Madseel ,
Their is many posts in that thread, maybe the following idea had already been mentionned tell me i'll remove the post.
The idea is based on the assumption you "own" the PCs from which the script kiddies are messing from.
You could install some IDS (like WINSNORT http://www.snort.org/dl/binaries/win32/) on several PCs that might being used. The point is that thanks to snort you'll be able to set it up to detect in a near real time manner that a chap is messing around.
To do that you need to centralized in a safe PC logs & alert.
You can do that by scanning periodically the log files or be dynamically alerted when an event occur.
Thanks to the IP address you'll be able to detect the PC on which the attack is launched & catch the bad guys.Extract from: http://www.snort.org/docs/faq.html
Q: How do I process those snort logs into HTML reports?
A1: One popular solution is SnortSnarf, a tool for producing HTML
out of snort alerts for navigating through these alerts
(and doing a whole lot more).
http://www.silicondefense.com/snortsnarf/
A2: If you want to set up logging to a database you could try ACID
Some documentation describing the current ACID functionality:
http://www.cert.org/kb/acid/
Reply With Quote