On 28 Jan 97 , Todd Graham Lewis wrote:
> On Tue, 28 Jan 1997, Erwin Schuermann wrote:
>
> > I meant, f.i., the web-worms like the one Alta-Vista uses. These
> > agents are also available for private use, so a person (e.g. hacker)
> > can also get them, or code one himself. IMHO these worms can only
> > use known holes in a system. Another point where they can be used is
> > for instance in a denial of service attack, by just putting several
> > copies of an agent on the web.
>
> Eh? How is this in any way preferrable to a simple "perl -e 'for(;;){send
> query}'"? I'm afraid that I don't see "these agents" as much of a problem;
> it's a case of a tool completely unsuited to use as an instrument of
> attack.
If you have the knowledge to do that in Perl. Fact is that there
are such agents available completely with source code for f.i. NT
and '95 so they can be manipulated to meet someones demands. These
agents can also be configured using a GUI. They can be almost as
powerfull as the tools mentioned above
> > I think this is a real threat.
>
> "Butter knives use the same fundamental mechanisms as meat cleavers,
> therefore butter knives are a real threat, especially in the hands of
> malicious people."
>
> Sure, it could be used by malicious users, but malicious users will use
> something a _tad_ more effective, like strobe ot tcpspray or syn attacks
> or simple "my bandwidth is bigger than your bandwidth" IP-spoofed ping
> floods.
I agree, of course an experienced attacker would use other tools, but
that wasn't my question. I just want to know what the possibilities
are with these agents.
> Plus, denial of service attacks are unimportant anyway. After all, all of
> us let ActiveX through our firewall, right?
No. And I think a denial of service attack _can_ be very important.
> Some of us even run NT.
Please don't start a flamewar ;-)
> > An
> > agent can do al the things on the web a normal person can do, and
> > that automatically, that means faster and in a more voluminous way.
>
> So can perl scripts, only perl scripts are even faster and more
> voluminous. And far better suited. And more consume fewer resources on
> the attacker's side. And yield better results. And cause more havoc.
> And reduce the chances of your being caught. And do a better job. Did I
> mention that I really don't think this is a threat? Am I talking to
> myself again?
Again, your right there, its better done with perl, but that is not
my concern. I'm studying the fact in how far these agents can be used
to acomplish an attack, f.i. by users who have windows '95 or NT and
don't know how to use Perl, and also what attacks are possible. I'm not
interested in perl. With an attack, I also mean the fact of gaining
(certain) info which should stay company-internal, not only breaking
into a system, using a system hole (f.i. bug in www-server) or a
protocol hole or whatever.
> for($i=0;$i<100;$i++){print"Not a threat...\n";}
>
> > I'm really eager to hear if someone has faced such an attack
>
> If they did, I am sure that they laughed themselves silly.
Maybe, maybe not.
> > and if
> > i am overseeing another kind of attack that can be accomplished using
> > these agents
>
> What do you mean by overseeing? Conducting such an attack? Being
> subjected to one?
By overseeing I mean an attack i didn't mention.
> > > Or do you mean manipulating Altavista or some "personalized search
> > > engine" to do your attacks for you? Maybe if you gave an
> > > example...
> >
> > This is also an interesting point. Have you got infos or heard more about
> > such an attack. I'm really interested in this topic.
>
> It was just a stab in the dark trying to figure out what you meant. It's
> really not all that interesting.
Doei,
Erwin Schuermann
\|/
-------------------------ooO * * Ooo--------------------------------
Erwin Schuermann e-mail: schuerma @
cci .
de /|
Competence Center Informatik GmbH / |
Abt. IT-Sicherheit tel: +49 5931-805 226 CCI / |
Lohberg 10 fax: +49 5931-842-226 ---/---|---
49716 Meppen, Germany or fax: +49 5931 805-100 < |
"And you thought *Yesterday* was boring..." - _|
Follow-Ups:
|
|
