OT : an end to script kiddies

[Steven J Lamb]

I am by no means saying this is either a polished or necessarily fool proof 
system. obviously there could even be a reverse-reverse attack out there 
that the script kiddies cause trying to trick this script into thinking it 
is the kernel instead of the malicious program.

but look at it this way, the biggest problem with script kiddies is that the 
owner of the machine does not know it has a problem. so on one hand the 
machine could be cleaned by the program. on the other we have a machine that 
has been killed but an anti kiddies program. from what I have seen in the 
support business there are lots of anti vi programs out there that will do 
the same thing if you have a virus.

and some other food for thought... what makes you think that these machines 
infected by script kiddies aren't being used for other malicious purposes. I 
mean I have taken some high performance computing courses and while I drool 
over the amount of power a script kiddies cluster can provide I can only 
imagine the amount of spam production or other attacks that a script kiddies 
cluster could provide if it fell into the wrong hands.

anyway ... that is way OT but I don't really want to generate too much 
discussion about such a thing ... I will check out "honey pot" but to put 
your fears to rest, I would never write a script to maliciously harm a 
machine ... even if it was attacking my network. that is what firewalls are 
for.

Respectfully


Steven Lamb

----- Original Message ----- 
From: "Paul Howarth" <paul at city-fan.org>
To: "For users of Fedora Core releases" <fedora-list at redhat.com>
Sent: Monday, March 20, 2006 10:47 AM
Subject: Re: OT : an end to script kiddies


> Steven J Lamb wrote:
>> this may not be an end to script kiddies and in fact someone has probably 
>> already done this but I figured I would pass on this idea to people to 
>> see if there is anything like this out there.
>>
>> lets make the assumption that when a script kiddie bangs on your machine 
>> that it uses the same set of passwords each time. or at least an expanded 
>> set of passwords. which means that once one has logged onto your machine 
>> you have the password to the machine it is attacking from.
>>
>> lets also assume that a script kiddie is not what I will call a root 
>> script. which is the originating machine which has not been hacked.
>>
>> lets also assume that there is a way to make a mock shell that will allow 
>> them to log in and dump their script kiddie files and attempt to execute 
>> it.
>>
>> if all of those hold the following should be possible. a script kiddie 
>> attacks and logs into my very easily breakable machine root/password 
>> login. they transfer the kiddie, at this point we start a reverse attack. 
>> once we have logged in we identify the script kiddie process and kill it. 
>> we then delete the script and send an email to root notifying them that 
>> they were hacked, attacking our server and cleaned my our server. notify 
>> them of some online info on how to secure themselves. then we can kick 
>> back and call it beer thirty.
>>
>> any thoughts.
>
> But supposing:
>
> Unfortunately, due to a couple of slight coding errors, the file that gets 
> deleted isn't the script kiddie's script but the system password file or 
> the kernel, and the amount of network traffic generated by the "good" 
> program dwarfs the traffic caused by the kiddie script, hence making 
> things worse than they were to start with. Police are called in, and the 
> originator of the clean-up script finds himself sharing a cell with 
> Bubba...
>
> Paul.
>
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.385 / Virus Database: 268.2.5/284 - Release Date: 3/17/2006
>
> 



-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.2.6/287 - Release Date: 3/21/2006