Re: Dealing with script kiddies

From: Michael A. Covington (mc@deletethisword.uga.edu)
Date: 06/07/02 

From: "Michael A. Covington" <mc@deletethisword.uga.edu>
Date: Fri, 7 Jun 2002 13:34:43 -0400

> I'll tell you what I do and you can feel free to follow my lead or
> ignore me. :)
>
> I scan the logs manually, and also run a script that checks for
> instances of CMD.EXE and a few others. If I get a repeated attack
> either over several hours/days or continuous for a significant amount
> of time, and if I'm pissed because the bagel place was out of garlic
> bagels, then I hunt down the offending system and their ISP.
>
> I have a secret weapon in that we're a municipal government with links
> to law enforcement networks, including the FBI, so I can let the ISP
> know these attacks constitute a potential attack on a security
> infrastructure. Since 9/11, most providers are very sensitive to this
> and act immediately.
>
> Over the years I've gotten a fair number of systems locked off the
> internet and accounts canceled. It never gets me a garlic bagel, but
> it makes the onion bagel tatse a little better and that's enough.
>
> Sometimes I just have too much time and too little social life... :)

Actually I often play the same role as grumpy old man :)

A few years ago I chaired the committee that developed our acceptable-use
policy. That involved mainly dealing with the legal and human side of
security, not the technical side, so I'm not always _au courant_ with the
names of viruses or the ways to recognize particular technical forms of
attack.

And, like you, I'm in government.

And, like you, I do a variable amount of checking and reporting depending on
workload and mood. That actually probably enhances security -- if I don't
operate with mechanical predictability, people can't predict what I *won't*
do.

I'm writing an automated log-scanner. Under the .NET API, is it easy to
make a program send a piece of e-mail?

Relevant Pages

  • Re: Dealing with script kiddies
    ... If I get a repeated attack ... and if I'm pissed because the bagel place was out of garlic ... > I have a secret weapon in that we're a municipal government with links ... security, not the technical side, so I'm not always _au courant_ with the ...
    (microsoft.public.inetserver.iis.security)
  • Re: Dealing with script kiddies
    ... If I get a repeated attack ... and if I'm pissed because the bagel place was out of garlic ... >> to law enforcement networks, including the FBI, so I can let the ISP ... > security, not the technical side, so I'm not always _au courant_ with the ...
    (microsoft.public.inetserver.iis.security)
  • Re: Dealing with script kiddies
    ... If I get a repeated attack ... and if I'm pissed because the bagel place was out of garlic ... >> to law enforcement networks, including the FBI, so I can let the ISP ... > security, not the technical side, so I'm not always _au courant_ with the ...
    (microsoft.public.win2000.security)
  • [NT] DCE RPC Vulnerabilities New Attack Vectors Analysis
    ... Get your security news from a reliable source. ... These new attack methods were found while researching exploitation ... They might also apply to other vulnerabilities such as the DCE RPC DCOM ...
    (Securiteam)
  • << Small Biz Server news this week - June 18, 2004 >>>
    ... The monthly Executive Circle Security Webcast with Mike Nash, ... IP phones can create network security risk ... The biggest of the headaches was Tuesday's attack ... Akamai now says it was targeted by DDoS attack ...
    (microsoft.public.backoffice.smallbiz)