From owner-freebsd-security  Fri Jan 21 22:16:18 2000
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2])
	by hub.freebsd.org (Postfix) with ESMTP id AEC07156DC
	for <freebsd-security@FreeBSD.ORG>; Fri, 21 Jan 2000 22:15:55 -0800 (PST)
	(envelope-from brett@lariat.org)
Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2])
	by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id XAA29979;
	Fri, 21 Jan 2000 23:15:44 -0700 (MST)
Message-Id: <4.2.2.20000121231109.019c04a0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 
Date: Fri, 21 Jan 2000 23:15:44 -0700
To: Matthew Dillon <dillon@apollo.backplane.com>
From: Brett Glass <brett@lariat.org>
Subject: Re: Some observations on stream.c and streamnt.c
Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	Keith Stevenson <k.stevenson@louisville.edu>,
	freebsd-security@FreeBSD.ORG
In-Reply-To: <200001220600.WAA67669@apollo.backplane.com>
References: <4.2.2.20000120194543.019a8d50@localhost>
 <Pine.BSF.4.10.10001211419010.3943-100000@tetron02.tetronsoftware.com>
 <20000121162757.A7080@osaka.louisville.edu>
 <xzpk8l2lul4.fsf@flood.ping.uio.no>
 <4.2.2.20000121195112.0196a220@localhost>
 <4.2.2.20000121210443.01981600@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

At 11:00 PM 1/21/2000 , Matthew Dillon wrote:

>    I don't think you quite understand how IRC weenies and script kiddies
>     work.

Funny you should say that. I've been watching some at work this evening. ;-)

>    They don't know or care what kind of machine is on the other
>     end of the network.  They simply run their entire suite of tools until
>     they find one that works.

Many of those tools contain probes which rely on getting RSTs. No RST, and
they go no farther. Also, some of the kiddiez scan and then come back later 
with other tools.

>    It's kinda amusing to watch, actually.  

THAT I'll agree with.

 >    One time Dima and I sat down and watched one of these
>     bozos try to run a suite of SGI exploits on a FreeBSD shell box.  He
>     was so stupid he didn't even know he was sitting in a FreeBSD shell
>     session!

You should see the ones who get onto the honeypot system at one of my 
clients' sites. Most of them need a community college-level UNIX course.

--Brett



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message