nanog mailing list archives
Re:Destructive botnet originating from Japan (fwd)
From: Rob Thomas <robt () cymru com>
Date: Sat, 24 Dec 2005 15:03:27 -0600 (CST)
Hi again, NANOGers. :) I shouldn't have focused solely on the bot issue, sorry. When miscreants obtain access to a server through some PHP exploit, they generally take a look around. If the web server is also a database server (eek!), then the real fun begins. There won't be a noisome bot placed on that server, oh no. One crew installed a cron script to run a SQL query for the new customer data collected in the past 24 hours, then email the query results to the miscreants. :( DDoS can be very painful, and it has the side benefit of being very overt. It is the more subtle attacks and abuses that might concern you even more. It is generally the case that the tools and techniques for both are the same. Thanks, Rob. -- Rob Thomas Team Cymru http://www.cymru.com/ ASSERT(coffee != empty);
Current thread:
- Re:Destructive botnet originating from Japan (fwd) Rob Thomas (Dec 24)
- Re: Destructive botnet originating from Japan (fwd) Barrett G. Lyon (Dec 24)
- Re: Destructive botnet originating from Japan (fwd) Stephen Stuart (Dec 24)
- Message not available
- Re: Destructive botnet originating from Japan (fwd) Barrett G. Lyon (Dec 25)
- Re: Destructive botnet originating from Japan (fwd) Stephen Stuart (Dec 24)
- Re: Destructive botnet originating from Japan (fwd) Barrett G. Lyon (Dec 24)
- Re:Destructive botnet originating from Japan (fwd) Gadi Evron (Dec 25)