Re: Scare Me !!

[Lance Spitzner <spitzner () dimension net>]

On Thu, 10 Jun 1999, Ken Hardy wrote:

> I need to induce a healthy respect for Internet dangers into
> some folks around here.  I know the dangers, or enough of them,
> but it's wearing to try to educate one after another exec,
> network tech, etc.

Two papers that may help.

"Know Your Enemy" covers the tools and tactics of script kiddies.
How the randomly probe the Internet for vulnerable targets.
http://www.enteract.com/~lspitz/enemy.html

"Know Your Enemy:III" covers step by step how a script kiddie
hacks a system, covers his tracks, and then monitors your every
move.  The paper is based on a system that was hacked last month.
I have system logs and keystrokes to verify the black-hat's every
move.
http://www.enteract.com/~lspitz/enemy3.html

Hope that helps :)

> In addition to the regular sort of security literature, a list
> of real-life (or very possible) security incidents that could
> help foster a healthy respect for the potential dangers might
> be real useful.  An internet shop of horrors website, perhaps.
> I'd appreciate anything useful in this regard.
>
> I'm trying to reach the sort of people who think that a) we
> have a firewall so we're safe; b) a packet filter is a firewall
> (even if all ports >1024 are open!); c) desktop modems are
> nothing to worry about; d) we *need* to support the
> impossible-to-defend protocols of the latest whiz-bang internet
> app through the firewall; e) policy?  we don't need no stinkin'
> policy; f) etc., etc., etc.
>
>  -- KH

Lance Spitzner
http://www.enteract.com/~lspitz/papers.html
Internetworking & Security Engineer
Dimension Enterprises Inc