Re: Dealing with script kiddies
From: Frank S (fsexton@qwest.net)
Date: 06/07/02
- Next message: Luis Santos: "Re: Getting Server Protect to work with TCP/IP filtering and IPSec"
- Previous message: Michael A. Covington \(Portable computer\): "Re: Dealing with script kiddies"
- In reply to: Michael A. Covington \(Portable computer\): "Dealing with script kiddies"
- Next in thread: Michael A. Covington \(Portable computer\): "Re: Dealing with script kiddies"
- Reply: Michael A. Covington \(Portable computer\): "Re: Dealing with script kiddies"
- Reply: msnews: "Re: Dealing with script kiddies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Frank S" <fsexton@qwest.net> Date: Thu, 06 Jun 2002 23:56:20 GMT
Few things...
First, what you are seeing is CodeRed/Nimda attacks. Virtually everyone
running a web server is getting these, just as you are.
Next, they are not being "typed" into the attackers keyboard, they are
automated. That is why you see 20 or more successive failed attempts.
Next, the computer they are coming from may not even be the bad guy. The
bad guy is using the good guy's computer to do this.
Best bet is to protect your system against them and forget it. Save
yourself some time. Trying to "catch" the perps of these automatic attacks
is not worth the time, IMHO.
-Frank
"Michael A. Covington (Portable computer)"
<look@www.covingtoninnovations.com.for.address> wrote in message
news:OhKYzRaDCHA.1272@tkmsftngp04...
> In my IIS logs, it's obvious that, several times per day, "script kiddies"
> are trying to penetrate the system by running cmd.exe through an HTTP GET
> command.
>
> They're not succeeding, even though many of them try it over... and
over...
> and over, like people who dial a wrong number on the telescope.
>
> I have full information about the dates, times, and IP addresses from
which
> they are connecting.
>
> My question is: How aggressive should I be about reporting these to their
> ISPs?
>
> I realize that most of them have to be ignored, simply because we have
> better things to do with our time. But I think I'm in favor of reporting
> them to their ISPs whenever feasible.
>
> The reason? ISPs used to tolerate spammers and even crackers, until they
> learned, gradually, that if they harbor such people, they will get a
barrage
> of complaints from the intended victims.
>
> Another reason: Any kind of crime prevention has to focus on unsuccessful
> attempts, not just successful ones. It's better to catch people earlier
in
> their careers and try to get them to realize that we don't admire what
> they're doing.
>
> Thoughts, anyone?
>
>
> --
>
> Michael A. Covington - Associate Director
> Artificial Intelligence Center, The University of Georgia
> http://www.ai.uga.edu/~mc
>
>
>
>
- Next message: Luis Santos: "Re: Getting Server Protect to work with TCP/IP filtering and IPSec"
- Previous message: Michael A. Covington \(Portable computer\): "Re: Dealing with script kiddies"
- In reply to: Michael A. Covington \(Portable computer\): "Dealing with script kiddies"
- Next in thread: Michael A. Covington \(Portable computer\): "Re: Dealing with script kiddies"
- Reply: Michael A. Covington \(Portable computer\): "Re: Dealing with script kiddies"
- Reply: msnews: "Re: Dealing with script kiddies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
