Re: Script Kiddie issues

2004-02-07 Thread Michael W . Cocke 
On Fri, 6 Feb 2004 07:55:41 -0800 (PST), [EMAIL PROTECTED] (Lonewolf)
wrote:

>Frankly I use the apache filter to check for people looking for cmd.exe or
>root.exe or any one of a dozen files, and instead of my log files filling
>with their looks they are sent an iframe html page with a virus built in
>that formats their windows system.  If they aren't running windows then it
>it still an annoyance because they get nowhere, but if it is windows, then I
>get to have some fun with them.
>
>Just my $.02.

What a great idea!  Wish I knew how to do that.

Mike-

Mornings:  Evolution in action.  Only the grumpy will survive.
-

Please note - Due to the intense volume of spam, we have
installed site-wide spam filters at catherders.com.  If
email from you bounces, try non-HTML, non-encoded, 
non-attachments.

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Script Kiddie issues

2004-02-07 Thread Michael C. Davis 
What a great idea.  You'll make lots of new friends in the Big House.

At 04:24 PM 2/6/04 -0500, Michael W.Cocke wrote:
>On Fri, 6 Feb 2004 07:55:41 -0800 (PST), [EMAIL PROTECTED] (Lonewolf)
>wrote:
>
>>Frankly I use the apache filter to check for people looking for cmd.exe or
>>root.exe or any one of a dozen files, and instead of my log files filling
>>with their looks they are sent an iframe html page with a virus built in
>>that formats their windows system.  If they aren't running windows then it
>>it still an annoyance because they get nowhere, but if it is windows, then I
>>get to have some fun with them.
>>
>>Just my $.02.
>
>What a great idea!  Wish I knew how to do that.
>
>Mike-
>
>Mornings:  Evolution in action.  Only the grumpy will survive.
>-
>
>Please note - Due to the intense volume of spam, we have
>installed site-wide spam filters at catherders.com.  If
>email from you bounces, try non-HTML, non-encoded, 
>non-attachments.
>
>-- 
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
> 
>
>
>
>

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Script Kiddie issues

2004-02-07 Thread Lone Wolf 
Nah, because the only ones who receive the file are those attempting to
do harm to my system.  Granted I could make it go to a warning page,
which after a few seconds dumps them to the other page, thereby giving
them a warning before I fire the shot, just like a trespasser in my
house.  Do I shoot first when they are in MY house in the middle of the
night, or do I give them enough time to shoot me?  They are trespassing
on my system.  Normal use of the system does NOT require access to
cmd.exe or other files they are looking for to use to exploit the
system.  Normal use laws apply, and you CAN and folks DO take steps to
secure their system from others.

Legally I checked with lawyers and the ones in my area say as long as I
keep a log of the accesses I am fine.  I took this step after sending
over 200 messages to ISPs to halt their users and receiving no response
to any of the inquiries even though I provided the ISPs with log files
and everything.  I did the same with ISPs with spammers and open relays.
Multiple emails to their main offices and local branches with the
spammers email addresses, full headers, and no word back.  If the ISP
was not even willing to answer multiple emails they were sent another
email with how to contact me directly and then their entire domain was
added to the server kill file.  Cut down on the spam in MY inbox.


-Original Message-
From: Michael C. Davis [mailto:[EMAIL PROTECTED] 
Sent: Saturday, February 07, 2004 8:30 AM
To: [EMAIL PROTECTED]
Subject: Re: Script Kiddie issues


What a great idea.  You'll make lots of new friends in the Big House.



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>

RE: Script Kiddie issues

2004-02-07 Thread Lone Wolf 
Who in their right mind would walk into a courthouse and tell the judge
they were trying to break into a computer system (which in and of itself
holds MANY penalties because information on a company system is
invaluable per previous court cases) and say that they lost data on
their system when their attack was rebuked?  The person would get
laughed out of court, if not at the submittal level then when the judge
enters the chamber.  At the point the guy admits to trying to hack into
the system the cops can come forward and throw him in jail, the DA would
have a confession on record, and Butch would have a new wife in cell
block D.

But it is all semantics.  If they run an AV they are fine, just annoyed.
If they don't run an AV then if they are smart they will catch it and be
fine.  If they lose it, well how can they prove where they were, the log
files are gone and unless they are keeping paper records (even better
for the law to prosecute them with) then they have even no way of
proving anything.

-Original Message-
From: Michael C. Davis [mailto:[EMAIL PROTECTED] 
Sent: Saturday, February 07, 2004 8:30 AM
To: [EMAIL PROTECTED]
Subject: Re: Script Kiddie issues


What a great idea.  You'll make lots of new friends in the Big House.



