Re: SMBLoris

[Bob Auger <bobauger () gmail com>]

TLDR: Sockets/connections can always be exhausted at the app level based on
the hardware, configuration, and design.

1. Discuss <InsertDaemonNameHere>loris.
2. Hype the media on #1
3. Discuss that DOS is still bad (no debate)
4. Inform users of configuration/rate limiting opportunities/hardware/fault
tolerance design (to the extent you can)
5. Profit from #4

- Robert

On Tue, Aug 8, 2017 at 12:15 PM, Konrads Smelkovs <
konrads.smelkovs () gmail com> wrote:

> Mostly due to BCP. Guys that do construction can probably live without a
> domain controller for a bit
>
> --
> Konrads Smelkovs
> Applied IT sorcery.
>
> On 8 August 2017 at 19:27, Dave Aitel <dave.aitel () gmail com> wrote:
>
> > So I know it's Microsoft Tuesday, but we've been working on that SMBLoris
> > bug a bit more for release to customers as well, and as part of that, we're
> > spending a lot of time thinking about it, as deceptively simple as it is.
> >
> > The thing I'm wondering is why people outside of FinancialSec  think DoS
> > is almost a non-issue. Most companies have only a few domain controllers,
> > and when those go down, the company goes down. And they have to be
> > reachable on these exact ports, from anywhere in the company, essentially.
> >
> > It seems like this is one of those things that got a tiny splash of
> > attention, but could be worth more. :)
> >
> > -dave
> >
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave () lists immunityinc com
> > https://lists.immunityinc.com/mailman/listinfo/dailydave
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave