Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

RE: what to do with a script kiddie

From: "Stejerean, Cosmin" <cstejere () cti depaul edu>
Date: Sat, 4 Jun 2005 11:05:20 -0500
You should join his IRC channels and try to have a conversation with the
guy, see where it goes.


Cosmin

-----Original Message-----
From: carnack [mailto:carnack () gmx net] 
Sent: Saturday, June 04, 2005 3:45 AM
To: honeypots () securityfocus com
Subject: what to do with a script kiddie

Hi,
I was operating my honeynet successfully over some days. I "catched"  
an intruder and monitored him closely for about 11 days. He was not 
very skilled, the term "script kiddy" fits the bill. I got some IPs of 
his copromised attack hosts and a lot of his passwords, for example his 
CSERVICE IRC password. I wonder what to do with that information now, 
as the intention of my study was my diploma thesis. Should I "snatch" 
his IRC channels and expose him? What have you done after getting such 
information? I am really interested in your experiences.
yours
Christian

P.S. roo is a breeze!

Attachment: smime.p7s
Description:

Previous By Date Next
Previous By Thread Next

Current thread: