From owner-freebsd-questions Wed Nov 28 15:15:19 2001 Delivered-To: freebsd-questions@freebsd.org Received: from rutger.owt.com (rutger.owt.com [204.118.6.16]) by hub.freebsd.org (Postfix) with ESMTP id A1F6837B416 for ; Wed, 28 Nov 2001 15:14:59 -0800 (PST) Received: from owt.com (owt-207-41-94-232.owt.com [207.41.94.232]) by rutger.owt.com (8.9.3/8.9.3) with ESMTP id PAA14582; Wed, 28 Nov 2001 15:14:53 -0800 Message-ID: <3C056FD4.8@owt.com> Date: Wed, 28 Nov 2001 15:14:28 -0800 From: Kent Stewart User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: Bsd Neophyte Cc: Anthony Atkielski , freebsd-questions@FreeBSD.ORG Subject: Re: script-kiddie trap? References: <20011128230524.14004.qmail@web20105.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Bsd Neophyte wrote: > I don't want to keep them out really. Someone's been trying to harass me. > I am pretty sure I know who it is. This person doesn't really know much, > but they are trying to get in by using some stupid scripts. The epitome > of a push-button-hacker. > > I want to gather some evidence against them and submit it to their ISP. > > A honeypot is way to complicated for me. I really don't know enough about > FreeBSD to be able to protect myself or catch them. If you use something like ipfw, you only need to turn on logging of port 21, 22, and what ever else they are trying. The ipfw (firewall) logs are good enough for most ISPs. I get a lot of double tries and I toss a coin, i.e., do I report them or not. I report all attempts with more than two tries. Kent > > --- Anthony Atkielski wrote: > >>Perhaps you're thinking about "honeypots," real systems operated >>normally but >>closely monitored with the specific purpose of inviting attention from >>script >>kiddies and other dregs. There isn't anything special about the >>software they >>run; they are just very closely watched by the honeypot operators. But >>what >>would be the utility of such a system for you? They don't keep crackers >>out--quite the contrary. >> >>----- Original Message ----- >>From: "Bsd Neophyte" >>To: >>Sent: Wednesday, November 28, 2001 23:38 >>Subject: script-kiddie trap? >> >> >> >>>I remember something about a year or two ago. Someone designed some >>> >>sort >> >>>of application that acted as a psuedo-network that would trap a >>>script-kiddie by giving them "access" to the network through something >>>that would appear to be a hole caused by popular trojans. (long >>> >>sentance I >> >>>know) >>> >>>The false network was pretty convincing. While the intruder would >>> >>poke >> >>>around and cause mayhem, this tool would log everything about the >>> >>person >> >>>so that you could file a pretty convincing case against them. >>> >>>Is there anything like this that's free... better yet, included in the >>>ports? >>> >>>-Sameer >>> >>> >>> >>>__________________________________________________ >>>Do You Yahoo!? >>>Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. >>>http://geocities.yahoo.com/ps/info1 >>> >>>To Unsubscribe: send mail to majordomo@FreeBSD.org >>>with "unsubscribe freebsd-questions" in the body of the message >>> >>> >> >>To Unsubscribe: send mail to majordomo@FreeBSD.org >>with "unsubscribe freebsd-questions" in the body of the message >> > > > __________________________________________________ > Do You Yahoo!? > Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. > http://geocities.yahoo.com/ps/info1 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > . > > -- Kent Stewart Richland, WA mailto:kbstew99@hotmail.com http://users.owt.com/kstewart/index.html FreeBSD News http://daily.daemonnews.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message