Honeypots mailing list archives

Re: Attack Paradigm Shift?

From: gml <gml () phrick net>
Date: Wed, 21 May 2003 16:46:34 -0400

On Wednesday 21 May 2003 04:22 pm, Roger A. Grimes wrote:

or maybe the attacker is setting up their own personal hack net.
and that hack net will become the basis for a future "targeted" attack.
or maybe the worm is part of a targeted attack that is direct but seems 
indirect because of the number of hosts involved in the attack.
it's not a far stretch to imagine a worm that's written with a single purpose 
in mind.

Well, certain attacks like Slammer, Nimda, most worms and viruses, and any
other sort of scanning or randomly traveling piece of malware, are by
nature not targeting any one specific company.

Of course, maybe the cracker is trying to target one host and is using the
wide-spread attack as a ruse (i.e. liken to the case of the lady who killed
8 other innocent people in her successful effort to kill her husband in the
one of the Tylenol-poisoning cases in 1982).

Roger

-----Original Message-----
From: Andrew.Patrick () kemperinsurance com
[mailto:Andrew.Patrick () kemperinsurance com]
Sent: Wednesday, May 21, 2003 3:05 PM
To: honeypots () securityfocus com
Subject: Re: Attack Paradigm Shift?



"targeted attacks against its customer base last year reached 40 percent
[of total
attacks], far above the expected 15 percent."

I would be extremely curious regarding exactly what they mean by
"targeted"....

I get pummelled by all manner of attacks every day, how can I be certain
whether these are "targeted" or not??

Andy Patrick
KTS Security & Contingency Planning
x3621






DISCLAIMER:
This communication, along with any documents, files or attachments, is
intended only for the use of the addressee and may contain legally
privileged and confidential information. If you are not the intended
recipient, you are hereby notified that any dissemination, distribution or
copying of any information contained in or attached to this communication
is strictly prohibited. If you have received this message in error, please
notify the sender immediately and destroy the original communication and
its attachments without reading, printing or saving in any manner. This
communication does not form any contractual obligation on behalf of the
sender or, the sender's employer, or the employer's parent company,
affiliates or subsidiaries.

Current thread:

Re: Attack Paradigm Shift? Andrew . Patrick (May 21)
- Re: Attack Paradigm Shift? Seth Arnold (May 21)
- RE: Attack Paradigm Shift? Roger A. Grimes (May 21)
  - Re: Attack Paradigm Shift? gml (May 21)
  - RE: Attack Paradigm Shift? So focus on the DZ not the DMZ! Ken Kousky (May 22)
- <Possible follow-ups>
- Re: Attack Paradigm Shift? Lance Spitzner (May 21)
  - Re: Moving forward with definition of honeypots iatac vuln (May 21)