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>

Re: Script Kiddie issues

2004-02-07 Thread Wiggins d'Anconia 
Lone Wolf wrote:

Nah, because the only ones who receive the file are those attempting to
do harm to my system.  Granted I could make it go to a warning page,
which after a few seconds dumps them to the other page, thereby giving
them a warning before I fire the shot, just like a trespasser in my
house.  Do I shoot first when they are in MY house in the middle of the
night, or do I give them enough time to shoot me?  They are trespassing
on my system.  Normal use of the system does NOT require access to
cmd.exe or other files they are looking for to use to exploit the
system.  Normal use laws apply, and you CAN and folks DO take steps to
secure their system from others.
Securing your system from someone is different than firing back.  And 
your house analogy is really dumb, it has predefined borders that are 
very distinct. Your webserver is open and you are inviting someone to 
look at anything on it, for the same reason that you can't shoot me for 
walking on the sidewalk in front of your house (assuming you lived where 
such things exist) If you want to use the analogy shutdown port 80, 
then if someone tries to enter though port 80 then fire back.  You are 
actually causing more problem for those of us that have to deal with the 
problems, by only helping yourself. What is to stop a spammer or script 
kiddie finding out about your ruse, possibly even listening in on the 
conversation, and rather than trying to hack your system starts sending 
out mass emails to people with a URL in it that directs them to your 
system and that URL, all of a sudden your victims become his victims and 
he has used you in a scheme to haunt the very users you wished to defend.

Legally I checked with lawyers and the ones in my area say as long as I
keep a log of the accesses I am fine.  I took this step after sending
over 200 messages to ISPs to halt their users and receiving no response
to any of the inquiries even though I provided the ISPs with log files
and everything.  I did the same with ISPs with spammers and open relays.
Multiple emails to their main offices and local branches with the
spammers email addresses, full headers, and no word back.  If the ISP
was not even willing to answer multiple emails they were sent another
email with how to contact me directly and then their entire domain was
added to the server kill file.  Cut down on the spam in MY inbox.

Lawyers... right, I am sure they will be happy to take your money while 
they attempt to defend you in a court where a judge is going to tell 
them they are as dumb as your stunt for trying to defend you...

Like I said, script kiddies aren't worth the time...

http://danconia.org

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Script Kiddie issues

2004-02-07 Thread Bill Akins 
> -Original Message-
> From: LoneWolf [mailto:[EMAIL PROTECTED] 
> Sent: Friday, February 06, 2004 10:56 AM
> To: [EMAIL PROTECTED]
> Subject: Script Kiddie issues
> 
> 
> Frankly I use the apache filter to check for people looking 
> for cmd.exe or root.exe or any one of a dozen files, and 
> instead of my log files filling with their looks they are 
> sent an iframe html page with a virus built in that formats 
> their windows system.  If they aren't running windows then it 
> it still an annoyance because they get nowhere, but if it is 
> windows, then I get to have some fun with them.
> 
> Just my $.02.
> 

I hope it installs Linux on their system with grub & root passwords set
to something like:
[EMAIL PROTECTED]&t678YT&*t67T78T78_&*t%78T78t*&y9HUGy8
ogbIyn908-h{

Either that or send 'em a system image of WinDoze 3.0  :)


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Script Kiddie issues

2004-02-07 Thread James Edward Gray II 
On Feb 7, 2004, at 11:37 AM, Wiggins d'Anconia wrote:

Securing your system from someone is different than firing back.  And 
your house analogy is really dumb, it has predefined borders that are 
very distinct. Your webserver is open and you are inviting someone to 
look at anything on it, for the same reason that you can't shoot me 
for walking on the sidewalk in front of your house (assuming you lived 
where such things exist) If you want to use the analogy shutdown 
port 80, then if someone tries to enter though port 80 then fire back. 
 You are actually causing more problem for those of us that have to 
deal with the problems, by only helping yourself. What is to stop a 
spammer or script kiddie finding out about your ruse, possibly even 
listening in on the conversation, and rather than trying to hack your 
system starts sending out mass emails to people with a URL in it that 
directs them to your system and that URL, all of a sudden your victims 
become his victims and he has used you in a scheme to haunt the very 
users you wished to defend.
Thank you.  You said what I wanted to and better.  I was worried reason 
had left this thread altogether.

