Multi stage attacks on networks?

Multi stage attacks on networks?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Multi stage attacks on networks? Sudhakar Govindavajhala 04-29-2004
Posted by Sudhakar Govindavajhala on April 29, 2004, 4:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi

I am a Ph.D. student studying network security at Princeton
University. I am trying to see if attacker can use a series of
vulnerabilities to take over a particular resource. Has there been prior
work on this topic earlier? Can someone give me a real example where the
adversary actually uses a series of vulnerabilities to break into a
resource?

May be he uses the webserver in DMZ and then uses it to get access
to fileserver and then uses it to compromise something else?


thanks for your time,
Sudhakar.

sudhakar cs princeton edu

http://www.cs.princeton.edu/~sudhakar


Posted by David Efflandt on April 30, 2004, 5:37 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Hi
>
> I am a Ph.D. student studying network security at Princeton
> University. I am trying to see if attacker can use a series of
> vulnerabilities to take over a particular resource. Has there been prior
> work on this topic earlier? Can someone give me a real example where the
> adversary actually uses a series of vulnerabilities to break into a
> resource?
>
> May be he uses the webserver in DMZ and then uses it to get access
> to fileserver and then uses it to compromise something else?

The Nimda worm (which is still going around years after discovered) was a
perfect example of multiple avenues of attack. IIS webservers directly
infected other IIS servers, it set up a default website containing a
readme.eml which if accessed with MSIE would infect through Outlook
Express (or Outlook), and it also spread through Win file sharing.

There is also the ever popular DoS (denial of service) attack where
comprimised machines will generate excessive, malformed, or spoofed
traffic, causing a resource to be effectively unavailable.

Many of the vulnerabilities are buffer overflows, which if properly
crafted, can execute arbitrary code under whatever user a server is
running as.

--
David Efflandt - All spam ignored http://www.de-srv.com/


Posted by Wendel on April 30, 2004, 7:23 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

> I am a Ph.D. student studying network security at Princeton
> University. I am trying to see if attacker can use a series of
> vulnerabilities to take over a particular resource. Has there been prior
> work on this topic earlier? Can someone give me a real example where the
> adversary actually uses a series of vulnerabilities to break into a
> resource?
>
> May be he uses the webserver in DMZ and then uses it to get access
> to fileserver and then uses it to compromise something else?

Yahhh, it's the real hacking, you enter in a network and stop when u
have access to ALL resources. It can take some time, but... ;-)

To see "real examples", you can search at related sites, examples of
"case of study" or "case of sucess" of penetrating testings to
networks.

Like that:

http://securitypronews.com/securitypronews-24-20031215AWhiteHatsPenetrationTest.html

Regards.

Mercenarie's Club Member => http://cdm.frontthescene.com.br
Front The Scene Team => http://www.frontthescene.com.br
Personal Page => http://ws.frontthescene.com.br


Posted by Jens Hektor on April 30, 2004, 9:24 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Sudhakar Govindavajhala wrote:
> work on this topic earlier? Can someone give me a real example where the
> adversary actually uses a series of vulnerabilities to break into a
> resource?

All the actual running phatbot versions do so.



Posted by Ford Prefect on April 30, 2004, 4:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Sudhakar Govindavajhala wrote:
> Hi
>
> I am a Ph.D. student studying network security at Princeton
> University. I am trying to see if attacker can use a series of
> vulnerabilities to take over a particular resource. Has there been prior
> work on this topic earlier? Can someone give me a real example where the
> adversary actually uses a series of vulnerabilities to break into a
> resource?
>
> May be he uses the webserver in DMZ and then uses it to get access
> to fileserver and then uses it to compromise something else?
>
>
> thanks for your time,
> Sudhakar.
>
> sudhakar cs princeton edu
>
> http://www.cs.princeton.edu/~sudhakar

You claim you are a PhD student at Princeton and you resort to asking
these types of basic, simplistic questions on an internet newsgroup?

Get real! For someone studying security at a PhD level, you certainly
are clueless!



Similar ThreadsPosted
Final call for papers: Multi-Conference January 19, 2007, 10:10 am
Is there such thing as a multi-host security certificate? July 25, 2007, 6:50 pm
Detecting Wifi networks December 20, 2004, 10:41 am
IDS based on neuronal networks April 19, 2005, 9:46 pm
Internet Vs Private Networks June 26, 2007, 6:20 am
Learning about Networks Security June 13, 2008, 1:12 am
CFP: Telecommunications, Networks and Systems 2008 February 14, 2008, 11:14 am
CFP: Telecommunications, Networks and Systems 2008 - new date March 6, 2008, 12:01 pm
High Security Networks - Removing recent documents July 23, 2006, 1:10 pm
[OT] Free XP WiFi utility which shows channel numbers of networks? January 22, 2007, 11:27 am

The site map in XML format XML site map

Contact Us | Privacy Policy