Honeypots mailing list archives

Re: what to do with a script kiddie

From: David Jiménez Domínguez <djdsecurity () gmail com>
Date: Sat, 4 Jun 2005 12:08:30 -0500

You shouldn't expose him, you are studying him (when you are studying an 
animal for scientific proposes you don't expose the animal itself, you 
expose your work)... If you're going to use this information for your thesis 
just use it. You could share it with the community like the honeynet project 
does.

2005/6/4, carnack <carnack () gmx net>:


Hi,
I was operating my honeynet successfully over some days. I "catched"
an intruder and monitored him closely for about 11 days. He was not
very skilled, the term "script kiddy" fits the bill. I got some IPs of
his copromised attack hosts and a lot of his passwords, for example his
CSERVICE IRC password. I wonder what to do with that information now,
as the intention of my study was my diploma thesis. Should I "snatch"
his IRC channels and expose him? What have you done after getting such
information? I am really interested in your experiences.
yours
Christian

P.S. roo is a breeze!

Current thread:

what to do with a script kiddie carnack (Jun 04)
- Re: what to do with a script kiddie David Jiménez Domínguez (Jun 04)
  - Re: what to do with a script kiddie carnack (Jun 04)
    - Re: what to do with a script kiddie Sebastian Garcia (Jun 06)
- Re: what to do with a script kiddie Damian Menscher (Jun 04)
- <Possible follow-ups>
- RE: what to do with a script kiddie Stejerean, Cosmin (Jun 04)
  - Re: what to do with a script kiddie ilaiy (Jun 04)
  - Re: what to do with a script kiddie Lance Spitzner (Jun 04)
    - Re: what to do with a script kiddie MrDemeanour (Jun 05)
    - Re: what to do with a script kiddie Dave Dittrich (Jun 06)
    - Re: what to do with a script kiddie MrDemeanour (Jun 06)
    - Re: what to do with a script kiddie Dave Dittrich (Jun 06)

(Thread continues...)