James

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Script Kiddie issues

2004-02-09 Thread Eternius 
Lone Wolf wrote:

Nah, because the only ones who receive the file are those attempting to
do harm to my system.  Granted I could make it go to a warning page,
which after a few seconds dumps them to the other page, thereby giving
them a warning before I fire the shot, just like a trespasser in my
house.  Do I shoot first when they are in MY house in the middle of the
night, or do I give them enough time to shoot me?  They are trespassing
on my system.  Normal use of the system does NOT require access to
cmd.exe or other files they are looking for to use to exploit the
system.  Normal use laws apply, and you CAN and folks DO take steps to
secure their system from others.
Legally I checked with lawyers and the ones in my area say as long as I
keep a log of the accesses I am fine.  I took this step after sending
over 200 messages to ISPs to halt their users and receiving no response
to any of the inquiries even though I provided the ISPs with log files
and everything.  I did the same with ISPs with spammers and open relays.
Multiple emails to their main offices and local branches with the
spammers email addresses, full headers, and no word back.  If the ISP
was not even willing to answer multiple emails they were sent another
email with how to contact me directly and then their entire domain was
added to the server kill file.  Cut down on the spam in MY inbox.
-Original Message-
From: Michael C. Davis [mailto:[EMAIL PROTECTED] 
Sent: Saturday, February 07, 2004 8:30 AM
To: [EMAIL PROTECTED]
Subject: Re: Script Kiddie issues

What a great idea.  You'll make lots of new friends in the Big House.



American attitude will destroy the world. thank you.
If your system is stable, (nearly) no one can harm you.
stop beeing paranoid. attack and destruction are as always the best 
solutions.
regards

Eternius

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>

Re: Script Kiddie issues

2004-02-09 Thread Wiggins d Anconia 


> Lone Wolf wrote:
> 
> > Nah, because the only ones who receive the file are those attempting to
> > do harm to my system.  Granted I could make it go to a warning page,
> > which after a few seconds dumps them to the other page, thereby giving
> > them a warning before I fire the shot, just like a trespasser in my
> > house.  Do I shoot first when they are in MY house in the middle of the
> > night, or do I give them enough time to shoot me?  They are trespassing
> > on my system.  Normal use of the system does NOT require access to
> > cmd.exe or other files they are looking for to use to exploit the
> > system.  Normal use laws apply, and you CAN and folks DO take steps to
> > secure their system from others.
> > 
> > Legally I checked with lawyers and the ones in my area say as long as I
> > keep a log of the accesses I am fine.  I took this step after sending
> > over 200 messages to ISPs to halt their users and receiving no response
> > to any of the inquiries even though I provided the ISPs with log files
> > and everything.  I did the same with ISPs with spammers and open relays.
> > Multiple emails to their main offices and local branches with the
> > spammers email addresses, full headers, and no word back.  If the ISP
> > was not even willing to answer multiple emails they were sent another
> > email with how to contact me directly and then their entire domain was
> > added to the server kill file.  Cut down on the spam in MY inbox.
> > 
> > 
> > -Original Message-
> > From: Michael C. Davis [mailto:[EMAIL PROTECTED] 
> > Sent: Saturday, February 07, 2004 8:30 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Script Kiddie issues
> > 
> > 
> > What a great idea.  You'll make lots of new friends in the Big House.
> > 
> > 
> 
> 
> American attitude will destroy the world. thank you.
> If your system is stable, (nearly) no one can harm you.
> stop beeing paranoid. attack and destruction are as always the best 
> solutions.
> regards
> 
> Eternius
> 

Instead of 'answer' you should have bracketed that in 'irony'...

http://danconia.org


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>

Re: Script Kiddie issues

2004-02-09 Thread u235sentinel 
Unfortunately this attitude is not solely American.  We've been around for only 200 
years and these problems seem to come from much MUCH further in the past from a 
variety of countries.

