Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Annoy Those Sub7 Scanners.

From: Dan Hollis <goemon () ANIME NET>
Date: Sun, 27 Aug 2000 18:47:10 -0700
On Sun, 27 Aug 2000, H Carvey wrote:

How about this...don't run anything at all, and the
script kiddies drop by once and for the most part just
go away?


How about this... we lose the dripping sarcasm before we make an ass of
ourselves on a public mailing list?


To whom are you "proving beyond all doubt their
malicious intentions"?  The cops?  Your logs do not
constitute evidence.


The cops disagree with you. Properly handled, logs are more than just
hearsay, and also contribute to convergence of evidence -- a basic concept
of law.

We have successfully prosecuted using logs. Although they were not our
only evidence, they did play a key part proving malicious intent.

Others have successfully prosecuted using logs.


Their ISP?  They can just as likely ignore you as cancel their account.



From what ive experienced, its more the latter. 90% of the time the ISP

cancels the account with "this is a known baddie that ive already warned
once, ive been waiting for proof they are still up to no good".

If they ignore you, then you have found a grey or black hat network and
report it to your colleagues so they can firewall out that network.


So what's the point of all these logs?


Cancelling script kiddies accounts, of course.


Besides, running a FakeBO is tantamount to leaving "Welcome" in your
telnet banner...


No, it isn't.

-Dan
Previous By Date Next
Previous By Thread Next

Current thread: