I am by no means saying this is either a polished or necessarily fool proof
system. obviously there could even be a reverse-reverse attack out there
that the script kiddies cause trying to trick this script into thinking it
is the kernel instead of the malicious program.
but look at it this way, the biggest problem with script kiddies is that the
owner of the machine does not know it has a problem. so on one hand the
machine could be cleaned by the program. on the other we have a machine that
has been killed but an anti kiddies program. from what I have seen in the
support business there are lots of anti vi programs out there that will do
the same thing if you have a virus.
and some other food for thought... what makes you think that these machines
infected by script kiddies aren't being used for other malicious purposes. I
mean I have taken some high performance computing courses and while I drool
over the amount of power a script kiddies cluster can provide I can only
imagine the amount of spam production or other attacks that a script kiddies
cluster could provide if it fell into the wrong hands.
anyway ... that is way OT but I don't really want to generate too much
discussion about such a thing ... I will check out "honey pot" but to put
your fears to rest, I would never write a script to maliciously harm a
machine ... even if it was attacking my network. that is what firewalls are
for.
Respectfully
Steven Lamb
----- Original Message -----
From: "Paul Howarth" <paul@xxxxxxxxxxxx>
To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx>
Sent: Monday, March 20, 2006 10:47 AM
Subject: Re: OT : an end to script kiddies
Steven J Lamb wrote:
this may not be an end to script kiddies and in fact someone has probably
already done this but I figured I would pass on this idea to people to
see if there is anything like this out there.
lets make the assumption that when a script kiddie bangs on your machine
that it uses the same set of passwords each time. or at least an expanded
set of passwords. which means that once one has logged onto your machine
you have the password to the machine it is attacking from.
lets also assume that a script kiddie is not what I will call a root
script. which is the originating machine which has not been hacked.
lets also assume that there is a way to make a mock shell that will allow
them to log in and dump their script kiddie files and attempt to execute
it.
if all of those hold the following should be possible. a script kiddie
attacks and logs into my very easily breakable machine root/password
login. they transfer the kiddie, at this point we start a reverse attack.
once we have logged in we identify the script kiddie process and kill it.
we then delete the script and send an email to root notifying them that
they were hacked, attacking our server and cleaned my our server. notify
them of some online info on how to secure themselves. then we can kick
back and call it beer thirty.
any thoughts.
But supposing:
Unfortunately, due to a couple of slight coding errors, the file that gets
deleted isn't the script kiddie's script but the system password file or
the kernel, and the amount of network traffic generated by the "good"
program dwarfs the traffic caused by the kiddie script, hence making
things worse than they were to start with. Police are called in, and the
originator of the clean-up script finds himself sharing a cell with
Bubba...
Paul.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.2.5/284 - Release Date: 3/17/2006
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.2.6/287 - Release Date: 3/21/2006
