Honeypots mailing list archives
RE: Attack Paradigm Shift? So focus on the DZ not the DMZ!
From: "Ken Kousky" <kkousky () ip3inc com>
Date: Thu, 22 May 2003 09:44:47 -0400
We should be paying attention to several important points here - first, exploits used by mass attacks can be replicated and used successfully in Q=1 (quantity one) attacks without producing a discoverable signature so there is every reason to believe that exploits will be similar. Second, many defense devices fail open when flooded or under other forms of attack. Where internal systems touched and Trojans placed during Slammer? Finally, good defenses (best practices) should be capable of warding off both types of attacks. We try to focus clients on the Defense Zone, not the DMZ. The DZ is composed of all of the systems that can be touched, in and out of the perimeter. The DZ defense is much more complex than simply plugging the internet access with firewalls. I think we're working in the right direction when we get beyond AV, VPNs and firewalls... and that will require a paradigm shift in understanding attacks and the weakness in our current Maginot Walls we call perimeters. KWK -----Original Message----- From: Roger A. Grimes [mailto:rogerg () cox net] Sent: Wednesday, May 21, 2003 4:22 PM To: Andrew.Patrick () kemperinsurance com; honeypots () securityfocus com Subject: RE: Attack Paradigm Shift? Well, certain attacks like Slammer, Nimda, most worms and viruses, and any other sort of scanning or randomly traveling piece of malware, are by nature not targeting any one specific company. Of course, maybe the cracker is trying to target one host and is using the wide-spread attack as a ruse (i.e. liken to the case of the lady who killed 8 other innocent people in her successful effort to kill her husband in the one of the Tylenol-poisoning cases in 1982). Roger
Current thread:
- Re: Attack Paradigm Shift? Andrew . Patrick (May 21)
- Re: Attack Paradigm Shift? Seth Arnold (May 21)
- RE: Attack Paradigm Shift? Roger A. Grimes (May 21)
- Re: Attack Paradigm Shift? gml (May 21)
- RE: Attack Paradigm Shift? So focus on the DZ not the DMZ! Ken Kousky (May 22)
- <Possible follow-ups>
- Re: Attack Paradigm Shift? Lance Spitzner (May 21)
- Re: Moving forward with definition of honeypots iatac vuln (May 21)