Firewall Wizards mailing list archives
Re: Scans Observed by Officer Friendly
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 19 May 1999 17:00:04 -0500 (CDT)
Actually, this is pretty naive, for the 'script kiddies' have some pretty impressive tools at their point and click fingertips. And, they have learned a thing or two, that few here give them credit for. They've learned to coordinate their activities, to pool resources. They are not coming at you from a single endpoint now, there are 6-10 of them setting up their attacks, all hitting you at once. And, many have telnet accounts, or hacked systems from which they launch their spoofed attacks, and so cover their tracks. Sure, you might get one of those accounts closed, might even succeed in getting multiple accounts that they have access to closed, and still, they will come at you, from others that are still hidden and unfettered out. Only the newest of the newbies on the net do their dirty work from their main account these days. Trust me, BO and NETBUS are the least of your worries, and only the very raw kiddies play with it now... Thanks, Ron DuFresne On Wed, 19 May 1999, S. Jonah Pressman wrote:
chuck wrote:So how open is TimeWarner going to be to figuring out who had that address at the time that you (don't) note and going out and smacking someone upside the head?Frankly, Chuck, some of us actually do go out and "smack someone upside the head". More importantly, the script kiddies that tend to repeat attempts are soon humbled into submission when their ISP cancels their service. It is not necessarily our actions or the ISP's actions that ultimately hurts them; it's the ridicule of their friends they've been bragging to about their NetBus and Back Orifice exploits. Besides, Mommy and Daddy go nuts about paying exorbitant rates for cable modem service and rental just to have it canceled... oh, the shame :-)Quoting Randy Grimshaw (rgrimsha () mailbox syr edu):Where would the address 24.93.46.49 be comming from? Is this an annoyance or a masqerade? My 'Officer' noticed BO_PING sweep and BO_FILEFIND attempts on Friday night and Sunday night. <><Randall Grimshaw, Network Programmer, Syracuse University, 315-443-5779
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- Re: Responsiveness of remote admins, (continued)
- Re: Responsiveness of remote admins Tim Kramer (May 21)
- Re: Responsiveness of remote admins Philip S Holt (May 21)
- Re: Norton AV for Firewalls mht (May 21)
- Re: Responsiveness of remote admins R. DuFresne (May 21)
- Re: Responsiveness of remote admins Craig H. Rowland (May 21)
- Re: Scans Observed by Officer Friendly R. DuFresne (May 19)
- Re: Scans Observed by Officer Friendly David Lang (May 19)
- Re: Scans Observed by Officer Friendly S. Jonah Pressman (May 19)
- Re: Scans Observed by Officer Friendly Larry Chin (May 21)
- RE: Scans Observed by Officer Friendly James D. Wilson (May 22)
- Re: Scans Observed by Officer Friendly R. DuFresne (May 21)