Security Incidents mailing list archives
Re: A slap on the wrist...?
From: H Carvey <keydet89 () YAHOO COM>
Date: Tue, 29 Aug 2000 09:53:15 -0700
Man, this particular person can't be overly clever.
That's why they call them kiddies...
First, if the scanner he uses is half decent, it should recognize the host as a Unix machine, thus making it pretty improbable NetBus is running on it.
Well, I would suspect that his "scanner" is only looking for open BO ports...which is the premise that tools like FakeBO were written under. Further, many of the kiddies just have no concept of the difference btwn windows and Unix.
Secondly, my fakebo installation shows a banner after connect which makes it clear that the attempts are being logged and everybody's supposed to bugger off. What to do...?
Why do anything? You set up the FakeBO installation, correct? For what reason? A real security policy would have dictated that you run only those services necessary for the function of the box...does your policy state that distractions and such (FakeBO, perhaps a deception toolkit...) will be used? If so, fine. If not...well, you've got some nice logs that you shared with us, and we all had a good laugh. My point is this...had you not been running FakeBO, then this kiddie would never had had reason to send those packets to your machine. It's nice that you have a banner...but if he's using a GUI BO client of some sort, it's highly likely that he never saw it. Much like my experience in Korea...we put up warning signs around the high-voltage lines, but we could have been in serious trouble if an of the locals had run into the lines and been electrocuted...we were in Korea and the signs were written in Japanese. __________________________________________________ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/
Current thread:
- A slap on the wrist...? Jan Muenther (Aug 29)
- Re: A slap on the wrist...? Daniel Roesen (Aug 30)
- <Possible follow-ups>
- Re: A slap on the wrist...? H Carvey (Aug 30)
- Re: A slap on the wrist...? Nexus (Aug 30)
- Re: A slap on the wrist...? Greg A. Woods (Aug 31)
- Re: A slap on the wrist...? Rob McCauley (Aug 31)
- Re: A slap on the wrist...? Steve Stearns (Aug 31)
- Re: A slap on the wrist...? Jan Muenther (Aug 31)
- Re: A slap on the wrist...? Daniel Medina (Aug 31)
- Re: A slap on the wrist...? Nexus (Aug 30)