Date: Wed, 4 Apr 2001 16:32:47 -0400 From: "Drew J. Weaver" <drew.weaver@thenap.com> To: 'Chet Hosey' <chosey@nidhog.com>, FreeBSD-ISP@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) Message-ID: <B1A7D9973EBED3119ADD009027DC8649180F89@mailman.thenap.com>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD46.6CD55BBA Content-Type: text/plain; charset="iso-8859-1" I couldn't imagine any circumstance under which anyone else on the internet needs to know which services are running on a server that I control. So yes, I suppose they are all malicious. -Drew -----Original Message----- From: Chet Hosey [mailto:chosey@nidhog.com] Sent: Wednesday, April 04, 2001 4:16 PM To: FreeBSD-ISP@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) Do you assume that all port scans are malicious? Is there a situation in which a scan would not cause you make such a call? ________________________________________________________________________ Chet Hosey <chosey@nidhog.com> ________________________________________________________________________ On Wed, 4 Apr 2001, Scott Lambert wrote: > On Wed, Apr 04, 2001 at 01:16:19PM -0600, Forrest W. Christian wrote: > > Date: Wed, 4 Apr 2001 13:16:19 -0600 (MDT) > > From: "Forrest W. Christian" <forrestc@imach.com> > > To: Kal Torak <kaltorak@quake.com.au> > > Cc: Enno Davids <enno.davids@metva.com.au>, freebsd-isp@FreeBSD.ORG > > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > > > On Wed, 4 Apr 2001, Kal Torak wrote: > > > > > Why should network scanning be a crime at all? If anything should be a crime > > > its sloppy admins that let there networks get comprimised... > > > > But when after you scan, you break in and destroy data, THAT should be the > > crime I'm talking about. > > > > What you don't realize is that a lot of these attacks are now automated > > rootkits which basically scan for the hole and if they find it, ROOT YOUR > > MACHINE. > > > > This is wrong. > > These people who don't think scanning is a problem bother me. I don't have > time to hunt down all the scanning kiddies, but I don't like them. I do > hunt down the ones I get complaints on. > > Scanning a network is just like "casing" a neighborhood in my book. The > police will stop you and check your background and want to know if you > have any business in the area if someone reports you to them. The police > call it suspicious behaviour which gives them probable cause to stop the > bad guy. They get what information they can from him and if he is not > (yet) wanted they let him go. But they watch him. They remember he was > in the area and if any complaints do come in they go grab him first. > > I do the same thing with my scanning kiddies. My kiddies who go scanning > my network or other people's networks get a phone call. I talk to their > parents and tell them their kids are on the wrong road and could wind up > in jail if they ever open one of those doors. Hopefully the parents can > straighten the kids out. I hope the kids tell the other kids that they > got busted. It lets them know they can get in trouble for it and will > hopefully discourage them. > > I just wish I could go visit them physically so I could make certain they > were scared before I let them go. > > Entering a computer system is breaking and entering. Send them to jail. > It doesn't matter if they immediately left without doing anything. If anyone > enters my home through a window I have left open for ventilation at night, > they could very possibly be shot or bludgeoned about the head and shoulders > by a baseball bat or whatever other blunt or sharp object I find first. > They will most likely end up in jail. It makes no difference that the > window was open. You just don't cross those lines. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C0BD46.6CD55BBA Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2650.12"> <TITLE>RE: Chasing the kiddies (was: Named Keep crashing)</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>I couldn't imagine any circumstance under which = anyone else on the internet needs to know which services are running on = a server that I control. So yes, I suppose they are all = malicious.</FONT></P> <P><FONT SIZE=3D2>-Drew</FONT> </P> <BR> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Chet Hosey [<A = HREF=3D"mailto:chosey@nidhog.com">mailto:chosey@nidhog.com</A>]</FONT> <BR><FONT SIZE=3D2>Sent: Wednesday, April 04, 2001 4:16 PM</FONT> <BR><FONT SIZE=3D2>To: FreeBSD-ISP@FreeBSD.ORG</FONT> <BR><FONT SIZE=3D2>Subject: Re: Chasing the kiddies (was: Named Keep = crashing)</FONT> </P> <BR> <P><FONT SIZE=3D2>Do you assume that all port scans are malicious? Is = there a situation in</FONT> <BR><FONT SIZE=3D2>which a scan would not cause you make such a = call?