Dealing With Script Kiddies The Evil Way
I recently reconfigured our network to increase security. Before I got here, the last admin had arranged to tap into a sea bottom fiber trunk for our communications. It worked well and we have great bandwidth, but I wanted to isolate non-official traffic and make it less traceable, so I created a separate network with a series of email/browsing stations for the minions all connected via a satellite connection.
This setup works well because it keeps any foolishness on the part of the minions from affecting the more critical systems and also keeps out the do-gooders who happen to find a random terminal.
The problem came when the IDS logs showed a goodly amount of post scanning happening. A quick check showed that the port scanning was coming directly off a machine with no real attempt to hide the nature of the scan or mask the source. In essence, some dumb kid was learning Nmap against my satellite connection.
Now had I been in a good mood, I may have let it slide. Problem for the script kiddie is that I was not in a good mood. So I tracked down the address of our friend the script kiddie (don't ask how), talked to the boss, and arranged a squad of shock troops and some transport. The boss was feeling frisky and allowed the resources as long as I got a good picture of the kid's face.
So we're hovering over this kid's town in Armpit, WI and I check his traffic: sure enough, nice blatant port scan. I'm sure if I left him alone his ISP would eventually be explaining to his parents why they no longer had service, but this was going to be much more fun.
I let the shock troops go in first with instructions to take control but not rough anyone up. Once I get the all clear I borrow a pistol, walk in, and point it at the pimple-faced fifteen year old I find sitting on the couch and already quivering, then whip out my camera and take a picture for the boss's sake.
"What's your name?"
"J-J-J-Jason."
"Well J-J-J-Jason, do you have a computer?"
"Y-Y-Yes..."
"Good. So Jason, are you familiar with Nmap?"
"Yes."
"Good. You've been using Nmap lately, haven't you Jason?"
"Yes."
"I'm glad you're being honest. Now Jason, you haven't been using it exclusively on your own machines, have you Jason?"
"No."
"No indeed, and I don't like people port scanning my network Jason."
At this point Jason's father gets up the nerve to ask what was going on.
"Do you ever see reports on the news about people breaking into computers, deleting files, changing data, stealing credit card information?"
"You mean Hackers?"
"Not Hackers, Crackers. Hackers are people who try new things, develop.... never mind. The point is that Jason here is an aspiring Cracker, and he's been playing with software that he shouldn't."
At this point the shock troops came out with Jason's computer. It was a pretty nice rig with a decent LCD and an airbrushed case.
"Now you should all consider yourselves lucky. You see, if Jason had kept on the path of computer crime, he may have been arrested, you may have been sued. Instead, we're just going to make sure that Jason doesn't get into any trouble and assume that you will keep a closer watch on your son's future computer usage." With that I snapped my fingers and the shock troops headed out with Jason's computer in tow.
As we flew away I checked the screen of my digital camera -- the look on the kid's face was priceless.




2 Comments:
Where is the picture? :-)
Well I can't post the actual photo for security reasons, but it looked a bit like this.
Post a Comment
<< Home