Security Incidents mailing list archives

A slap on the wrist...?

From: Jan Muenther <jan () RADIO HUNDERT6 DE>
Date: Tue, 29 Aug 2000 17:28:27 +0200

Hello folks,
some obviously dumb kiddie has entangled himself in my logfile
during the weekend.
Excerpts:

08-25-2000 19:54:41 [NB](#0):  Open the CD ROM Requested
08-25-2000 19:54:48 [NB][#0] Client disconnected.
08-25-2000 19:55:19 [NB] Connection[#0] from
`p3E99060F.dip.t-dialin.net' (62.153.6.15) accepted!
08-25-2000 19:55:26 [NB](#0): Unknown NetBus Command
(Garbage?)
08-25-2000 19:55:35 [NB](#0): 696;404 Set Mouse Position
08-25-2000 19:55:36 [NB](#0):
624;376SetMousePos;520;332SetMousePos;470;320SetMousePos;448;329SetMousePos;440;337SetMousePos;431;357SetMousePos;431;365SetMousePos;431;373SetMousePos;431;377SetMousePos;431;379SetMousePos;433;382SetMousePos;459;392SetMousePos;503;408SetMousePos;555;424SetMousePos;593;436SetMousePos;619;440SetMousePos;639;444SetMousePos;659;448SetMousePos;673;451
Set Mouse Position
08-25-2000 19:55:37 [NB](#0):
675;452SetMousePos;675;452SetMousePos;675;450SetMousePos;674;430SetMousePos;674;410SetMousePos;674;407SetMousePos;676;404SetMousePos;678;401
Set Mouse Position
08-25-2000 19:55:38 [NB](#0): 678;401 Set Mouse Position
08-25-2000 19:55:49 [NB](#0): 233 Password Change Request
08-25-2000 19:55:53 [NB](#0): Unknown NetBus Command
(Garbage?)
08-25-2000 19:55:57 [NB][#0] Client disconnected.

Plus a couple of portscans etc. pp.
Man, this particular person can't be overly clever. First, if the
scanner he uses is half decent, it should recognize the host as a
Unix machine, thus making it pretty improbable NetBus is running
on it. Secondly, my fakebo installation shows a banner after
connect which makes it clear that the attempts are being logged
and everybody's supposed to bugger off.

What to do...? Should I ignore him like I usually ignore
portscans or should he get a slap on the wrist...? I already
contacted the provider, it was a dial in account from T-Online,
so I don't think I'll get a reply to soon, if at all.
What really upsets me is the fact that after all he wanted to
change the NetBus password to gain single access to the host.
Grr. What a dumbo.

So, what do you guys normally do? Especially the one sited in
Germany who deal with T-Online...??
Any comments are welcomed,

Cheers, Jan
--
Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther () radio hundert6 de

Current thread:

A slap on the wrist...? Jan Muenther (Aug 29)
- Re: A slap on the wrist...? Daniel Roesen (Aug 30)
- <Possible follow-ups>
- Re: A slap on the wrist...? H Carvey (Aug 30)
  - Re: A slap on the wrist...? Nexus (Aug 30)
    - Re: A slap on the wrist...? Greg A. Woods (Aug 31)
    - Re: A slap on the wrist...? Rob McCauley (Aug 31)
    - Re: A slap on the wrist...? Steve Stearns (Aug 31)
    - Re: A slap on the wrist...? Jan Muenther (Aug 31)
    - Re: A slap on the wrist...? Daniel Medina (Aug 31)