Re: [Sheflug] Idea for dealing with script kiddies

[Jonathan <jonathan [at] xxxxxxxxxxxxx>]

Tom Knight-Markiegi wrote:

> Hi
>
> I remember sme post talking about this before (but can't find them right
> now) but I was wondering if there is a way to deal with script kiddies.
> Anyone running a webserver is sure to have seen the attempted attacks in
> their logs. I was wondering if this would work. If you get the names of the
> files that are being looked for and symlink them to something like
> /dev/urandom so when the script kiddies try to get the files they just get
> an infinate stream of garbage. I'm thinking that if enough people did this
> they would soon get annoyed and stop attempting to hack you. Is this
> sensible or would it just be a massive strain on your sytem/bandwitdh? and
> would it actually work?
There are a few sites around that document honeyport servers that have 
attempted to show how script bunnies work - maybe those might give you 
some ideas? http://tracking-hackers.ntcity.co.uk/

Regards,

Jonathan

P.S. Bear in mind with an approach like yours that you're probably 
fighting an already compromised machine, using up resources that are 
probably not going to affect script kiddies directly and streaming 
random data at automated probes will probably consume more resources 
than just letting them probe and move on.

___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

 GNU the choice of a complete generation.