IDS mailing list archives
RE: Are sophisticated attacks just FUD?
From: "Rob Shein" <shoten () starpower net>
Date: Thu, 1 Jul 2004 10:08:04 -0400
From SecurityFocus, an excellent and extremely current example you can point
to: http://www.securityfocus.com/columnists/251 Everyone: note that the boss is not talking about multi-vector attacks, but multi-stage attacks, where multiple attacks combine into one compromise, if I understand correctly. The alternative is that he's talking about situations where the hacker roots a box on the DMZ, and from there roots another box deeper inside. This is a bit trickier to discuss, as few organizations who have been hacked will disclose the details (if anything at all), and certainly nobody who does this sort of thing would stand up to be counted. That said, I have personally cleaned up such a compromise myself at a client, and have had discussions with people who have stated (with credibility) that they have performed such a hack.
-----Original Message----- From: Sam Heshbon [mailto:sheshbon () yahoo com] Sent: Tuesday, June 29, 2004 12:12 PM To: focus-ids () securityfocus com Subject: Are sophisticated attacks just FUD? I had a big discussion with my boss who claims most of the IPS, SIM and other new tools are just a hype protecting from sophisticated threats, which only exist in labs. He thinks multi staged attacks and so on do not often happen in the wild and shows our firewall's logs as evidence. It is true we see mostly worms.(NMAP) scanning happens once in a while, but he claims it's a script kiddy and the fact we have never seen a breach means it is not a real threat (we run a large network operation). I'm looking for statistical data showing how frequent sophisticated attacks and advanced tools are evolved and what there damage is to the corporate. If anyone knows of a research showing if this is FUD or a real problem, I'd love to prove him wrong (I'm willing to admit I'd be happy to have some new toys ;) __________________________________ Do you Yahoo!? New and Improved Yahoo! Mail - 100MB free storage!
http://promotions.yahoo.com/new_mail --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- Re: Are sophisticated attacks just FUD? Drew Simonis (Jun 30)
- <Possible follow-ups>
- Re: Are sophisticated attacks just FUD? Brian Lund (Jun 30)
- RE: Are sophisticated attacks just FUD? Keith T. Morgan (Jun 30)
- RE: Are sophisticated attacks just FUD? Angel Rivera (Jun 30)
- RE: Are sophisticated attacks just FUD? drbitbucket (Jul 01)
- RE: Are sophisticated attacks just FUD? Steve Hall (Jul 01)
- RE: Are sophisticated attacks just FUD? Joshua Berry (Jul 01)
- RE: Are sophisticated attacks just FUD? Chuck Herrin (Jul 04)
- RE: Are sophisticated attacks just FUD? Rob Shein (Jul 01)
- RE: Are sophisticated attacks just FUD? Runion Mark A FGA DOIM WEBMASTER(ctr) (Jul 04)
- Re: Are sophisticated attacks just FUD? Anton A. Chuvakin (Jul 09)