Security Incidents mailing list archives
Re: Annoy Those Sub7 Scanners.
From: Snehal Dasari <pavehawk () NAPALM NET>
Date: Mon, 28 Aug 2000 14:55:55 +0930
The question begs to be asked: What happens if you hit a innocent person whom was infected with sub7? What happens then? How do you differentiate them from the actual attacker? I'd like to think that if people got attacked, they report it to the ISP. I'm in australia, and I know of a person who was slapped with a charge for "unauthorised access of confidential information" along with charges of fraud and a few others. All this because he decided to "retalliate". Seems to me that there are too many risks involved in doing so. This sort of thing seems to be like warfare. In a small scale conflict, will the military go out and just blanket everything with munitions? Risking the chance of killing innocent civilians? Regards, Snehal Dasari
-----Original Message----- From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On Behalf Of H Carvey Sent: Monday, 28 August 2000 12:39 AM To: INCIDENTS () SECURITYFOCUS COM Subject: Re: Annoy Those Sub7 Scanners.What we need are more trojans like fakebo.I wouldn't recommend any of the programs that open a port, such as NukeNabber, FakeBO, or even a deception toolkit. What I've done is installed Win32-snort on my NT system. About once a week or so, I'll run a script that will pull all of the snort alerts out of my EventLog, and parse out the source IP addresses of the various scans...mostly NetBIOS name queries, but often Sub7 and the like. Once that is done, the script can run nmapNT against the system to ID open ports, fingerprint the os, etc. Powerful tools like Perl allow all sorts of flexibility with what you can do. Now, I don't advocate a full-out StrikeBack capability, a la Winn Schwartau, but I have found that some of the scans have come from folks w/ Win95 machines with fully-shared C:\ drives. Carv __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
Current thread:
- Re: Annoy Those Sub7 Scanners., (continued)
- Re: Annoy Those Sub7 Scanners. Thierry (Aug 27)
- Sub7/Open Telnet/Open Socks/DOS Ryan Yagatich (Aug 28)
- Re: Sub7/Open Telnet/Open Socks/DOS Valdis Kletnieks (Aug 28)
- Re: Sub7/Open Telnet/Open Socks/DOS Ryan Yagatich (Aug 29)
- Re: Annoy Those Sub7 Scanners. Thierry (Aug 27)
- Re: Annoy Those Sub7 Scanners. Doug Kahler (Aug 27)
- Re: Annoy Those Sub7 Scanners. Valdis Kletnieks (Aug 27)
- Re: Annoy Those Sub7 Scanners. Dan Hollis (Aug 27)
- Re: Annoy Those Sub7 Scanners. Greg A. Woods (Aug 28)
- Re: Annoy Those Sub7 Scanners. Snehal Dasari (Aug 28)
- Re: Annoy Those Sub7 Scanners. Dan Hollis (Aug 27)
- Re: Annoy Those Sub7 Scanners. Talisker (Aug 31)
- Re: Annoy Those Sub7 Scanners. Computer Vegetable (Aug 31)