Firewall Wizards mailing list archives

Re: Scans Observed by Officer Friendly

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 19 May 1999 17:00:04 -0500 (CDT)


Actually, this is pretty naive, for the 'script kiddies' have some pretty
impressive tools at their point and click fingertips.  And, they have
learned a thing or two, that few here give them credit for.  They've
learned to coordinate their activities, to pool resources.  They are
not coming at you from a single endpoint now, there are 6-10 of them
setting up their attacks, all hitting you at once.  And, many have telnet
accounts, or hacked systems from which they launch their spoofed attacks,
and so cover their tracks.  Sure, you might get one of those accounts
closed, might even succeed in getting multiple accounts that they
have access to closed, and still, they will come at you, from others that
are still hidden and unfettered out.  Only the newest of the newbies on
the net do their dirty work from their main account these days.

Trust me, BO and NETBUS are the least of your worries, and only the very
raw kiddies play with it now...

Thanks,

Ron DuFresne


On Wed, 19 May 1999, S. Jonah Pressman wrote:

chuck wrote:


So how open is TimeWarner going to be to figuring out who had that
address at the time that you (don't) note and going out and smacking
someone upside the head?


Frankly, Chuck, some of us actually do go out and "smack someone upside
the head".  More importantly, the script kiddies that tend to repeat
attempts are soon humbled into submission when their ISP cancels their
service.

It is not necessarily our actions or the ISP's actions that ultimately
hurts them; it's the ridicule of their friends they've been bragging to
about their NetBus and Back Orifice exploits.  Besides, Mommy and Daddy
go nuts about paying exorbitant rates for cable modem service and rental
just to have it canceled... oh, the shame  :-)


Quoting Randy Grimshaw (rgrimsha () mailbox syr edu):


Where would the address 24.93.46.49 be comming from?

Is this an annoyance or a masqerade?

My 'Officer' noticed BO_PING sweep and BO_FILEFIND attempts on Friday
night and Sunday night.


<><Randall Grimshaw, Network Programmer, Syracuse University, 315-443-5779


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

Current thread:

Re: Responsiveness of remote admins, (continued)
- - - Re: Responsiveness of remote admins Tim Kramer (May 21)
    - Re: Responsiveness of remote admins Philip S Holt (May 21)
    - Re: Norton AV for Firewalls mht (May 21)
    - Re: Responsiveness of remote admins R. DuFresne (May 21)
    - Re: Responsiveness of remote admins Craig H. Rowland (May 21)
    - Re: Scans Observed by Officer Friendly R. DuFresne (May 19)
  - Re: Scans Observed by Officer Friendly David Lang (May 19)
  - Re: Scans Observed by Officer Friendly S. Jonah Pressman (May 19)
    - Re: Scans Observed by Officer Friendly Larry Chin (May 21)
    - RE: Scans Observed by Officer Friendly James D. Wilson (May 22)
    - Re: Scans Observed by Officer Friendly R. DuFresne (May 21)
- Re: Scans Observed by Officer Friendly Michael H. Warfield (May 18)
- Re: Scans Observed by Officer Friendly R. DuFresne (May 19)
- Re: Scans Observed by Officer Friendly Holger Heimann (May 18)
- Re: Scans Observed by Officer Friendly kevin hunter (May 18)
- Re: Scans Observed by Officer Friendly Denise Lucas (May 18)
- Re: Scans Observed by Officer Friendly S. Jonah Pressman (May 18)
- RE: Scans Observed by Officer Friendly sean . kelly (May 21)
- RE: Scans Observed by Officer Friendly Bill_Royds (May 23)