Date: Wed, 4 Apr 2001 16:32:47 -0400 From: "Drew J. Weaver" <drew.weaver@thenap.com> To: 'Chet Hosey' <chosey@nidhog.com>, FreeBSD-ISP@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) Message-ID: <B1A7D9973EBED3119ADD009027DC8649180F89@mailman.thenap.com>
index | next in thread | raw e-mail
[-- Attachment #1 --] I couldn't imagine any circumstance under which anyone else on the internet needs to know which services are running on a server that I control. So yes, I suppose they are all malicious. -Drew -----Original Message----- From: Chet Hosey [mailto:chosey@nidhog.com] Sent: Wednesday, April 04, 2001 4:16 PM To: FreeBSD-ISP@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) Do you assume that all port scans are malicious? Is there a situation in which a scan would not cause you make such a call? ________________________________________________________________________ Chet Hosey <chosey@nidhog.com> ________________________________________________________________________ On Wed, 4 Apr 2001, Scott Lambert wrote: > On Wed, Apr 04, 2001 at 01:16:19PM -0600, Forrest W. Christian wrote: > > Date: Wed, 4 Apr 2001 13:16:19 -0600 (MDT) > > From: "Forrest W. Christian" <forrestc@imach.com> > > To: Kal Torak <kaltorak@quake.com.au> > > Cc: Enno Davids <enno.davids@metva.com.au>, freebsd-isp@FreeBSD.ORG > > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > > > On Wed, 4 Apr 2001, Kal Torak wrote: > > > > > Why should network scanning be a crime at all? If anything should be a crime > > > its sloppy admins that let there networks get comprimised... > > > > But when after you scan, you break in and destroy data, THAT should be the > > crime I'm talking about. > > > > What you don't realize is that a lot of these attacks are now automated > > rootkits which basically scan for the hole and if they find it, ROOT YOUR > > MACHINE. > > > > This is wrong. > > These people who don't think scanning is a problem bother me. I don't have > time to hunt down all the scanning kiddies, but I don't like them. I do > hunt down the ones I get complaints on. > > Scanning a network is just like "casing" a neighborhood in my book. The > police will stop you and check your background and want to know if you > have any business in the area if someone reports you to them. The police > call it suspicious behaviour which gives them probable cause to stop the > bad guy. They get what information they can from him and if he is not > (yet) wanted they let him go. But they watch him. They remember he was > in the area and if any complaints do come in they go grab him first. > > I do the same thing with my scanning kiddies. My kiddies who go scanning > my network or other people's networks get a phone call. I talk to their > parents and tell them their kids are on the wrong road and could wind up > in jail if they ever open one of those doors. Hopefully the parents can > straighten the kids out. I hope the kids tell the other kids that they > got busted. It lets them know they can get in trouble for it and will > hopefully discourage them. > > I just wish I could go visit them physically so I could make certain they > were scared before I let them go. > > Entering a computer system is breaking and entering. Send them to jail. > It doesn't matter if they immediately left without doing anything. If anyone > enters my home through a window I have left open for ventilation at night, > they could very possibly be shot or bludgeoned about the head and shoulders > by a baseball bat or whatever other blunt or sharp object I find first. > They will most likely end up in jail. It makes no difference that the > window was open. You just don't cross those lines. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message [-- Attachment #2 --] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2650.12"> <TITLE>RE: Chasing the kiddies (was: Named Keep crashing)</TITLE> </HEAD> <BODY> <P><FONT SIZE=2>I couldn't imagine any circumstance under which anyone else on the internet needs to know which services are running on a server that I control. So yes, I suppose they are all malicious.</FONT></P> <P><FONT SIZE=2>-Drew</FONT> </P> <BR> <P><FONT SIZE=2>-----Original Message-----</FONT> <BR><FONT SIZE=2>From: Chet Hosey [<A HREF="mailto:chosey@nidhog.com">mailto:chosey@nidhog.com</A>]</FONT> <BR><FONT SIZE=2>Sent: Wednesday, April 04, 2001 4:16 PM</FONT> <BR><FONT SIZE=2>To: FreeBSD-ISP@FreeBSD.ORG</FONT> <BR><FONT SIZE=2>Subject: Re: Chasing the kiddies (was: Named Keep crashing)</FONT> </P> <BR> <P><FONT SIZE=2>Do you assume that all port scans are malicious? Is there a situation in</FONT> <BR><FONT SIZE=2>which a scan would not cause you make such a call?