Honeypots mailing list archives
Re: what to do with a script kiddie
From: Lance Spitzner <lance () honeynet org>
Date: Sat, 4 Jun 2005 12:30:54 -0500
On Jun 4, 2005, at 11:05, Stejerean, Cosmin wrote:
You should join his IRC channels and try to have a conversation with theguy, see where it goes.
Be careful before following such advice, I suggest you consider the following.
- Legal: You want to understand and be sure you are adhering to the legal guidelines of your country and organization. These are different around the world. A good starting point is the legal chapter in the "Know Your Enemy: 2nd Edition", which you can find online for free at http://www.honeynet.org/book/.
- Ethical: The second issue is one of ethics. The Honeynet Research Alliance is in the process of reviewing and better documenting these issues in their charter, which you can find online now at http://www.honeynet.org/alliance/charter.txt. The suggestion above would most likely violate current ethical guidelines.
Last, if you identify systems compromised or collect malware during your research, my recommendation is to forward that information to your local CERT and CM-CERT at http://www.cert.org. This way your research benefits the entire community.
lance
I was operating my honeynet successfully over some days. I "catched" an intruder and monitored him closely for about 11 days. He was not very skilled, the term "script kiddy" fits the bill. I got some IPs of his copromised attack hosts and a lot of his passwords, for example his CSERVICE IRC password. I wonder what to do with that information now, as the intention of my study was my diploma thesis. Should I "snatch" his IRC channels and expose him? What have you done after getting such information? I am really interested in your experiences. yours Christian
Current thread:
- what to do with a script kiddie carnack (Jun 04)
- Re: what to do with a script kiddie David Jiménez Domínguez (Jun 04)
- Re: what to do with a script kiddie carnack (Jun 04)
- Re: what to do with a script kiddie Sebastian Garcia (Jun 06)
- Re: what to do with a script kiddie carnack (Jun 04)
- Re: what to do with a script kiddie Damian Menscher (Jun 04)
- <Possible follow-ups>
- RE: what to do with a script kiddie Stejerean, Cosmin (Jun 04)
- Re: what to do with a script kiddie ilaiy (Jun 04)
- Re: what to do with a script kiddie Lance Spitzner (Jun 04)
- Re: what to do with a script kiddie MrDemeanour (Jun 05)
- Re: what to do with a script kiddie Dave Dittrich (Jun 06)
- Re: what to do with a script kiddie MrDemeanour (Jun 06)
- Re: what to do with a script kiddie Dave Dittrich (Jun 06)
- Re: what to do with a script kiddie Andre Ludwig (Jun 06)
- Re: what to do with a script kiddie David Jiménez Domínguez (Jun 04)
- Re: what to do with a script kiddie David Jiménez Domínguez (Jun 06)
- Re: what to do with a script kiddie Valdis . Kletnieks (Jun 06)