IDS mailing list archives
Re: Single Stage Attacks?
From: dreamwvr <dreamwvr () dreamwvr com>
Date: Tue, 19 May 2009 14:22:24 -0600
snort user wrote:
Greetings All, Typically, network based attacks have multiple stages. (reconnaissance, infection, download rootkit, call home, further infection etc) Some attacks may have a single stage (without reconnaissance) to compromise a host. However, even those attacks have a post-compromise stage, such as call home or transfer/steal data or something else. Otherwise, what's the motivation for compromising in the first place? Can someone enlighten me if there are attacks that only have a single stage? Examples or scenarios is much appreciated. Thanks
Any attack on mail and web systems using their default domainnames to spray discord would fit the bill IMHO. Take any that does privilege escalation on mail or webservers coupled with worm tendencies. Then simply gets the type of daemon and attacks accordingly. Most often it will get enough information to wreak havoc by the way the daemons responds.. That is all.. Best Regards, dreamwvr () dreamwvr com ps - sure you could consider this a multi level attack if you want too..
Current thread:
- Single Stage Attacks? snort user (May 19)
- Re: Single Stage Attacks? Jamie Riden (May 19)
- Re: Single Stage Attacks? dreamwvr (May 20)
- Re: Single Stage Attacks? Stuart Staniford (May 20)