</FONT> </P> <P><FONT = SIZE=3D2>_______________________________________________________________= _________</FONT> </P> <P><FONT SIZE=3D2>Chet Hosey</FONT> <BR><FONT SIZE=3D2><chosey@nidhog.com></FONT> <BR><FONT = SIZE=3D2>_______________________________________________________________= _________</FONT> </P> <P><FONT SIZE=3D2>On Wed, 4 Apr 2001, Scott Lambert wrote:</FONT> </P> <P><FONT SIZE=3D2>> On Wed, Apr 04, 2001 at 01:16:19PM -0600, = Forrest W. Christian wrote:</FONT> <BR><FONT SIZE=3D2>> > Date: Wed, 4 Apr 2001 13:16:19 -0600 = (MDT)</FONT> <BR><FONT SIZE=3D2>> > From: "Forrest W. Christian" = <forrestc@imach.com></FONT> <BR><FONT SIZE=3D2>> > To: Kal Torak = <kaltorak@quake.com.au></FONT> <BR><FONT SIZE=3D2>> > Cc: Enno Davids = <enno.davids@metva.com.au>, freebsd-isp@FreeBSD.ORG</FONT> <BR><FONT SIZE=3D2>> > Subject: Re: Chasing the kiddies (was: = Named Keep crashing)</FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> > On Wed, 4 Apr 2001, Kal Torak = wrote:</FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> > > Why should network scanning be a = crime at all? If anything should be a crime</FONT> <BR><FONT SIZE=3D2>> > > its sloppy admins that let there = networks get comprimised...</FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> > But when after you scan, you break in and = destroy data, THAT should be the</FONT> <BR><FONT SIZE=3D2>> > crime I'm talking about.</FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> > What you don't realize is that a lot of = these attacks are now automated</FONT> <BR><FONT SIZE=3D2>> > rootkits which basically scan for the hole = and if they find it, ROOT YOUR</FONT> <BR><FONT SIZE=3D2>> > MACHINE.</FONT> <BR><FONT SIZE=3D2>> ></FONT> <BR><FONT SIZE=3D2>> > This is wrong.</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> These people who don't think scanning is a = problem bother me. I don't have</FONT> <BR><FONT SIZE=3D2>> time to hunt down all the scanning kiddies, but = I don't like them. I do</FONT> <BR><FONT SIZE=3D2>> hunt down the ones I get complaints on.</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> Scanning a network is just like = "casing" a neighborhood in my book. The</FONT> <BR><FONT SIZE=3D2>> police will stop you and check your background = and want to know if you</FONT> <BR><FONT SIZE=3D2>> have any business in the area if someone = reports you to them. The police</FONT> <BR><FONT SIZE=3D2>> call it suspicious behaviour which gives them = probable cause to stop the</FONT> <BR><FONT SIZE=3D2>> bad guy. They get what information they = can from him and if he is not</FONT> <BR><FONT SIZE=3D2>> (yet) wanted they let him go. But they = watch him. They remember he was</FONT> <BR><FONT SIZE=3D2>> in the area and if any complaints do come in = they go grab him first.</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> I do the same thing with my scanning = kiddies. My kiddies who go scanning</FONT> <BR><FONT SIZE=3D2>> my network or other people's networks get a = phone call. I talk to their</FONT> <BR><FONT SIZE=3D2>> parents and tell them their kids are on the = wrong road and could wind up</FONT> <BR><FONT SIZE=3D2>> in jail if they ever open one of those = doors. Hopefully the parents can</FONT> <BR><FONT SIZE=3D2>> straighten the kids out. I hope the kids = tell the other kids that they</FONT> <BR><FONT SIZE=3D2>> got busted. It lets them know they can = get in trouble for it and will</FONT> <BR><FONT SIZE=3D2>> hopefully discourage them.</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> I just wish I could go visit them physically so = I could make certain they</FONT> <BR><FONT SIZE=3D2>> were scared before I let them go.</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> Entering a computer system is breaking and = entering. Send them to jail.</FONT> <BR><FONT SIZE=3D2>> It doesn't matter if they immediately left = without doing anything. If anyone</FONT> <BR><FONT SIZE=3D2>> enters my home through a window I have left = open for ventilation at night,</FONT> <BR><FONT SIZE=3D2>> they could very possibly be shot or bludgeoned = about the head and shoulders</FONT> <BR><FONT SIZE=3D2>> by a baseball bat or whatever other blunt or = sharp object I find first.</FONT> <BR><FONT SIZE=3D2>> They will most likely end up in jail. It = makes no difference that the</FONT> <BR><FONT SIZE=3D2>> window was open. You just don't cross = those lines.</FONT> <BR><FONT SIZE=3D2>></FONT> <BR><FONT SIZE=3D2>> To Unsubscribe: send mail to = majordomo@FreeBSD.org</FONT> <BR><FONT SIZE=3D2>> with "unsubscribe freebsd-isp" in the = body of the message</FONT> <BR><FONT SIZE=3D2>></FONT> </P> <BR> <P><FONT SIZE=3D2>To Unsubscribe: send mail to = majordomo@FreeBSD.org</FONT> <BR><FONT SIZE=3D2>with "unsubscribe freebsd-isp" in the body = of the message</FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C0BD46.6CD55BBA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B1A7D9973EBED3119ADD009027DC8649180F89>