[What is a scripts kiddie source network?]
A network which hosts machines which are used to root exploit other systems.
I think it's important to note that there are two types of hosts involved. One is the system where the cracker has a legitimate account. The other type is systems that have been broken into because their adiministrators either don't care or don't know how to run a secure system. This type of system can be used as a springboard to cause more mischief.
On Thu, 6 Jul 2000, Hal Murray wrote:
[What is a scripts kiddie source network?]
A network which hosts machines which are used to root exploit other systems. I think it's important to note that there are two types of hosts involved. One is the system where the cracker has a legitimate account. The other type is systems that have been broken into because their adiministrators either don't care or don't know how to run a secure system. This type of system can be used as a springboard to cause more mischief.
And the third type, networks where the admins refuse to secure things up after having been notified numerous times, thereby giving script kiddies free haven -Dan
On Thu, 6 Jul 2000, Hal Murray wrote:
The other type is systems that have been broken into because their adiministrators either don't care or don't know how to run a secure system. This type of system can be used as a springboard to cause more mischief.
Even if you know how to run a secure system, all it takes is one previously unknown hole and a well connected script kiddie, and you're a springboard...at least briefly. ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Yet another reason to use adaptive firewall technology. We had one of our secondary DNS servers "owned" during due to an old copy of bind. At that point, we just flat out blocked all traffic beyond DNS to that box unless it was coming<->going to our management network. We did the same thing for our colo customers who run their own DNS. One had the exploit run against their DNS server and the "ADM.ROCKS" or whatever it was file showed up in their /var/named directory but, the SK's couldn't do anything else because the only traffic that could make it to the box was DNS. I know that this won't stop the resourceful/clue-owning cracker but, it sure put a dent in the lil' bastards who were running the pre-packaged exploits! --- John Fraizer EnterZone, Inc On Thu, 6 Jul 2000 jlewis@lewis.org wrote:
On Thu, 6 Jul 2000, Hal Murray wrote:
The other type is systems that have been broken into because their adiministrators either don't care or don't know how to run a secure system. This type of system can be used as a springboard to cause more mischief.
Even if you know how to run a secure system, all it takes is one previously unknown hole and a well connected script kiddie, and you're a springboard...at least briefly.
---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Thu, Jul 06, 2000 at 11:51:56PM -0400, jlewis@lewis.org wrote:
On Thu, 6 Jul 2000, Hal Murray wrote:
The other type is systems that have been broken into because their adiministrators either don't care or don't know how to run a secure system. This type of system can be used as a springboard to cause more mischief.
Even if you know how to run a secure system, all it takes is one previously unknown hole and a well connected script kiddie, and you're a springboard...at least briefly.
Once you were notified, you did something, tho right? The problem isn't so much brief springboards as providers that flatout refuse to accept that there's either a problem, or that its their problem. -- John Payne http://www.sackheads.org/jpayne/ john@sackheads.org http://www.sackheads.org/uce/ Fax: +44 870 0547954 340% tax? http://www.boycott-the-pumps.com/
participants (5)
-
Dan Hollis
-
Hal Murray
-
jlewis@lewis.org
-
John Fraizer
-
John Payne