Now back to the reason we are really here.  Perl anyone ::grinz::
> Lone Wolf wrote:
> 
> > Nah, because the only ones who receive the file are those attempting to
> > do harm to my system.  Granted I could make it go to a warning page,
> > which after a few seconds dumps them to the other page, thereby giving
> > them a warning before I fire the shot, just like a trespasser in my
> > house.  Do I shoot first when they are in MY house in the middle of the
> > night, or do I give them enough time to shoot me?  They are trespassing
> > on my system.  Normal use of the system does NOT require access to
> > cmd.exe or other files they are looking for to use to exploit the
> > system.  Normal use laws apply, and you CAN and folks DO take steps to
> > secure their system from others.
> > 
> > Legally I checked with lawyers and the ones in my area say as long as I
> > keep a log of the accesses I am fine.  I took this step after sending
> > over 200 messages to ISPs to halt their users and receiving no response
> > to any of the inquiries even though I provided the ISPs with log files
> > and everything.  I did the same with ISPs with spammers and open relays.
> > Multiple emails to their main offices and local branches with the
> > spammers email addresses, full headers, and no word back.  If the ISP
> > was not even willing to answer multiple emails they were sent another
> > email with how to contact me directly and then their entire domain was
> > added to the server kill file.  Cut down on the spam in MY inbox.
> > 
> > 
> > -Original Message-
> > From: Michael C. Davis [mailto:[EMAIL PROTECTED] 
> > Sent: Saturday, February 07, 2004 8:30 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Script Kiddie issues
> > 
> > 
> > What a great idea.  You'll make lots of new friends in the Big House.
> > 
> > 
> 
> 
> American attitude will destroy the world. thank you.
> If your system is stable, (nearly) no one can harm you.
> stop beeing paranoid. attack and destruction are as always the best 
> solutions.
> regards
> 
> Eternius
> 
> 
> -- 
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> <http://learn.perl.org/> <http://learn.perl.org/first-response>
> 
> 

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>

RE: Script Kiddie issues

2004-02-09 Thread Jenda Krynicky 
From: "Lone Wolf" <[EMAIL PROTECTED]>
> Nah, because the only ones who receive the file are those attempting
> to do harm to my system.  ...

To receive a file and to render the page and execute the scripts are 
two different things. I don't want to dash you, but your 
"counterattack" is simply pointless. The people that are scanning 
your system for holes do not do that (unless eternaly stupid) by 
hand. They do not run internet explorer and try to browse to all 
those funny URLs. And the programs that do send the requests do not 
care about your virus, they do not render the returned page to the 
user, they just check whether the response is whatever it should be 
if your server is vulnerable.

The worst thing you could do to them is to hold the connections until 
they time out each time (to slow down the scaners).

The only people that might be affected by your witticism are those 
kiddies (note the missing "script"!) that just read somewhere that 
it's possible to break into some web servers by a URL like that and 
by accident use your server to try it out. I don't think you are 
likely to get a lot of those :-}

Jenda
= [EMAIL PROTECTED] === http://Jenda.Krynicky.cz =
When it comes to wine, women and song, wizards are allowed 
to get drunk and croon as much as they like.
-- Terry Pratchett in Sourcery


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[OT] Re: Script Kiddie issues

2004-02-07 Thread Daniel Staal 
--As off Saturday, February 7, 2004 12:37 PM -0500, Wiggins d'Anconia 
is alleged to have said:

What is to stop a spammer or script kiddie finding out about your
ruse, possibly even listening in on the conversation, and rather
than trying to hack your system starts sending out mass emails to
people with a URL in it that directs them to your system and that
URL, all of a sudden your victims become his victims and he has
used you in a scheme to haunt the very users you wished to defend.
--As for the rest, it is mine.

Or, the more likely scenario: Launching his attack from a compromised 
computer in the first place.  (That is, the first attempt to contact 
you is from some poor computer that the script kiddie has already 
compromised.  Not their own computer.  Not even someone who knows 
they are running the script kiddie's software.)

After all, that is the normal way they work...

Daniel T. Staal

---
This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [OT] Re: Script Kiddie issues

2004-02-07 Thread u235sentinel 
I've been holding off on responding to this thread but now

I've dealth with security for some time on Unix/Linux systems.  Some of 
my favorite products certainly have the ability to perform a counter 
attack however the author of those products always warn the user NOT to 
taunt happy fun ball. :-)

You will only annoy the attacker (presuming it's not a zombie) and you 
will become a target.  Just a warning.



Daniel Staal wrote:

--As off Saturday, February 7, 2004 12:37 PM -0500, Wiggins d'Anconia 
is alleged to have said:

What is to stop a spammer or script kiddie finding out about your
ruse, possibly even listening in on the conversation, and rather
than trying to hack your system starts sending out mass emails to
people with a URL in it that directs them to your system and that
URL, all of a sudden your victims become his victims and he has
used you in a scheme to haunt the very users you wished to defend.


--As for the rest, it is mine.

Or, the more likely scenario: Launching his attack from a compromised 
computer in the first place.  (That is, the first attempt to contact 
you is from some poor computer that the script kiddie has already 
compromised.  Not their own computer.  Not even someone who knows they 
are running the script kiddie's software.)

After all, that is the normal way they work...

Daniel T. Staal

---
This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---


--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]