[dundee] Script Kiddie attack: in which our intrepid heroes nearly die of laughter
Lee Hughes
toxicnaan at yahoo.co.uk
Mon Nov 2 17:05:14 UTC 2009
'a free password audit' LOL!
--- On Mon, 2/11/09, Arron M Finnon <finux at finux.co.uk> wrote:
From: Arron M Finnon <finux at finux.co.uk>
Subject: Re: [dundee] Script Kiddie attack: in which our intrepid heroes nearly die of laughter
To: "Tayside Linux User Group" <dundee at lists.lug.org.uk>
Date: Monday, 2 November, 2009, 4:49 PM
I feel I must add in here, in this particular case I can confirm it is
my belief that this was not an automated attack, due to some key
factors. Such as it being a non-public email address, there not being
any variations in usernames and the delays between the test of each
password. Of course the public facing accounts where not tested, seems
pretty strange to have an automated attack platform not test the
details actually contained within the site being profiled, or for it
not to attack any of Kris's emails either, just to name a few. Of
course it being based from Perth may or may not have anything to do
with it.
The person in question has a Perth based IP with Virgin Media so will
be stuck with it for sometime. I personally think its a nice accoladed
that someone wanted to give me a free password audit, however it would
have been nice if my permission was asked first.
As Kris has said we did spend sometime checking various logs, and IDS
reports, so its not a lackadaisical hypothesis that we've jumped to.
Iain Barnett wrote:
On 1 Nov 2009, at 15:14, Kris Davidson wrote:
Yeah I mean I assumed a bot or zombie at
first, it just didn't really
behave like one.
It's quite common when writing a spider to put in sleep times
(sometimes random) so that it appears more human, same could easily
(and probably is) done with automated attack scripts too.
Iain
_______________________________________________
dundee GNU/Linux Users Group mailing list
dundee at lists.lug.org.uk http://dundeelug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/dundee
Chat on IRC, #tlug on irc.lug.org.uk
--
Arron "finux" Finnon
Finux.co.uk/blog - Twitter.com/f1nux - facebook.com/finux
Podcasting for HPR, shows can be found at;
http://hackerpublicradio.org/correspondents.php?hostid=85
-----Inline Attachment Follows-----
_______________________________________________
dundee GNU/Linux Users Group mailing list
dundee at lists.lug.org.uk http://dundeelug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/dundee
Chat on IRC, #tlug on irc.lug.org.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/dundee/attachments/20091102/bc186674/attachment.htm
More information about the dundee
mailing list