Slashdot Mirror
A Peek At Script Kiddie Culture
Brian Bruns writes "NewsForge is covering an article on the Script Kiddie Culture, in an interview with my co-admin Andrew Kirch. It provides insight into a culture that not many people fully understand, or get to see."
Back in general config:
Where the first two statements allow outbound packets with source addresses of 10.42.101.0/24 and 192.168.1.0/24 and the final statement (match all) denies any packet for which the src address was not matched in the previous two statements.
I have not touched a router in a couple years, there is probably a more straight-forward way of doing it now. Also the cisco syntax for netmasks in ACLs is a bit wierd, you should consult the documentation to make sure I have it correct.
If you have dual-homed customers of your own this will not work without adding their foreign space to the networks that are allowed out. This only works for the simplest configurations, which is the reason that large ISPs do not do do this sort of thing.
Paul Vixie quoted in the article (via a link)
'Recommendation: upgrade your peering requirements to include language like:
Each peer agrees to emit only IP packets with accurate
source addresses, to require their customers to do likewise,
and to extend this requirement to all other peers by $DATE.
Where DATE = (now() + '6 months') or some other negotiated value.
Peering agreements are so thick with political BS, they can't even stop ISP's like UUNet who are the biggest spam friendly ISP's around.
Basically everyone is trying to use standards for protocols to correct this, engineers trying to correct political problems.
Everyone from Joe Average to Bob Businessman should take notice of this.
Add to that list the front-line TSRs and CSRs who are often the first to hear of new discoveries and ignore them.
Imagine this: a young marginal power-user stumbles upon an unintentional feature that is repeatable. She can either seek approval from the software publisher, whose *SRs who aren't allowed to break from the script to actually respond to the problem properly (or they don't have the time to understand potential exploits/bugs explained in non-technical terms by a kid), or she can tell a slightly more/less skilled user and brag about it. This gathers approval and self-esteem for everyone involved in sharing but keeping the secret, which encourages the finding of more secrets, and the development of skills related to doing so.
This slow and informal spread of the bug itself, and the skills required to see/use/expolit it can go on for *months* before it reaches someone with the correct skillset to recognise the security problem, and is able to communicate that problem to someone who can actually fix it (see: malformed C strings, DOS device names, a number of Hotmail... issues, which were in the wild and reported multiple times before vendors took notice).
So yes, being aware that there are people out there who are seeking popularity, approval, etc by _finding flaws in others' work_ (not an unfamiliar concept in meatspace) is useful to the bottom line.
There are 1.1... kinds of people.
"these places" being EFNet, no.
Just because you disagree doesn't make it offtopic or flamebait.
It amazes me how stupid he thinks people are. I know him on EFNet (I'll make it clear now I stay well away from the "culture" or whatever the hell it is). I often see the trouble he causes or stirs up, often in places that want nothing to do with him. I have absolutely nothing against Brian Bruns, as I've never seen him cause the slightest bit of trouble.
"Infiltrated several script kiddie groups and shared some of his findings with us via IRC" - Wow, that's nearly as rich as him calling anyone a social reject. "infiltrated" is somewhat deceptive.
He's a small time packet kiddie that loves to immerse himself in the shit, drop names (as he does in the interview), and whore himself at every opportunity.
Shortly after the article got posted...
[nick] did they pay you?
[trelane_] , nah
[trelane_] but the hits it brings the ahbl and the new subscriptions helps
[trelane_] shoulda plugged [some hosting company he has something to do with]
Yeah, they're logs an "Anonymous Coward" has posted to Slashdot. They shouldn't be trusted.
[trelane_] there's going to be more articles
God forbid...
(what ever happened to the good ole outdoors?)
It got sold off to developers to build luxury flats for young professionals and retirees. See it all the time over here in the UK. In some places they are even closing down oversubscribed schools in popular areas in order to shuffle the kids to undersubscribed schools in deprived areas. Guess what happens to the school and playing fields - it gets converted into luxury flats with private parking.
you could get your FCC license...and talk to anyone else in the world with a HAM rig
;-)
:-)
That limits you to talking to another group of people with essentially no lives, HAM operators.
To be honest, most HAM operators these days tend to be older, highly technical people with a strong sense of community and civic responsiblity. They mostly also have a good sense of humour about themselves (please don't hurt my karma too much
Most skript kiddies just don't have much technical abilities, certainly not enough to handle antenna design, RF propagation or analog electronics. They are restricted to very limited interaction with others of their kind, with only a cheap PC running windoze or linux, and a basic internet connection. Everything attached to their computers is easily purchased, off-the-shelf consumer electronics. They are incapable of showing technical competence, because they don't have any true mentors to guide them to bigger and more constructive pursuits.
many people who choose such illegal activities...don't do a cost/benefit analysis
Most of the skript kiddies / graffiti artists / vandals / arsonists tend to be acting out of anger, rage, helplessness, fear, and no sense of belonging. They're not intellectually developed enough to do CBA, they just want to destroy things to prove they can do something, anything. Its far easier to destroy using materials at hand than to create by collecting and using new materials.
the AC
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on
The point of DDoS is that it hits everyone. Sure we get huge numbers of DDoS attacks at work, sure none has ever taken us down. But the check that we have to write to ensure that is huge, millions a month.
Here is a take on this issue from Phill Hallam-Baker:
OK so a second bite at the same article, lets take a look at those DDoS schemes.
According to the article the ISPs are unresponsive to take down requests, the FBI do not take notice. I know that people keep making this complaint but there are high tech crimes units in the major cities and they are looking to takedown these guys. And at the moment the demand is such that DDoS is being treated as if it was a littering offense.
I think we need a better primer on how to prepare a case for law enforcement. I guess it is possible if you read the article carefully that the desk guy thought this particular person had been getting evidence by hacking.
We can't expect to do this with law enforcement in the loop every time. Lets change the model, law enforcement only get involved if the ISPs fail to act, and instead of just going after the hacker there is a liability for the ISP.
This is consistent with fire department model of government security regulations. You can do pretty much anything to your house decoration wise. Government only gets involved when safety is the issue. In particular the fire dept won't let you build a house that is a fire-trap, in part because it might set fire to buildings arround it.
Here we have ISPs that are forwarding bogons. It seems to me that this should not be that difficulty to prevent. A $500 box performing passive listening at the cable head end could sound an alert when there is a bogon attack. You don't have to look at every packet, all you need to do is to look at a sample. If you see an ethernet MAC spewing bogons you shut it down.
Another approach would be to push the bogon prevention right to the cable modem. Why on earth would these let bogon injection take place in the first place? Sure there will be some hacked modems, but DDoS is comming from hijacked machines.
Cable modems, NAT boxes and the like should have limiters built in to prevent the creation of ridiculous numbers of SYN packets or outgoing UDP packets to reserved system ports like DNS. It is pretty easy to think of numbers that should be no inconvenience to any legitimate use, and there could be an option to turn them off in any case. But why give every home user the equivalent of a loaded machine gun when they don't need or want one?
Reduce the value of your machine to a hacker, reduce the probability of attack?
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/