Dailydave mailing list archives
Re: SMBLoris
From: Bob Auger <bobauger () gmail com>
Date: Tue, 8 Aug 2017 12:40:33 -0700
TLDR: Sockets/connections can always be exhausted at the app level based on the hardware, configuration, and design. 1. Discuss <InsertDaemonNameHere>loris. 2. Hype the media on #1 3. Discuss that DOS is still bad (no debate) 4. Inform users of configuration/rate limiting opportunities/hardware/fault tolerance design (to the extent you can) 5. Profit from #4 - Robert On Tue, Aug 8, 2017 at 12:15 PM, Konrads Smelkovs < konrads.smelkovs () gmail com> wrote:
Mostly due to BCP. Guys that do construction can probably live without a domain controller for a bit -- Konrads Smelkovs Applied IT sorcery. On 8 August 2017 at 19:27, Dave Aitel <dave.aitel () gmail com> wrote:So I know it's Microsoft Tuesday, but we've been working on that SMBLoris bug a bit more for release to customers as well, and as part of that, we're spending a lot of time thinking about it, as deceptively simple as it is. The thing I'm wondering is why people outside of FinancialSec think DoS is almost a non-issue. Most companies have only a few domain controllers, and when those go down, the company goes down. And they have to be reachable on these exact ports, from anywhere in the company, essentially. It seems like this is one of those things that got a tiny splash of attention, but could be worth more. :) -dave _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- SMBLoris Dave Aitel (Aug 08)
- Re: SMBLoris Oliver Friedrichs (Aug 08)
- Re: SMBLoris Konrads Smelkovs (Aug 08)
- Re: SMBLoris Bob Auger (Aug 10)