Re: Evasion schemes or techniques

["Kassem Nasser" <kassem.nasser () gmail com>]

Dear Mr. Singh,
I highly appreciate you for this detail email,
I can see that most of the types you have listed below are concerned
with network based attacks, but I am concerned about application based
ones.
I am interested in knowing the signature of the attack (ex:using
system calls patterns) in order if you want to compare it to a regular
performance or normal signature.
I will try to see what are from the types you have listed above that
are concerned with application level attacks,
Many thanks,

On 12/13/06, Gurpreet Singh <gurpreetsl () gmail com> wrote:
> hi,
>
> these are the most common attacks we encounter in our daily life.  You
> can google the following terns and you will get a lot of material
> otherwise i can provide you with some links.
>
> Hacking: types of attack
>
> viruses - most common form of attack
>
> denial of service attacks
>
> trojans (or trojan horses)
>
> brute-force and `social engineering' password attacks
>
> port scanning and spoofing
>
> phishing
>
>
>
> Viruses
>
> Easily transferred in emails or downloaded files
>
> May damage data on infected computer
>
> May allow privileged access to host
>
> May flood the network with spurious data
>
>
>
> Phishing
>
> This is a method of luring an unsuspecting user into giving out their
> username and password for a secure web resource, usually a bank or
> credit card account. Ebay and PayPal are particularly susceptible to
> this type of attack.
>
> usually achieved by creating a website identical to the secure site
>
> user is sent email requesting them to log in, and providing a link to
> the bogus site
>
> when user logs in, password is stored and used to access the account
> by the attacker
>
> difficult to guard against, particularly if using HTML email
>
>
> Currently no law specifically against this, though some experts think
> this may come under the Computer Misuse Act, and may also be testable
> under trademark laws (passing off as another's web site).


--
------------------------------------------
Kassem Nasser
First LEBANON WILL SURVIVE
Now LEBNON WON
Then LEBANON will Rise and Shine
????? ?????? ???
------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------