|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: scripts kiddie sites
Is there any way to identify these types of providers and not carrying them on the backbone? Hank Nussbacher wrote: > At 19:06 06/07/00 -0400, David Charlap wrote: > > >I would assume that a "scripts kiddie source network" is a network where > >the administrators do not bother to investigate reports of system > >cracking attempts from their network. This effectively gives these > >crackers a green light to go and attack people, since they know they > >won't lose their access. > > > >-- David > > There is an inherent problem here. Newer Internet phone systems allow > anonymous dialin. We have such a system in Israel (2+ years) and I know > one like that exists in the UK. The monopoly phone company sets up a > special number like "135", users dialin - no authentication, no user/pswd, > just PPP to one specific site. The user fires up their browser and > connects to the phone company Web portal which has a large table of ISPs > and rates. The user clicks on the one they want and all the packets now > flow via that ISP. No authentication. Pure anonymous PPP. [Technical > side has been over-simplified.] The phone company bills the user on their > phone bill and splits the revenues then with the ISP. The ISP no longer > needs modems, or any authentication system, just a large leased line to the > phone company virtual POPs and a bank account to receive the monthly checks. > > Script kiddies love this. The only way to stop the kiddie is a court order > to track down the phone number from the virtual POP and who called. Not as > easy as adding a filter to a net or closing a user's account. So an RBL > for script kiddie nets is not as easy as it may sound to some. > > -Hank -- Thank you; |--------------------------------| | Thinking is a learned process. | | ICANN member @large | | Gigabit over IP, ieee 802.17 | |--------------------------------| Henry R. Linneweh
|