RE: [TCLUG:21399] script kiddies...

To: <tclug-list@mn-linux.org>
Subject: RE: [TCLUG:21399] script kiddies...
From: "Eric Hillman" <ehillman@cccu.com>
Date: Mon, 18 Sep 2000 15:08:37 -0500
Importance: Normal
In-Reply-To: <Pine.LNX.4.21.0009181436390.2850-100000@chef.nerp.net>


> one of my co-workers, who insists on admining his own box, and keeping it
> out on the internet connection, and not behind my firewall got sploited
> recently.. looks like the t0rn rootkit was used.. has anyone else had any
> kids in their boxes recently?  any luck tracking them?
>


I'm on a DSL line at home, and my box gets probed on average twice a *day*.  The
best you can usually do is try and find out who owns the IP address (which can
be something of a black art in itself) and complain to their ISP -- nine times
out of ten it turns out just to be somebody *else's* cracked home server or
DSL-connected PC.

It seems like it's gotten a lot harder today to track these guys.  For a while I
had a nearly perfect kill ratio, but lately it seems like nearly every probe is
either nigh-untraceable, or turns out to be coming from some squid-hatching
concern in Korea.

References:
- script kiddies...
  - From: Ben Kochie <ben@nerp.net>

Prev by Date: [TCLUG:21400] help! cgibin
Next by Date: RE: [TCLUG:21389] MAPS vs. ORBS - opinions?
Prev by thread: Re: [TCLUG:21410] ONVOY DSL
Next by thread: Re: [TCLUG:21399] script kiddies...
Index(es):
- Date
- Thread