lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CADYtyvL+znY2eyCitSi=xtMdWTrHrFi+Scy--g1djNdv4-t7fA@mail.gmail.com>
Date: Wed, 18 Jul 2012 09:48:16 -0400
From: Григорий Братислава <musntlive@...il.com>
To: alex <fd@...oo.de>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Linux - Indicators of compromise

On Wed, Jul 18, 2012 at 8:30 AM, alex <fd@...oo.de> wrote:
> Source MAC faking would result in switchport shutdown in some environments.
> Further you cannot communicate with outside world using broadcasts.
> ICMP payloads is quite common and hard to detect.
>
> Me study CISSP, too. Already CCNA Security. CCNA not worth the money. Better get CISA/CISM.
>
>

You miss point. If I sent data to broadcast, original poster is say:
"I will know who you are via MAC address" to which I say: "You is need
to go back to Cisco bootcamp" Everyone is receive broadcast, no way
for him to detect who I am since I am is not alone in receiving the
broadcast. Needle in is haystack.

Second, ICMP tunneling, GRE tunneling is too much trouble. Advanced
Persistent Threats as defined by (is now give North Korean title to
him) Super Grand Master of the Internet Universe Richard Bejtlich as
advanced and is persistent. But is also stupid and lazy. Will not
waste time on this is vector. Will use SSL and HTTP to is stay under
radar.

Attacker >>> Own is your data >>> post data in $WBEDIR >>> visit
$WEBDIR using proxy [small packets]

Is how else can attacker download 867 terabytes of data
(http://www.eddupdate.com/2012/02/cyberthieves-stole-867-terabytes-in-2011.html)?
You believe attackers is using FTP, ICMP, GRE tunnels? No. Too noisy
is this. Better to visit website like everyone else use proxy of
another country, this is country take blame.

MusntLive >>> use is never use 213.24.76.77 address >>> use proxy
210.75.193.49 >>> download data \
Supreme Grand Master of Internet Universe >>> analyze >>> see proxy
>>> chant APT APT APT >>> See I told you is China \
Fox News >>> report on Chinese threat \
MusntLive >>> facepalm at report and go back is drink Stoli

CISA/CISM is have nothing on InfoSecInstitute!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