Point Failures

To all you script kiddies out there:

This is more of a technical post, so for that i apologise.

Firstly, a bit of back story:

There are many type’s of computer user out there, these range from the clueless “What do i do with this TV” to  the ubergeek “I built my own Motherboard and inter-networked the CPU’s” types.

Now, I wont describe them all, but there’s one that type that really irritates me, and i expect a flaming for this, but hey.

Script Kiddies

Yes, Script kiddies. These are the type that think by using and abusing ’scripts’ (automated programs, mostly for hacking) they are cool and by launching a DoS (Denial Of Service) attack on a network is actually ‘awesome’. They Piss Me Off!

How many times have you heard “I’m going to hack your hotmail!”. This makes me laugh and want to kill them at the same time.
If they have gained access to my account it 99.999% is most likely they guessed the secret question (which has never happened before).
Now my presence is more known on the web I get this quite a lot, also I’ve had a couple of DoS attacks on my servers.

It’s very annoying, but if you know what you’re doing and you have a decent hosting company (Thanks Leaseweb!) this sort of thing shouldn’t affect you. That being said, it’s like saying if you live in a Secure Neighbourhood with reinforced windows the chavs throwing bricks at them wouldn’t effect you. Technically yes, but it’s bloody annoying and they need a slap upside the head! I’ve seen it too many times from too many people in varying situations.

“I’m gonna hack yur computer n00b!”
“Yer your email is mine!”
“Im gonna blok you frm MSN init.”

Seriously? Please. Get. A. Life. Do you think that my firewall as enough holes for your ‘underground’ ‘hacking’ ‘tools’ (read n00b windowze scripts) to get through? I think not.. I use Key as opposed to passwords, I block ICMP and filter all incoming packets to verify that they’re valid (not malformed SYN packets) I also drop connections after too many SYN connections are established.
So that immediately rules out Ping Of Death, Smurfing, DoS (to an extent) and Brute force password attacks. So good luck, i’d like to see you try.

Secondly, another interesting fact is that my internal server farm is actually segregated. If you gain access to the front facing server, you will access nothing, you will then have to gain access to another server which has a heavily firewalled OS. Once you gain access to that machine, you will then have to elevate yourself to root privileges. Say if you did manage all that, and you successfully ‘rooted’ one of my Boxes, for example my web server - i’d probably notice. You also wouldn’t damage much as i take daily backups.

So to all of you script kiddies out there, i issue this bold statement: Do your best. I’m waiting.
If my security folds to your weak attacks then you have just proven yourselves to be more of a nuisance than i first thought.

I wish you’d do all the people that know what they’re talking about a favour and just shut the fuck up. You’re not big, you’re not clever and you’re most certainly not a hacker. Hackers exploit holes in software they discover, they spend hours looking over the code and working their way in. Not like your lame brute force attacks.

Try managing a large corporate network with corporate grade firewalls and grow up a bit.

That being said, i’m not complacent about my security, as you never can be. I am sure a competent hacker would be able to do at least some damage to my network, just not a script kiddie.

Thanks.

(For the record, my core server is 85.17.174.130, my DMZ firewall is 85.17.174.135 and the internal servers are on the 192.168.20.x subnet)