Honeypots mailing list archives
Re: Attack Paradigm Shift?
From: gml <gml () phrick net>
Date: Wed, 21 May 2003 16:46:34 -0400
On Wednesday 21 May 2003 04:22 pm, Roger A. Grimes wrote: or maybe the attacker is setting up their own personal hack net. and that hack net will become the basis for a future "targeted" attack. or maybe the worm is part of a targeted attack that is direct but seems indirect because of the number of hosts involved in the attack. it's not a far stretch to imagine a worm that's written with a single purpose in mind.
Well, certain attacks like Slammer, Nimda, most worms and viruses, and any other sort of scanning or randomly traveling piece of malware, are by nature not targeting any one specific company. Of course, maybe the cracker is trying to target one host and is using the wide-spread attack as a ruse (i.e. liken to the case of the lady who killed 8 other innocent people in her successful effort to kill her husband in the one of the Tylenol-poisoning cases in 1982). Roger -----Original Message----- From: Andrew.Patrick () kemperinsurance com [mailto:Andrew.Patrick () kemperinsurance com] Sent: Wednesday, May 21, 2003 3:05 PM To: honeypots () securityfocus com Subject: Re: Attack Paradigm Shift? "targeted attacks against its customer base last year reached 40 percent [of total attacks], far above the expected 15 percent." I would be extremely curious regarding exactly what they mean by "targeted".... I get pummelled by all manner of attacks every day, how can I be certain whether these are "targeted" or not?? Andy Patrick KTS Security & Contingency Planning x3621 DISCLAIMER: This communication, along with any documents, files or attachments, is intended only for the use of the addressee and may contain legally privileged and confidential information. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of any information contained in or attached to this communication is strictly prohibited. If you have received this message in error, please notify the sender immediately and destroy the original communication and its attachments without reading, printing or saving in any manner. This communication does not form any contractual obligation on behalf of the sender or, the sender's employer, or the employer's parent company, affiliates or subsidiaries.
Current thread:
- Re: Attack Paradigm Shift? Andrew . Patrick (May 21)
- Re: Attack Paradigm Shift? Seth Arnold (May 21)
- RE: Attack Paradigm Shift? Roger A. Grimes (May 21)
- Re: Attack Paradigm Shift? gml (May 21)
- RE: Attack Paradigm Shift? So focus on the DZ not the DMZ! Ken Kousky (May 22)
- <Possible follow-ups>
- Re: Attack Paradigm Shift? Lance Spitzner (May 21)
- Re: Moving forward with definition of honeypots iatac vuln (May 21)