Factoids for the Kiddies


Subject: Factoids for the Kiddies
From: Christopher Erickson (cerickson@gci.net)
Date: Sun Feb 03 2002 - 13:03:45 AKST


1. GCI forwards dozens of qualified security issues to various authorities every
week.

2. GCI does NOT feed information back to those people making reports of security
violations. Doing so would compromise ongoing investigations.

3. GCI will NOT act against users without collecting our own evidence of
violations.

4. Last week alone, seven subpoenas were issued to GCI by various law
enforcement agencies involved in ongoing criminal investigations.

5. Many "script kiddy" activities are technically not security violations, as
defined by State or Federal law. As such, there is no violation to investigate.

6. Verified reports of "script kiddy" activity usually gets the suspect user put
on the watch list.

-Christopher Erickson
Network Design Engineer II
GCI Internet
2550 Denali St., Suite 1000
Anchorage, AK 99503
www.gci.com

-----Original Message-----
From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org]On Behalf Of
Buddha
Sent: Sunday, February 03, 2002 12:24 PM
To: 'Scott Johnson'
Cc: aklug@aklug.org
Subject: RE: SCRIPT KIDDIES! Beware..

I had people scan me for weeks. I even had the phone # to CGI's head
security dude (ex-Air Force Unix guy) and they did absolutely nothing. My
scan logs were up to 30MB in size a day...plenty of "evidence". This was on
a Slackware 7.0 firewall with all ports locked down. The scanners were just
harassing me and being annoying. IMHO GCI's view on security is pretty
lame. That one security guy I talked to said he's the "only security person
they have" and he "get's a couple hundred emails on Mondays". Sounds to me
like they need to hire some more people.

Jim "Buddha" McMorris

-----Original Message-----
From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org]On Behalf Of
Scott Johnson
Sent: Sunday, February 03, 2002 11:50 AM
To: FeLoNiouS_MoNK
Cc: aklug@aklug.org
Subject: Re: SCRIPT KIDDIES! Beware..

email your logs to security@gci.net.... they usually take these things
pretty seriously.

Scott
----- Original Message -----
From: "FeLoNiouS_MoNK" <codered@gci.net>
To: <aklug@aklug.org>
Sent: 03 February, 2002 10:55
Subject: SCRIPT KIDDIES! Beware..

>
> cable-251-8-237-24.anchorageak.net (24.237.8.251)
> cable-18-5-237-24.anchorageak.net (24.237.5.18)
> 11-255-237-24-cable.nome.ak.net (24.237.255.11)
>
> These are three local hits i have taken within the last 24 hours .. they
> are runnin the NT port 80(http) sploits... .. usually i dont mind
> since my boxen is purty secure .. but watchin this light on my modem go
> ballistic cause these kids are runnin the scripts over and over
> and over again ... errr.. maybe its the hangover .. maybe not.. anywayz
> .. if any of these are you out there let me know .. cause if i see
> them again imma get someone to hit them wit an oc3 ... errrrr..
>
> ==--Runnin' a script and callin yourself a Hacker is like building wit
> duplo blocks and calling yourself an ARCHITECT!--==
> Scripts .. bringin
> sploits to the lame since 1993
>
>



This archive was generated by hypermail 2a23 : Sun Feb 03 2002 - 13:04:13 AKST