Re: what to do with a script kiddie

[ilaiy <ilaiy.e () gmail com>]

I think it depends on what kind of damage he has created . You should
have an estimated loss of abt 5000 to report to the local police ..

Well what i would do is .. Join the IRC and watch his moves .. 

./thanks 
ilaiy 

On 6/4/05, Stejerean, Cosmin <cstejere () cti depaul edu> wrote:
> You should join his IRC channels and try to have a conversation with the
> guy, see where it goes.
>
>
> Cosmin
>
> -----Original Message-----
> From: carnack [mailto:carnack () gmx net]
> Sent: Saturday, June 04, 2005 3:45 AM
> To: honeypots () securityfocus com
> Subject: what to do with a script kiddie
>
> Hi,
> I was operating my honeynet successfully over some days. I "catched"
> an intruder and monitored him closely for about 11 days. He was not
> very skilled, the term "script kiddy" fits the bill. I got some IPs of
> his copromised attack hosts and a lot of his passwords, for example his
> CSERVICE IRC password. I wonder what to do with that information now,
> as the intention of my study was my diploma thesis. Should I "snatch"
> his IRC channels and expose him? What have you done after getting such
> information? I am really interested in your experiences.
> yours
> Christian
>
> P.S. roo is a breeze!