Re: A slap on the wrist...?

[H Carvey <keydet89 () YAHOO COM>]

> Man, this particular person can't be overly clever.

That's why they call them kiddies...

> First, if the
> scanner he uses is half decent, it should recognize
> the host as a
> Unix machine, thus making it pretty improbable
> NetBus is running
> on it.

Well, I would suspect that his "scanner" is only
looking for open BO ports...which is the premise that
tools like FakeBO were written under.  Further, many
of the kiddies just have no concept of the difference
btwn windows and Unix.

> Secondly, my fakebo installation shows a
> banner after
> connect which makes it clear that the attempts are
> being logged
> and everybody's supposed to bugger off.
>
> What to do...?

Why do anything?  You set up the FakeBO installation,
correct?  For what reason?  A real security policy
would have dictated that you run only those services
necessary for the function of the box...does your
policy state that distractions and such (FakeBO,
perhaps a deception toolkit...) will be used?  If so,
fine.  If not...well, you've got some nice logs that
you shared with us, and we all had a good laugh.

My point is this...had you not been running FakeBO,
then this kiddie would never had had reason to send
those packets to your machine.  It's nice that you
have a banner...but if he's using a GUI BO client of
some sort, it's highly likely that he never saw it.
Much like my experience in Korea...we put up warning
signs around the high-voltage lines, but we could have
been in serious trouble if an of the locals had run
into the lines and been electrocuted...we were in
Korea and the signs were written in Japanese.

__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/