[dundee] Script Kiddie attack: in which our intrepid heroes nearly die of laughter

Arron M Finnon finux at finux.co.uk
Mon Nov 2 16:50:23 UTC 2009 

I feel I must add in here, in this particular case I can confirm it is
my belief that this was not an automated attack, due to some key
factors.  Such as it being a non-public email address, there not being
any variations in usernames and the delays between the test of each
password.  Of course the public facing accounts where not tested, seems
pretty strange to have an automated attack platform not test the details
actually contained within the site being profiled, or for it not to
attack any of Kris's emails either, just to name a few.  Of course it
being based from Perth may or may not have anything to do with it.

The person in question has a Perth based IP with Virgin Media so will be
stuck with it for sometime.  I personally think its a nice accoladed
that someone wanted to give me a free password audit, however it would
have been nice if my permission was asked first.

As Kris has said we did spend sometime checking various logs, and IDS
reports, so its not a lackadaisical hypothesis that we've jumped to.

Iain Barnett wrote:
>
> On 1 Nov 2009, at 15:14, Kris Davidson wrote:
>
>> Yeah I mean I assumed a bot or zombie at first, it just didn't really
>>
>> behave like one.
>>
>
> It's quite common when writing a spider to put in sleep times
> (sometimes random) so that it appears more human, same could easily
> (and probably is) done with automated attack scripts too.
>
> Iain
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> dundee GNU/Linux Users Group mailing list
> dundee at lists.lug.org.uk  http://dundeelug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/dundee
> Chat on IRC, #tlug on irc.lug.org.uk


-- 
Arron "finux" Finnon

Finux.co.uk/blog - Twitter.com/f1nux - facebook.com/finux

Podcasting for HPR, shows can be found at;
http://hackerpublicradio.org/correspondents.php?hostid=85




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/dundee/attachments/20091102/4c24b6fe/attachment-0001.htm

More information about the dundee mailing list