Horst von Brand <vonbrand@sleipnir.valparaiso.cl> writes:
> "Michael H. Warfield" <mhw@wittsend.com> said:
> > On Wed, Apr 19, 2000 at 02:31:29PM -0400, Theodore Y. Ts'o wrote:
>
> [...]
>
> > > Keep in mind that you don't necessarily get one shot at things ----
> > > apache for example will has a watcher process which will restart worker
> > > processes which have core'd themselves. So you can try arbitrary number
> > > of times to guess the stack pointer, until you finally get it right.
> > > The same is of course true of any program fired out of inetd.conf ---
> > > like telnetd, ftpd, etc.
>
> > Good points... Of course, the inetd case is not totally unbounded.
> > You'll run into the infamous "server respawning too quickly - shuting down
> > for five minutes" type problem that will limit some of that kind of action
> > given large enough numbers. Still have the Murphy principle involved that
> > says it WILL happen sooner or later.
>
> If I was a cracker, I'd collect a few dozen or so likely victims first, and
> then try the attack against each one in turn, with random offsets. Sooner
> or later I'll have netted a few. Note that the current crop of kiddies are
> out recruiting machines for DDoSes, it doesn't matter much to them whom
> they get as long as they get enough to crash the objective.
Script Kiddy just want to break in a machine,
so they just scan whatever IP address they found and try a simple exploit...
Hacker, in general, have a goal...
This mean they want to end up on one defined machine...
For that they will probably start by hacking one of the machine on the
network; once on the network, that is easy.
For the ddos stuff,
i'd just answer you that it do not correspond to basic hacker
stereotype :
- This is not a challenge to crash a machine.
- Not for a monney gain.
- Not for a cause.
- Not for the recognition.
But ( and this is becoming offtopic ) what i can see
is that the gov't is actually trying to make rules happen
on the internet, as a result, quite a big number of people
aren't happy...
Ddos can symply be an exscuse for the gov't, to monitor
the internet.
>
> [...]
>
> > Ok... I understand that's a question that can not be answered.
> > There are too many independent variables such as the level of access,
> > how rapidly and exploit can be delivered and recycled (the inetd
> > limitation), how valuable is the trophy (some attacks won't buy you enough
> > gain to make them worth while but others could warrent days of attacks),
> > and how high is the chance of detection (noisy exploits would have to be
> > effective in fewer shots than "quiet" or stealth exploits).
>
> Sadly, the sysadmin savvy has gone down too; and with much more machines to
> tend, even noisy attacks are bound to be ignored by many. Remember there
> are plenty of targets out there, and the Internet is still growing at
> something like 100% a year.
--
-- Yoann, http://prelude.sourceforge.net
It is well known that M$ products don't call free() after a malloc().
The Unix community wish them good luck for their future developments.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Apr 23 2000 - 21:00:16 EST