Security Incidents mailing list archives
attack strategy
From: azimuth <lozah () io com>
Date: Wed, 20 Sep 2000 14:02:57 CDT
A good example of kiddie methods, probably pretty effective for compromising a large number of hosts. Attached are snort generated excerpts from syslog and portscan.log. Seems obvious what's going on: 16:39 Scan for a service. Rpcbind / statd in this case. 17:07 Throw an exploit at systems running the service which will install a backdoor if successful. 17:57 Scan for the port your backdoor runs on. V/R az
Attachment:
091900a
Description:
Attachment:
091900b
Description:
Current thread:
- attack strategy azimuth (Sep 21)