Slashdot Mirror
Dealing with Intruders?
drakyri asks: "I've been running a server for a small company for a few months. Recently, the number of attempted intrusions has jumped from about one every week to several per day - and these are only the really obvious attempts, like idiots who try to log in as root from the outside.
The problem is that I'm not sure what to do about this. I've got their IP addresses and can usually tracert their ISP's - is there an accepted type of letter to send them without seeming like one of the corporate cease-and-desist gnomes?"
IMHO - If you're not completely sure your network is 101% secure, or you don't have several free hours a day it would be a bad idea to drop a honeypot anywhere near your network.
Think about it - it's a slap in the face to the would-be hacker.. It's like you're leading him on, then saying "Ner Ner!" when he breaks into the pot.
If your hacker is serious, he's gonna be really pissed about this.
Secure your network & keep it secure - no need to stir 'em up.
Somewhat offtopic, but how do people deal with DOS attacks? /.ers deal with situations like this?
I've had a person harrasing the forums at a website that I host.
I banned by IP and then he started using proxys,
so I had to write a script to ban his IP each time he logged in,
of course then he started creating new accounts;
so I had to change the forum registration to one account per unique email address.
And then he tried to DOS the site by visiting the site and locking down his F5 key.
(He accually confessed this to me in IRC; he had 4 other people do this with him.)
I sent Comcast (his isp) the IRC logs & the network monitor logs.
They sent me a generic response saying "blah blah blah.. this is an automated response".
And thats it.
So how do other
It's a personal website, and I don't have the funds to hire a lawyer.
I've banned his IP and ~6000 proxy IPs, but he still keeps getting through.
Back when I was 13 or so, one of my friends had convinced me that trying something like this would be fun. I was a bit reluctant, but I had some knowledge of Unix and networking, and it did sound like fun.
We never actually got into anything, but the next day I got an e-mail from one of the companies we had attempted to break into, politely asking me to stop. It scared the shit out of me and I never attempted anything like that again.
And to be honest, the fact that I'd been caught and asked to stop (nicely!) impressed me far more than any of the hackers out there.
No. Trying a door handle does not imply mal-intent. It's the response when a door handle actually works that matters. I'll give you an anecdote. I was arriving at a semi-nice restaurant in a somewhat out of the way area of an otherwise nice town. Parking was scarce, so I had to park on a tiny unlit side-street. Walking toward the restaurant from my car, I saw another car on the street with its dome light on. It was obvious from a reasonable distance that there was no one in the car, but there was a pocketbook left on the front seat. Being a good sumeritan, I said "that won't do -- the pocketbook will get stolen, and the dome light will drain the battery". So I tried the door handle. To my surprise, it opened. I quickly turned to dome light off, closed the door again, and walked away. Turns out this was a sting. There had been a bunch of thefts from cars in the area recently, and this being a good town, the cops had enough time to set up a honeypot to try to catch the perp. They were quite chagrined to find someone go for the bait for an entirely altruistic reason -- to prevent a stranger from becoming the dual victim of a theft and a dead battery. Maybe I took a risk by trying that door handle and attempting to do some good. But how would you know if you deign to put a boot up my arse the instant I touch the doorhandle?
Perhaps the analogy doesn't port over all that well to scans of TCP ports, but it wasn't I who began that analogy; I'm just answering it.
-----Chaz