RE: Chasing the kiddies (was: Named Keep crashing)

From owner-freebsd-isp Wed Apr 4 13:19:18 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailman.thenap.com (mailman.thenap.com [209.190.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 6A85337B718 for ; Wed, 4 Apr 2001 13:19:08 -0700 (PDT) (envelope-from drew.weaver@thenap.com) Received: by mailman.thenap.com with Internet Mail Service (5.5.2650.21) id ; Wed, 4 Apr 2001 16:32:56 -0400 Message-ID: From: "Drew J. Weaver" To: 'Chet Hosey' , FreeBSD-ISP@FreeBSD.ORG Subject: RE: Chasing the kiddies (was: Named Keep crashing) Date: Wed, 4 Apr 2001 16:32:47 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C0BD46.6CD55BBA" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0BD46.6CD55BBA Content-Type: text/plain; charset="iso-8859-1" I couldn't imagine any circumstance under which anyone else on the internet needs to know which services are running on a server that I control. So yes, I suppose they are all malicious. -Drew -----Original Message----- From: Chet Hosey [mailto:chosey@nidhog.com] Sent: Wednesday, April 04, 2001 4:16 PM To: FreeBSD-ISP@FreeBSD.ORG Subject: Re: Chasing the kiddies (was: Named Keep crashing) Do you assume that all port scans are malicious? Is there a situation in which a scan would not cause you make such a call? ________________________________________________________________________ Chet Hosey ________________________________________________________________________ On Wed, 4 Apr 2001, Scott Lambert wrote: > On Wed, Apr 04, 2001 at 01:16:19PM -0600, Forrest W. Christian wrote: > > Date: Wed, 4 Apr 2001 13:16:19 -0600 (MDT) > > From: "Forrest W. Christian" > > To: Kal Torak > > Cc: Enno Davids , freebsd-isp@FreeBSD.ORG > > Subject: Re: Chasing the kiddies (was: Named Keep crashing) > > > > On Wed, 4 Apr 2001, Kal Torak wrote: > > > > > Why should network scanning be a crime at all? If anything should be a crime > > > its sloppy admins that let there networks get comprimised... > > > > But when after you scan, you break in and destroy data, THAT should be the > > crime I'm talking about. > > > > What you don't realize is that a lot of these attacks are now automated > > rootkits which basically scan for the hole and if they find it, ROOT YOUR > > MACHINE. > > > > This is wrong. > > These people who don't think scanning is a problem bother me. I don't have > time to hunt down all the scanning kiddies, but I don't like them. I do > hunt down the ones I get complaints on. > > Scanning a network is just like "casing" a neighborhood in my book. The > police will stop you and check your background and want to know if you > have any business in the area if someone reports you to them. The police > call it suspicious behaviour which gives them probable cause to stop the > bad guy. They get what information they can from him and if he is not > (yet) wanted they let him go. But they watch him. They remember he was > in the area and if any complaints do come in they go grab him first. > > I do the same thing with my scanning kiddies. My kiddies who go scanning > my network or other people's networks get a phone call. I talk to their > parents and tell them their kids are on the wrong road and could wind up > in jail if they ever open one of those doors. Hopefully the parents can > straighten the kids out. I hope the kids tell the other kids that they > got busted. It lets them know they can get in trouble for it and will > hopefully discourage them. > > I just wish I could go visit them physically so I could make certain they > were scared before I let them go. > > Entering a computer system is breaking and entering. Send them to jail. > It doesn't matter if they immediately left without doing anything. If anyone > enters my home through a window I have left open for ventilation at night, > they could very possibly be shot or bludgeoned about the head and shoulders > by a baseball bat or whatever other blunt or sharp object I find first. > They will most likely end up in jail. It makes no difference that the > window was open. You just don't cross those lines. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message ------_=_NextPart_001_01C0BD46.6CD55BBA Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: Chasing the kiddies (was: Named Keep crashing)

I couldn't imagine any circumstance under which = anyone else on the internet needs to know which services are running on = a server that I control. So yes, I suppose they are all = malicious.

-Drew

-----Original Message-----
From: Chet Hosey [mailto:chosey@nidhog.com]
Sent: Wednesday, April 04, 2001 4:16 PM
To: FreeBSD-ISP@FreeBSD.ORG
Subject: Re: Chasing the kiddies (was: Named Keep = crashing)

Do you assume that all port scans are malicious? Is = there a situation in
which a scan would not cause you make such a = call?

_______________________________________________________________= _________

Chet Hosey
<chosey@nidhog.com>
_______________________________________________________________= _________

On Wed, 4 Apr 2001, Scott Lambert wrote:

> On Wed, Apr 04, 2001 at 01:16:19PM -0600, = Forrest W. Christian wrote:
> > Date: Wed, 4 Apr 2001 13:16:19 -0600 = (MDT)
> > From: "Forrest W. Christian" = <forrestc@imach.com>
> > To: Kal Torak = <kaltorak@quake.com.au>
> > Cc: Enno Davids = <enno.davids@metva.com.au>, freebsd-isp@FreeBSD.ORG
> > Subject: Re: Chasing the kiddies (was: = Named Keep crashing)
> >
> > On Wed, 4 Apr 2001, Kal Torak = wrote:
> >
> > > Why should network scanning be a = crime at all? If anything should be a crime
> > > its sloppy admins that let there = networks get comprimised...
> >
> > But when after you scan, you break in and = destroy data, THAT should be the
> > crime I'm talking about.
> >
> > What you don't realize is that a lot of = these attacks are now automated
> > rootkits which basically scan for the hole = and if they find it, ROOT YOUR
> > MACHINE.
> >
> > This is wrong.
>
> These people who don't think scanning is a = problem bother me. I don't have
> time to hunt down all the scanning kiddies, but = I don't like them. I do
> hunt down the ones I get complaints on.
>
> Scanning a network is just like = "casing" a neighborhood in my book. The
> police will stop you and check your background = and want to know if you
> have any business in the area if someone = reports you to them. The police
> call it suspicious behaviour which gives them = probable cause to stop the
> bad guy. They get what information they = can from him and if he is not
> (yet) wanted they let him go. But they = watch him. They remember he was
> in the area and if any complaints do come in = they go grab him first.
>
> I do the same thing with my scanning = kiddies. My kiddies who go scanning
> my network or other people's networks get a = phone call. I talk to their
> parents and tell them their kids are on the = wrong road and could wind up
> in jail if they ever open one of those = doors. Hopefully the parents can
> straighten the kids out. I hope the kids = tell the other kids that they
> got busted. It lets them know they can = get in trouble for it and will
> hopefully discourage them.
>
> I just wish I could go visit them physically so = I could make certain they
> were scared before I let them go.
>
> Entering a computer system is breaking and = entering. Send them to jail.
> It doesn't matter if they immediately left = without doing anything. If anyone
> enters my home through a window I have left = open for ventilation at night,
> they could very possibly be shot or bludgeoned = about the head and shoulders
> by a baseball bat or whatever other blunt or = sharp object I find first.
> They will most likely end up in jail. It = makes no difference that the
> window was open. You just don't cross = those lines.
>
> To Unsubscribe: send mail to = majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the = body of the message
>

To Unsubscribe: send mail to = majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body = of the message

------_=_NextPart_001_01C0BD46.6CD55BBA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message