lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat Apr  1 07:53:48 2006
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: n3td3v group calls on RSA to clarify their
	stance 

On Sat, 01 Apr 2006 05:34:20 +0100, n3td3v said:
> against fake logins and their databases. Theres no way however they could
> carry out world wide attacks on hundreds of fake login targets, without the
> use of more than one ip host.

Obviously you've never bothered to look at just how much one spam can be
pumped out a single zombied machine on a cablemodem in one day, have you? ;)

You'd be amazed at what one host can do, given an actual pipe bigger than
the average consumer-grade skinny pipe, and some creative programming to
sustain more network traffic than the average browser can put on the pipe.

Remember they don't have to flood the destination host enough to kick it off
the net - they only need to send it enough bogus data so the phishers can't
find the real one.  Several tens of thousands of bogus entries per day till it
gets taken down - even if you guesstimate 10 packets per bogus connection (hint
- use http keepalives to your benefit here :), you're only looking at 100K
packets, over a 24 hour timespan that's only one or two packets per second.

Doing in 2,000 phishing hosts only needs to sustain 2,000 packets per second,
which is <rough back-of-envelope calc> only going to need a 100mbit or so pipe.
You can't do it on a single 10mbit ethernet, that's only going to give you
about 800 1500-byte packets to do the HTTP POST commands with per second.

But even hosing down 2,000 hosts with 10K bad requests each is only going to
take up about 25% of the pipe.  If you're only hitting 500 hosts, you can
probably send each one well over 100K bogus ones a day.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060401/2d982c44/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