Information Security News mailing list archives
Have you been hacked? Then strike back
From: InfoSec News <isn () C4I ORG>
Date: Wed, 20 Sep 2000 03:54:45 -0500
http://www8.zdnet.com/eweek/stories/general/0,11011,2627050,00.html By Brett Arquette, eWEEK September 17, 2000 9:00 PM PT Knock, knock. Who's there? Script kiddie. Script kiddie... who? Unfortunately, script kiddies are no joke. The term "script kiddie" is what network people call hackers who run scripts to challenge your network security. They believe that most of these hackers are young people (kids) who have either written a script or downloaded one off the Net. Using the script, they type in a range of IP addresses and let it go. If your network's IP addresses fall within the range they've entered, the script will knock on the door of each of your ports and test to see if you've left any of them unprotected. If so, you can count on the kiddies coming on in to have a look around, and then it's playtime. In the past few months, my system administrator has noticed a marked increase in port scans made against our network. By analyzing firewall logs, we were able to tell that seven separate kiddies scanned us over a single weekend. Almost without fail, every night we're being scanned at least once. The most popular ports they scan are Sun RPC, FTP, POP3 and IMAP4. If we're being scanned, you can almost bet that your site is being scanned as well. The scans are originating from organizations such as the University of Maryland, Verio and BellSouth and from within countries such as South Korea and Sweden. Is there reason to worry? If you were sitting at home and noticed someone outside, testing all your doors to see if they were unlocked, you'd be on the phone to the police in a nanosecond. So, when we're scanned, we look up the IP addresses of the scanners and find out whom the addresses belong to. Then we send an e-mail to the originators telling them we were scanned, provide them with the information about the scanner, and encourage them to track down the user responsible and take action against him or her. This reporting process may benefit these sites themselves, since they may have been hacked and the port scans are going out without them ever knowing it. Still, poring over your network logs, finding the script kiddies, looking up where the attack came from and sending out e-mail takes a lot of time. It would be great if someone wrote software that automated the process. One way or another, I hope you agree, it's time to attack the hack and put some of these kiddies to bed. Brett Arquette is chief technology officer for the 9th Judicial Circuit Court, Orange and Osceola counties, Florida. You can e-mail him at barq () iag net. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Have you been hacked? Then strike back InfoSec News (Sep 20)
- <Possible follow-ups>
- Re: Have you been hacked? Then strike back InfoSec News (Sep 24)