone enters my home through a window I have left open for ventilation at night, they could very possibly be shot or bludgeoned about the head and shoulders by a baseball bat or whatever other blunt or sharp object I find first. They will most likely end up in jail. It makes no difference that the window was open. You just don't cross those lines. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C0BD45.D8D3E0B2 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Chasing the kiddies (was: Named Keep crashing)

And people that say that port scanning is harmless, = port scanning is just a precursor to being 'rooted' its not going to be = the last thing you hear from a script kiddie, its not like someone port = scans your box[if insecure] and then just leaves, (i guess then it = would be harmless) then they try to hack into it (naturally). =

-Drew

-----Original Message-----
From: Scott Lambert [mailto:lambert@cswnet.com]=
Sent: Wednesday, April 04, 2001 3:56 PM
To: FreeBSD-ISP@FreeBSD.org
Subject: Re: Chasing the kiddies (was: Named Keep = crashing)

On Wed, Apr 04, 2001 at 01:16:19PM -0600, Forrest W. = Christian wrote:
> Date: Wed, 4 Apr 2001 13:16:19 -0600 = (MDT)
> From: "Forrest W. Christian" = <forrestc@imach.com>
> To: Kal Torak = <kaltorak@quake.com.au>
> Cc: Enno Davids = <enno.davids@metva.com.au>, freebsd-isp@FreeBSD.ORG
> Subject: Re: Chasing the kiddies (was: Named = Keep crashing)
>
> On Wed, 4 Apr 2001, Kal Torak wrote:
>
> > Why should network scanning be a crime at = all? If anything should be a crime
> > its sloppy admins that let there networks = get comprimised...
>
> But when after you scan, you break in and = destroy data, THAT should be the
> crime I'm talking about.
>
> What you don't realize is that a lot of these = attacks are now automated
> rootkits which basically scan for the hole and = if they find it, ROOT YOUR
> MACHINE.
>
> This is wrong.

These people who don't think scanning is a problem = bother me. I don't have
time to hunt down all the scanning kiddies, but I = don't like them. I do
hunt down the ones I get complaints on. =

Scanning a network is just like "casing" a = neighborhood in my book. The
police will stop you and check your background and = want to know if you
have any business in the area if someone reports you = to them. The police
call it suspicious behaviour which gives them = probable cause to stop the
bad guy. They get what information they can = from him and if he is not
(yet) wanted they let him go. But they watch = him. They remember he was
in the area and if any complaints do come in they go = grab him first.

I do the same thing with my scanning kiddies. = My kiddies who go scanning
my network or other people's networks get a phone = call. I talk to their
parents and tell them their kids are on the wrong = road and could wind up
in jail if they ever open one of those doors. = Hopefully the parents can
straighten the kids out. I hope the kids tell = the other kids that they
got busted. It lets them know they can get in = trouble for it and will
hopefully discourage them.

I just wish I could go visit them physically so I = could make certain they
were scared before I let them go.

Entering a computer system is breaking and = entering. Send them to jail.
It doesn't matter if they immediately left without = doing anything. If anyone
enters my home through a window I have left open for = ventilation at night,
they could very possibly be shot or bludgeoned about = the head and shoulders
by a baseball bat or whatever other blunt or sharp = object I find first.
They will most likely end up in jail. It makes = no difference that the
window was open. You just don't cross those = lines.

To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body = of the message

------_=_NextPart_001_01C0BD45.D8D3E0B2-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message