Hi Mike, why sending this to police etc. (btw: german police doesn't really care about this). Think of what may happen: Authorities care about your mail and begin to track down the possible attacker, who - in most cases of Code<insert color/> and Nimbda - don't know anything of running a system scanning other servers. There's only a minimum chance to track down a real attacker, but a maximum to hurt a security newbie etc. I've seen private web surfers running Win2k advanced server on their desktop computer, connected via dialup to the internet. In standard installation both, the IIS and the indexing server is running afaik. They neither know what an IIS is, nor care about an indexing server. If you feel you should do something, try to contact the sysadmin and give him a hint what he (his computer) is doing and that security is something, everybody should think of if connected to the internet. I agree to your last statement: That won't change much. But if one out of ten starts to think different of what he's doing and what he's "providing" for possible attackers, I think that's woth it! Cheers, Ralf
Hi,
On 26 Nov 2001, at 13:40, Boris Lorenz wrote:
Oh, and I think Ralf Koch is quite right. Although it often helps to broaden your understanding of anti-cracker skills by setting up honeypots or active/passive retaliation systems (if your time allows), such techniques are of minor use in reality, and may cause problems if configured incorrectly.
Don't attack the attacker. Don't descent to their level.
I still get CodeRed/Nimda scans from about 10 different IP addresses a day. How about sending complaints along with the excerpts of the logfiles to the police and prosecuting authorities? At least in europe, if nothing else, if enough people did that, it would show them how much work the cybercrime act would mean for them! Not that I think it would change much.
mike
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com