|
|
 |
|
Articles - Script Kiddies III - Grill a Kiddie
|
In my previous articles, "Script
Kiddies - Vermin of the Internet" and "Script
Kiddies II - A warning to parents", I described the Script
Kiddie problem. In summary, a Script Kiddie is a socially challenged person, usually male and in their teens, who uses easily located and usually free software tools to annoy the hell out of others by invading their privacy whilst online, or getting kicks out of vandalising web sites.
This article contains information for web site owners and surfers
regarding what to do when your system is continuously "probed"
from the same source, or if your site is compromised. Who you gonna
call? KiddieBusters? (could be a good name for a web site?)
If you are running personal firewall software while surfing, you can
actually do something with the logs. You can send them to your ISP along
with an incident description. They may be able to chase it up on your
behalf. Better still, if you can identify the IP address using a tracing
program, send the firewall log with the trace results to the owner of
that address along with time, location etc.
I run traces on some of my logs, but this can also be a bit dangerous as
there is a possibility that the owner of the address detects that you
are "pinging"* them and therefore revealing your own IP
address. Properly configured firewall software can minimise the danger
of this.
Also, the IP address shown does not necessarily mean that it is the
Script Kiddie themselves. There are various cloaking devices that the
Kiddies use to hide their true origin, or may only refer to the service
they are using to launch the attack. But it doesn't hurt to send the IP
owner a polite email to serve as an alert, especially if you have been
able to establish a repetitive address.
How to write the email? The following is a message I recently sent to an
ISP. (the IP and port numbers have been replaced with x's).
------------------
Greetings,
I have been receiving a number of warning messages over the last couple
of days from my firewall software regarding an xxxx scan which seems to
be originating from your service. Even as I am typing this I am
receiving numerous warnings. It is currently 6.20pm Adelaide time,
Monday 12 February. Could you please look into this for me as it is
becoming highly annoying. Last night I had around 80 such warnings in 1
hour. Thanks. Below is my log of some of these scans and the copy of the
trace results.
GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx, TCP
FWIN,2001/02/12,18:15:18 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx, TCP
FWIN,2001/02/12,18:19:00 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx, TCP
FWIN,2001/02/12,18:19:08 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx, TCP
FWIN,2001/02/12,18:19:38 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx, TCP
FWIN,2001/02/12,18:19:38 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx, TCP
FWIN,2001/02/12,18:19:54 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx, TCP
FWIN,2001/02/12,18:19:56 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx, TCP
FWIN,2001/02/12,18:21:00 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx, TCP
FWIN,2001/02/12,18:21:04 +10:30 GMT,xxx.xxx.xxx.xxx:xxx,xxx.xxx.xxx.xxx:xxx, TCP
Please contact me if you require any further details.
----------------------
I also attached my "traceroute"** results, but have not
included them here as they identify the customer number. The ISP
responded to my message and said that they had "contacted" the
customer. I received no further scans.
 |
Free
Password Manager
Roboform is a top-rated Password Manager - PC Magazine Editor's Choice,
& CNET Download.com's Software of the Year. Encrypt passwords
using AES, Blowfish, RC6, 3-DES or 1-DES algorithms Free
software download! |
|
It isn't just the casual surfer who is affected by Script Kiddies. Web
Site owners are often the target of "vandals", also known as
"Web Crackers". Web cracking is a popular Kiddie past-time.
These individuals derive great pleasure from making changes to your web
site without your knowledge. They access authoring rights to your site
by "stealing" your password in a variety of ways. It
isn't financially,politically or religiously motivated, it's just
vandalism.
A real hacker would not carry out this type of foolishness, this is the
realm of the gutless, immature Script Kiddie. It's a bit like that
mindless graffitti you see sprayed all over our towns and cities.
In the case of the web site owner, it is imperative that you immediately
contact your hosting service as the security of your site has been
breached (and therefore probably the whole server). The server's logs
record all the activity on your site, and Script Kiddies are notorious
for leaving "footprints" behind.
Don't just shrug your shoulders and re-publish your site. What has just
occurred to you is cyber-terrorism. There are a number of laws currently
being introduced world-wide that will punish cyber-terrorists severely.
It is unfortunate the offences are termed cyber-terrorism. In the case
of the Script Kiddies it should be called cyber-idiocy. It should carry
the death penalty, castration or at least they should be sentenced to a
life of using a 386DX40 running Windows 95 rev. A! ;0)
Some other points of contact if your site is attacked are:
National Infrastructure Protection Center. The NIPC are a part of the
FBI. On its site, there are forms that you can submit to report any
incidents. It also contains up to date information on security threats
and advice for ecommerce merchants.
http://www.nipc.gov/
For a more detailed listing of U.S
points of contact, The Cybercrime site will have what you need:
http://www.cybercrime.gov/ reporting.htm
In Australia, intrusions should be reported to the Australian Federal
Police via your local Police Station. Hmmm.....we're a little
behind the times methinks!
In the UK, well, I give up....couldn't find a thing except for a lot of
talk. Once again, your friendly local bobby could probably help you out.
If anyone does have any law enforcement reporting links for the UK or
Australia, I'd be grateful for the information and would republish this
article with it included.
In most countries, probably the best second point of call after your
contacting your hosting service would be the Police.
The Internet community, either surfers, website owners or ecommerce
merchants will only stamp out this problem if we actually do something
about it. Don't let those valuable firewall logs go to waste. But if you
are going to send them, ensure that what you send shows an established
pattern of scans originating from the same source - at least 5 entries
in a session. Random scans are very hard to track. A topic for another
article.
Make it a national sport.....Grill a Kiddie!
*ping - Ping is a basic Internet program that lets you verify that a
particular IP address (a set of unique identifier numbers, e.g
192.168.0.1) exists and can accept requests
**traceroute - Traceroute is a utility that records the path stops
through the Internet between your computer and a specified destination
computer
Related articles:
Script Kiddies - Vermin of the Internet
http://www.tamingthebeast.net/ articles/scriptkiddies.htm
Script Kiddies 2 - An advice to parents
http://www.tamingthebeast.net/ articles/scriptkiddies2.htm
Script Kiddies 2002 - an update
http://www.tamingthebeast.net/
articles2/script-kiddies-2002.htm
Michael Bloch
Taming the Beast
http://www.tamingthebeast.net
Tutorials, web content, tools and software.
Web Marketing, Internet Development & Ecommerce Resources
____________________________
Copyright information.... This article is free for reproduction but must be
reproduced in its entirety & this copyright statement must be included.
Visit http://www.tamingthebeast.net
for free Internet marketing and web development articles, tutorials and
tools! Subscribe for free to our popular ecommerce/web design ezine!
Click here to view article index
|
|
|
