RE: Scans Observed by Officer Friendly

[sean.kelly () lanston com]

> Looks like cable modems are scanned hourly.  I've got
> one and Back Officer Friendly has popped up with three
> BO ping sweeps in just the last three hours.  @home
> doesnt' appear to have a very proactive policy about
> hackers either.  I reported a break in to my home
> computer last week and I still haven't heard from
> them.
>
> Is there any way to set a trap for the hackers so that
> we can capture their real ip?

Not really, but you don't need to.  BO Friendly and similar apps keep logs
detailing which ip's attempt to connect to which ports, etc. and these
entries are all timestamped.

Whois will give you info on the domain, as well as the email address of the
domain admin of the offending ip.  If you forward those log sections to the
admin they can compare it to their internal logs to see where that ip was
allocated at that date/time and take action from there.

Ultimately, you're really at the mercy of the admin as to whether any action
is taken unless it was a real attack and you want to pursue legal avenues.
Most admins take these kinds of things seriously, some don't.

Some admins will take immediate action, and as someone said, some will just
use the info as a tip to keep an eye on someone or to tighten policies.  I
must admit there's a part of me that feels quite satisfied receiving the
"thanks for the info I've already deleted the offending account" messages,
but whatever.

IMO the only way to curb these break-ins is to contact admins every time
they happen.  Getting the script kiddies accounts revoked and they're going
to have a harder time "having fun."  If it's teens on their parents accounts
then they're also going to have to explain to the 'rents why their service
was suddenly discontinued.

Personally, I have nothing against experimenting, but I take offense to
outside ip's scanning my computers.  At home it's a privacy issue and at
work there are issues like potential downtime, which costs money.

Sean