tcp/routing question...
Joel Jaeggli
joelja at darkwing.uoregon.edu
Wed Jun 8 04:29:05 UTC 2005
On Wed, 8 Jun 2005, Lai Zit Seng wrote:
> Actually... sure it may not be "trivial", but at the same time it is not all
> that difficult.
>
>> There much easier ways to attempt to break into systems.
When attacking a sysetem wther it be a machine, a network or the whole
internet, people invariabilily go for the low hanging fruit first. There's
simply no reason to expend more effort than necessary.
Various address space hijacking and route injection attacks are carried
out all the time, mostly in the recent past, for the purpose of sending
spam, but that doesn't mean people haven't done it for other reasons.
> That is true. And the attacker will (or at least ought to!) choose the
> weakest link, considering also the type of expertise he has.
>
> Just because something is difficult for some people doesn't mean it is
> difficult for others. An analogy: Many ways to break into a house. Not
> everyone knows how to pick a lock... so perhaps it is easier to break the
> glass window. But someone else with lock picking skills would probably prefer
> picking the lock (preferred because no glass breaking noise to attract
> attention).
>
> Breaking into computers could be similar. There are people with network
> expertise. They know how to subvert DNS. Or they know how to inject routes.
> Or they know where to find tools to do ARP spoofing. Otoh, someone else may
> have more skills with buffer overflowing SSH daemons, or mangling URLs to the
> webserver, etc. Ah, and then yet someone else might have even better social
> engineering skills :)
>
> Furthermore, consider an attacker who has some motivation (e.g. monetary...)
> to break into the system. If he doesn't have the skills... he will find out,
> or he will find someone to do it, etc.
>
>> The more likely vector for attacks are inside personnel and poor
>> security procedures (bad passwords, sloppy firewall rules, etc.).
>
> That's happens very often, I agree :)
>
> Regards,
>
> .lzs
> --
> http://zitseng.com/
>
>
--
--------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja at darkwing.uoregon.edu
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
More information about the fedora-list
mailing list