</FONT> </P> <P><FONT SIZE=2>________________________________________________________________________</FONT> </P> <P><FONT SIZE=2>Chet Hosey</FONT> <BR><FONT SIZE=2><chosey@nidhog.com></FONT> <BR><FONT SIZE=2>________________________________________________________________________</FONT> </P> <P><FONT SIZE=2>On Wed, 4 Apr 2001, Scott Lambert wrote:</FONT> </P> <P><FONT SIZE=2>> On Wed, Apr 04, 2001 at 01:16:19PM -0600, Forrest W. Christian wrote:</FONT> <BR><FONT SIZE=2>> > Date: Wed, 4 Apr 2001 13:16:19 -0600 (MDT)</FONT> <BR><FONT SIZE=2>> > From: "Forrest W. Christian" <forrestc@imach.com></FONT> <BR><FONT SIZE=2>> > To: Kal Torak <kaltorak@quake.com.au></FONT> <BR><FONT SIZE=2>> > Cc: Enno Davids <enno.davids@metva.com.au>, freebsd-isp@FreeBSD.ORG</FONT> <BR><FONT SIZE=2>> > Subject: Re: Chasing the kiddies (was: Named Keep crashing)</FONT> <BR><FONT SIZE=2>> ></FONT> <BR><FONT SIZE=2>> > On Wed, 4 Apr 2001, Kal Torak wrote:</FONT> <BR><FONT SIZE=2>> ></FONT> <BR><FONT SIZE=2>> > > Why should network scanning be a crime at all? If anything should be a crime</FONT> <BR><FONT SIZE=2>> > > its sloppy admins that let there networks get comprimised...</FONT> <BR><FONT SIZE=2>> ></FONT> <BR><FONT SIZE=2>> > But when after you scan, you break in and destroy data, THAT should be the</FONT> <BR><FONT SIZE=2>> > crime I'm talking about.</FONT> <BR><FONT SIZE=2>> ></FONT> <BR><FONT SIZE=2>> > What you don't realize is that a lot of these attacks are now automated</FONT> <BR><FONT SIZE=2>> > rootkits which basically scan for the hole and if they find it, ROOT YOUR</FONT> <BR><FONT SIZE=2>> > MACHINE.</FONT> <BR><FONT SIZE=2>> ></FONT> <BR><FONT SIZE=2>> > This is wrong.</FONT> <BR><FONT SIZE=2>></FONT> <BR><FONT SIZE=2>> These people who don't think scanning is a problem bother me. I don't have</FONT> <BR><FONT SIZE=2>> time to hunt down all the scanning kiddies, but I don't like them. I do</FONT> <BR><FONT SIZE=2>> hunt down the ones I get complaints on.</FONT> <BR><FONT SIZE=2>></FONT> <BR><FONT SIZE=2>> Scanning a network is just like "casing" a neighborhood in my book. The</FONT> <BR><FONT SIZE=2>> police will stop you and check your background and want to know if you</FONT> <BR><FONT SIZE=2>> have any business in the area if someone reports you to them. The police</FONT> <BR><FONT SIZE=2>> call it suspicious behaviour which gives them probable cause to stop the</FONT> <BR><FONT SIZE=2>> bad guy. They get what information they can from him and if he is not</FONT> <BR><FONT SIZE=2>> (yet) wanted they let him go. But they watch him. They remember he was</FONT> <BR><FONT SIZE=2>> in the area and if any complaints do come in they go grab him first.</FONT> <BR><FONT SIZE=2>></FONT> <BR><FONT SIZE=2>> I do the same thing with my scanning kiddies. My kiddies who go scanning</FONT> <BR><FONT SIZE=2>> my network or other people's networks get a phone call. I talk to their</FONT> <BR><FONT SIZE=2>> parents and tell them their kids are on the wrong road and could wind up</FONT> <BR><FONT SIZE=2>> in jail if they ever open one of those doors. Hopefully the parents can</FONT> <BR><FONT SIZE=2>> straighten the kids out. I hope the kids tell the other kids that they</FONT> <BR><FONT SIZE=2>> got busted. It lets them know they can get in trouble for it and will</FONT> <BR><FONT SIZE=2>> hopefully discourage them.</FONT> <BR><FONT SIZE=2>></FONT> <BR><FONT SIZE=2>> I just wish I could go visit them physically so I could make certain they</FONT> <BR><FONT SIZE=2>> were scared before I let them go.</FONT> <BR><FONT SIZE=2>></FONT> <BR><FONT SIZE=2>> Entering a computer system is breaking and entering. Send them to jail.</FONT> <BR><FONT SIZE=2>> It doesn't matter if they immediately left without doing anything. If anyone</FONT> <BR><FONT SIZE=2>> enters my home through a window I have left open for ventilation at night,</FONT> <BR><FONT SIZE=2>> they could very possibly be shot or bludgeoned about the head and shoulders</FONT> <BR><FONT SIZE=2>> by a baseball bat or whatever other blunt or sharp object I find first.</FONT> <BR><FONT SIZE=2>> They will most likely end up in jail. It makes no difference that the</FONT> <BR><FONT SIZE=2>> window was open. You just don't cross those lines.</FONT> <BR><FONT SIZE=2>></FONT> <BR><FONT SIZE=2>> To Unsubscribe: send mail to majordomo@FreeBSD.org</FONT> <BR><FONT SIZE=2>> with "unsubscribe freebsd-isp" in the body of the message</FONT> <BR><FONT SIZE=2>></FONT> </P> <BR> <P><FONT SIZE=2>To Unsubscribe: send mail to majordomo@FreeBSD.org</FONT> <BR><FONT SIZE=2>with "unsubscribe freebsd-isp" in the body of the message</FONT> </P> </BODY> </HTML>help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B1A7D9973EBED3119ADD009027DC8649180F89>