Re: Dealing with script kiddies

From: Michael A. Covington \(Portable computer\) (look@www.covingtoninnovations.com.for.address)
Date: 06/07/02


From: "Michael A. Covington  \(Portable computer\)" <look@www.covingtoninnovations.com.for.address>
Date: Thu, 6 Jun 2002 22:58:11 -0400


> First, what you are seeing is CodeRed/Nimda attacks. Virtually everyone
> running a web server is getting these, just as you are.
>
> Next, they are not being "typed" into the attackers keyboard, they are
> automated. That is why you see 20 or more successive failed attempts.
>
> Next, the computer they are coming from may not even be the bad guy. The
> bad guy is using the good guy's computer to do this.

I knew all those things.

> Best bet is to protect your system against them and forget it. Save
> yourself some time. Trying to "catch" the perps of these automatic
attacks
> is not worth the time, IMHO.

Catching the perpetrators may be difficult, but identifying the systems they
are using, and notifying the sysadmins, is easy. If they are working from
cracked systems, the victims need to be notified.