Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 28 Nov 2001 15:14:28 -0800
From:      Kent Stewart <kstewart@owt.com>
To:        Bsd Neophyte <bsdneophyte@yahoo.com>
Cc:        Anthony Atkielski <anthony@freebie.atkielski.com>, freebsd-questions@FreeBSD.ORG
Subject:   Re: script-kiddie trap?
Message-ID:  <3C056FD4.8@owt.com>
References:  <20011128230524.14004.qmail@web20105.mail.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help


Bsd Neophyte wrote:

> I don't want to keep them out really.  Someone's been trying to harass me.
>  I am pretty sure I know who it is.  This person doesn't really know much,
> but they are trying to get in by using some stupid scripts.  The epitome
> of a push-button-hacker.
> 
> I want to gather some evidence against them and submit it to their ISP.
> 
> A honeypot is way to complicated for me.  I really don't know enough about
> FreeBSD to be able to protect myself or catch them.


If you use something like ipfw, you only need to turn on logging of port 
21, 22, and what ever else they are trying. The ipfw (firewall) logs are 
good enough for most ISPs. I get a lot of double tries and I toss a 
coin, i.e., do I report them or not. I report all attempts with more 
than two tries.

Kent


> 
> --- Anthony Atkielski <anthony@freebie.atkielski.com> wrote:
> 
>>Perhaps you're thinking about "honeypots," real systems operated
>>normally but
>>closely monitored with the specific purpose of inviting attention from
>>script
>>kiddies and other dregs.  There isn't anything special about the
>>software they
>>run; they are just very closely watched by the honeypot operators.  But
>>what
>>would be the utility of such a system for you?  They don't keep crackers
>>out--quite the contrary.
>>
>>----- Original Message -----
>>From: "Bsd Neophyte" <bsdneophyte@yahoo.com>
>>To: <freebsd-questions@FreeBSD.ORG>
>>Sent: Wednesday, November 28, 2001 23:38
>>Subject: script-kiddie trap?
>>
>>
>>
>>>I remember something about a year or two ago.  Someone designed some
>>>
>>sort
>>
>>>of application that acted as a psuedo-network that would trap a
>>>script-kiddie by giving them "access" to the network through something
>>>that would appear to be a hole caused by popular trojans. (long
>>>
>>sentance I
>>
>>>know)
>>>
>>>The false network was pretty convincing.  While the intruder would
>>>
>>poke
>>
>>>around and cause mayhem, this tool would log everything about the
>>>
>>person
>>
>>>so that you could file a pretty convincing case against them.
>>>
>>>Is there anything like this that's free... better yet, included in the
>>>ports?
>>>
>>>-Sameer
>>>
>>>
>>>
>>>__________________________________________________
>>>Do You Yahoo!?
>>>Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
>>>http://geocities.yahoo.com/ps/info1
>>>
>>>To Unsubscribe: send mail to majordomo@FreeBSD.org
>>>with "unsubscribe freebsd-questions" in the body of the message
>>>
>>>
>>
>>To Unsubscribe: send mail to majordomo@FreeBSD.org
>>with "unsubscribe freebsd-questions" in the body of the message
>>
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
> http://geocities.yahoo.com/ps/info1
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 
> .
> 
> 


-- 
Kent Stewart
Richland, WA

mailto:kbstew99@hotmail.com
http://users.owt.com/kstewart/index.html
FreeBSD News http://daily.daemonnews.org/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C056FD4.8>