Re: Multi stage attacks on networks?

From: David Efflandt (efflandt_at_xnet.com)
Date: 04/30/04 

Date: Fri, 30 Apr 2004 05:37:01 +0000 (UTC)

On 29 Apr 2004, Sudhakar Govindavajhala <sudhakarg79@hotmail.com> wrote:
> Hi
>
> I am a Ph.D. student studying network security at Princeton
> University. I am trying to see if attacker can use a series of
> vulnerabilities to take over a particular resource. Has there been prior
> work on this topic earlier? Can someone give me a real example where the
> adversary actually uses a series of vulnerabilities to break into a
> resource?
>
> May be he uses the webserver in DMZ and then uses it to get access
> to fileserver and then uses it to compromise something else?

The Nimda worm (which is still going around years after discovered) was a
perfect example of multiple avenues of attack. IIS webservers directly
infected other IIS servers, it set up a default website containing a
readme.eml which if accessed with MSIE would infect through Outlook
Express (or Outlook), and it also spread through Win file sharing.

There is also the ever popular DoS (denial of service) attack where
comprimised machines will generate excessive, malformed, or spoofed
traffic, causing a resource to be effectively unavailable.

Many of the vulnerabilities are buffer overflows, which if properly
crafted, can execute arbitrary code under whatever user a server is
running as. 

-- 
David Efflandt - All spam ignored  http://www.de-srv.com/

Relevant Pages