Re: Intrusion and Attack Scenarios

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: IDS Moderator: "Re: Intrusion and Attack Scenarios"
• Previous message: Doug Hughes: "TCP SYN probe detection tool available"
• Maybe in reply to: Fred Cohen: "Intrusion and Attack Scenarios"
• Next in thread: IDS Moderator: "Re: Intrusion and Attack Scenarios"

>Hi everybody,
>
>
>        Can anyone help me finding a list and details of Intrusion and
>Attack Scenarios ?
>

        Check out Marcus Ranum's html slide-show, "Taxonomy of Network
Attacks," at URL: <http://www.v-one.com/pubs/attacks/index.html>

        It's comprehensive and downright depressing.

        On the other hand, CERT incident reports make it clear that the
most dangerous attacks focus on hackers and others using

        * sniffers or
        * trojan horse program or
        * CRACK attacks on encypted password files

... all to obtain old-fashioned reusable passwords.

        CERT's Summaries (which endlessly repeat the same unaddressed
threats) are available at URL: <http://www.cert.org>

        With the variety of one-time password schemes available (not only
commercial tokens like the SecurID and its competitors, but freeware like
s/key and OPIE) what is the justification for leaving valuable resources so
vulnerable?

        Suerte,
                        _Vin

         Vin McLellan +The Privacy Guild+ <vin@shore.net>
      53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
                         <*><*><*><*><*><*><*><*><*>

• Next message: IDS Moderator: "Re: Intrusion and Attack Scenarios"
• Previous message: Doug Hughes: "TCP SYN probe detection tool available"
• Maybe in reply to: Fred Cohen: "Intrusion and Attack Scenarios"
• Next in thread: IDS Moderator: "Re: Intrusion and Attack Scenarios"