Security Incidents mailing list archives
Re: Analysis: AboveNet attacks
From: filipg () CORONA EPS PITT EDU (Filip M. Gieszczykiewicz)
Date: Mon, 8 May 2000 10:20:44 -0400
On Thu, 4 May 2000, Robert G. Ferrell wrote:
In penetration tests I have been involved with, any information I acquire about the networks and systems that I otherwise wouldn't know makes it much easier for me to find the weakness(es) in the defenses I am testing.On the flip side of the coin, a truly clever company might make available intentionally false network/security architecture information, just to confuse potential attackers a bit.
Not 'confuse' so much as 'fingerprint' a possible attack. If you get 5 hits on machines that don't exist along with a series of probes that yield data... you might have something interesting...
Current thread:
- Re: Analysis: AboveNet attacks Richard Bejtlich (May 01)
- Re: Analysis: AboveNet attacks Robert Graham (May 02)
- Re: Analysis: AboveNet attacks Ville (May 06)
- Re: Analysis: AboveNet attacks Paul Cardon (May 02)
- <Possible follow-ups>
- Re: Analysis: AboveNet attacks Laura Taylor (May 03)
- Re: Analysis: AboveNet attacks Robert G. Ferrell (May 04)
- Re: Analysis: AboveNet attacks Filip M. Gieszczykiewicz (May 08)
- Re: Analysis: AboveNet attacks Robert Graham (May 02)