Re: Dealing with script kiddies

From: msnews (someone@microsoft.com)
Date: 06/07/02 

From: "msnews" <someone@microsoft.com>
Date: Fri, 7 Jun 2002 13:06:02 -0500

Thank you Frank for the adding Sanity. People who can't recognize those log
entrys for CodeRed/Nimda have not damn business near a web server.

"Frank S" <fsexton@qwest.net> wrote in message
news:EESL8.75895$4i.8047244@bin2.nnrp.aus1.giganews.com...
> Few things...
>
> First, what you are seeing is CodeRed/Nimda attacks. Virtually everyone
> running a web server is getting these, just as you are.
>
> Next, they are not being "typed" into the attackers keyboard, they are
> automated. That is why you see 20 or more successive failed attempts.
>
> Next, the computer they are coming from may not even be the bad guy. The
> bad guy is using the good guy's computer to do this.
>
> Best bet is to protect your system against them and forget it. Save
> yourself some time. Trying to "catch" the perps of these automatic
attacks
> is not worth the time, IMHO.
>
> -Frank
>
> "Michael A. Covington (Portable computer)"
> <look@www.covingtoninnovations.com.for.address> wrote in message
> news:OhKYzRaDCHA.1272@tkmsftngp04...
> > In my IIS logs, it's obvious that, several times per day, "script
kiddies"
> > are trying to penetrate the system by running cmd.exe through an HTTP
GET
> > command.
> >
> > They're not succeeding, even though many of them try it over... and
> over...
> > and over, like people who dial a wrong number on the telescope.
> >
> > I have full information about the dates, times, and IP addresses from
> which
> > they are connecting.
> >
> > My question is: How aggressive should I be about reporting these to
their
> > ISPs?
> >
> > I realize that most of them have to be ignored, simply because we have
> > better things to do with our time. But I think I'm in favor of
reporting
> > them to their ISPs whenever feasible.
> >
> > The reason? ISPs used to tolerate spammers and even crackers, until
they
> > learned, gradually, that if they harbor such people, they will get a
> barrage
> > of complaints from the intended victims.
> >
> > Another reason: Any kind of crime prevention has to focus on
unsuccessful
> > attempts, not just successful ones. It's better to catch people earlier
> in
> > their careers and try to get them to realize that we don't admire what
> > they're doing.
> >
> > Thoughts, anyone?
> >
> >
> > --
> >
> > Michael A. Covington - Associate Director
> > Artificial Intelligence Center, The University of Georgia
> > http://www.ai.uga.edu/~mc
> >
> >
> >
> >
>
>

Relevant Pages

  • Re: Dealing with script kiddies
    ... entrys for CodeRed/Nimda have not damn business near a web server. ... what you are seeing is CodeRed/Nimda attacks. ... >> them to their ISPs whenever feasible. ...
    (microsoft.public.inetserver.iis.security)
  • RE: Multiple Spoofed HTTP Requests
    ... If you can't view the return packets that you have no ... idea what the web server chose as its Initial Sequence Number. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • RE: New article on SecurityFocus
    ... > Subject: RE: New article on SecurityFocus ... > one could compromise a web server with this exploit. ... Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • RE: New article on SecurityFocus
    ... curious how one could compromise a web server with this exploit. ... Check your website for vulnerabilities ... Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • Re: New article on SecurityFocus
    ... How about a malicious iframe inclusion in HTML enabled forums? ... Putting files on a web server to dole out and compromise other computers I can see, but is the web server really compromised in this case? ... Cross site scripting and other web attacks before hackers do! ...
    (Focus-Microsoft)