chargen is the new DDoS tool?

• Previous message (by thread): chargen is the new DDoS tool?
• Next message (by thread): chargen is the new DDoS tool?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/12/13, shawn wilson <ag4ve.us at gmail.com> wrote:
> This is basically untrue. I can deal with a good rant as long as there's
> some value in it. As it is (I'm sorta sorry) I picked this apart.
> On Jun 12, 2013 12:04 AM, "Ricky Beam" <jfbeam at gmail.com> wrote:
>> On Tue, 11 Jun 2013 22:55:12 -0400, <Valdis.Kletnieks at vt.edu> wrote:
>>>            >>              >
>> But seriously, how do you measure one's security?
> Banks and insurance companies supposedly have some interesting actuarial
> data on this.

>> The scope is constantly changing.
> Not really. The old tricks are the best tricks. And when a default install
By best, you must mean effective against the greatest number of targets.

> of Windows still allows you to request old NTLM authentication and most
> people don't think twice about this, there's a problem.

Backwards compatibility and protocol downgrade-ability is a PITA.

> It seems you are referring to two things - exploit writing vs pen testing.
> While I hate saying this, there are automated tools that could clean up
> most networks for a few K (they can also take down things if you aren't
> careful so I'm not saying spend 2k and forget about it). Basically, not

For the orgs that the 2K tool is likely to be most useful for,  $2k is
a lot of cash.
The scan tools that are really worth the trouble start around 5K,  and
people don't like making much investment in security products,  until
they know they have a known breach on their hands.    Many are likely
to forego both,  purchase the cheapest firewall appliance they can
find, that claims to have antivirus functionality,  maybe some
stateful TCP filtering, and Web policy enforcement to restrict surfing
activity;    and feel safe,  "the firewall protects us", no other
security planning or products or services  req'd.

> As I indicated above, 0days are expensive and no one is going to waste one
> on you. Put another way, if someone does, go home proud - you're in with
[snip]

I would call this wishful thinking;  0days are expensive,  so the
people who want to use them, will want to get the most value they can
get out of the 0day, before the bug gets fixed.

That means both small numbers of high value targets, and,  then...
large numbers of lesser value targets.     If you have a computer
connected to the internet, some bandwidth, and a web browser or e-mail
address, you are a probable target.

If a 0day is used against you,  it's most likely to be used against
your web browser  visiting a "trusted"  site you normally visit.

The baddies can help protect their investment in 0day exploit code,
by making sure that by the time you detect it,  the exploit code is
long gone,  so  the infection vector will be unknown.

--
-JH

• Previous message (by thread): chargen is the new DDoS tool?
• Next message (by thread): chargen is the new DDoS tool?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]