Script Kiddies: Vermin Of The Internet? - Is Your Kid A Script Kiddie?
(Page 4 of 6 )
If your kids are engaged in this type of activity, it may be that they just need some information. They may not be fully aware of the damage they can cause, or of the legal implications to themselves and to you. As a parent, in most countries, you can be prosecuted for the illegal activities of your children. Script Kiddie tracing is becoming more refined as the problem increases.
Once again, while I have been drafting this article, port number 12345 has been "probed" a total of 5 times on my computer... somebody's bored... There are ways to "nuke" the person/s doing it, but as my more experienced associates inform me, this only lets the person know I am here. It's better off just reporting the infringement to the originating ISP - a subject for another article.
Do you know what your kids are doing on your computer? No? Better take a look then...
If you are running personal firewall software while surfing, you can actually do something with the logs. You can send them to your ISP along with an incident description. They may be able to chase it up on your behalf. Better still, if you can identify the IP address using a tracing program, send the firewall log with the trace results to the owner of that address along with time, location etc.
I run traces on some of my logs, but this can also be a bit dangerous as there is a possibility that the owner of the address detects that you are "pinging"* them and therefore revealing your own IP address. Properly configured firewall software can minimise the danger of this.
Also, the IP address shown does not necessarily mean that it is the Script Kiddie they. There are various cloaking devices that the Kiddies use to hide their true origin, or may only refer to the service they are using to launch the attack. But it doesn't hurt to send the IP owner a polite email to serve as an alert, especially if you have been able to establish a repetitive address.
How to write the email? The following is a message I recently sent to an ISP. (the IP and port numbers have been replaced with x's).
------------------
Greetings,
I have been receiving a number of warning messages over the last couple of days from my firewall software regarding an xxxx scan which seems to be originating from your service. Even as I am typing this I am receiving numerous warnings. It is currently 6.20pm Adelaide time, Monday 12 February. Could you please look into this for me as it is becoming highly annoying? Last night I had around 80 such warnings in 1 hour. Thanks. Below is my log of some of these scans and the copy of the trace results.
GMT, xxx.xxx.xxx.xxx:xxx, xxx.xxx.xxx.xxx:xxx, TCP
FWIN, 2001/02/12,18:15:18 +10:
GMT, xxx.xxx.xxx.xxx:xxx, xxx.xxx.xxx.xxx:xxx, TCP
FWIN, 2001/02/12,18:15:18 +10:
GMT, xxx.xxx.xxx.xxx:xxx, xxx.xxx.xxx.xxx:xxx, TCP
FWIN, 2001/02/12,18:15:18 +10:
GMT, xxx.xxx.xxx.xxx:xxx, xxx.xxx.xxx.xxx:xxx, TCP
FWIN, 2001/02/12,18:15:18 +10:
GMT, xxx.xxx.xxx.xxx:xxx, xxx.xxx.xxx.xxx:xxx, TCP
FWIN, 2001/02/12,18:15:18 +10:
Please contact me if you require any further details.
----------------------
I also attached my "traceroute"** results, but have not included them here as they identify the customer number. The ISP responded to my message and said that they had "contacted" the customer. I received no further scans.
Next: Who Do Script Kiddies Target? >>
More HTML Articles
More By Michael Bloch
