Full Disclosure mailing list archives
Re: Linux - Indicators of compromise
From: Leutnant Steiner <chk.mailbox () gmail com>
Date: Fri, 20 Jul 2012 00:10:25 +0200
http://www.rootkit.nl/projects/rootkit_hunter.html/ 2012/7/18 Григорий Братислава <musntlive () gmail com>
On Wed, Jul 18, 2012 at 8:30 AM, alex <fd () daloo de> wrote:Source MAC faking would result in switchport shutdown in someenvironments.Further you cannot communicate with outside world using broadcasts. ICMP payloads is quite common and hard to detect. Me study CISSP, too. Already CCNA Security. CCNA not worth the money.Better get CISA/CISM.You miss point. If I sent data to broadcast, original poster is say: "I will know who you are via MAC address" to which I say: "You is need to go back to Cisco bootcamp" Everyone is receive broadcast, no way for him to detect who I am since I am is not alone in receiving the broadcast. Needle in is haystack. Second, ICMP tunneling, GRE tunneling is too much trouble. Advanced Persistent Threats as defined by (is now give North Korean title to him) Super Grand Master of the Internet Universe Richard Bejtlich as advanced and is persistent. But is also stupid and lazy. Will not waste time on this is vector. Will use SSL and HTTP to is stay under radar. Attacker >>> Own is your data >>> post data in $WBEDIR >>> visit $WEBDIR using proxy [small packets] Is how else can attacker download 867 terabytes of data ( http://www.eddupdate.com/2012/02/cyberthieves-stole-867-terabytes-in-2011.html )? You believe attackers is using FTP, ICMP, GRE tunnels? No. Too noisy is this. Better to visit website like everyone else use proxy of another country, this is country take blame. MusntLive >>> use is never use 213.24.76.77 address >>> use proxy 210.75.193.49 >>> download data \ Supreme Grand Master of Internet Universe >>> analyze >>> see proxychant APT APT APT >>> See I told you is China \Fox News >>> report on Chinese threat \ MusntLive >>> facepalm at report and go back is drink Stoli CISA/CISM is have nothing on InfoSecInstitute! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Disclaimer: This communication may contain confidential, proprietary or legally privileged information. It is intended only for the person(s) to whom it is addressed. If you are not an intended recipient, you may not use, read, retransmit, disseminate or take any action in reliance upon it. Please notify the sender that you have received it in error and immediately delete the entire communication, including any attachments. I do not encrypt and cannot ensure the confidentiality or integrity of external e-mail communications and, therefore, I cannot be responsible for any unauthorized access, disclosure, use or tampering that may occur during transmission. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. I accept no liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Linux - Indicators of compromise Ali Varshovi (Jul 16)
- Re: Linux - Indicators of compromise Michael Stummvoll (Jul 16)
- Re: Linux - Indicators of compromise valdis . kletnieks (Jul 16)
- Re: Linux - Indicators of compromise Gary Baribault (Jul 16)
- Re: Linux - Indicators of compromise Benji (Jul 16)
- Re: Linux - Indicators of compromise Giles Coochey (Jul 17)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 17)
- Re: Linux - Indicators of compromise Giles Coochey (Jul 19)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 18)
- Message not available
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 18)
- Re: Linux - Indicators of compromise Leutnant Steiner (Jul 20)
- Re: Linux - Indicators of compromise Gary Baribault (Jul 16)
- Re: Linux - Indicators of compromise Giles Coochey (Jul 25)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 25)
- Re: Linux - Indicators of compromise Scott Solmonson (Jul 26)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 26)
- Re: Linux - Indicators of compromise valdis . kletnieks (Jul 26)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 26)
- Re: Linux - Indicators of compromise Scott Solmonson (Jul 28)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 30)
- Re: Linux - Indicators of compromise jerry (Jul 28)