[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: tcp/routing question...

On Wed, 8 Jun 2005, Lai Zit Seng wrote:

Actually... sure it may not be "trivial", but at the same time it is not all that difficult.

There much easier ways to attempt to break into systems.

When attacking a sysetem wther it be a machine, a network or the whole internet, people invariabilily go for the low hanging fruit first. There's simply no reason to expend more effort than necessary.

Various address space hijacking and route injection attacks are carried out all the time, mostly in the recent past, for the purpose of sending spam, but that doesn't mean people haven't done it for other reasons.

That is true. And the attacker will (or at least ought to!) choose the weakest link, considering also the type of expertise he has.

Just because something is difficult for some people doesn't mean it is difficult for others. An analogy: Many ways to break into a house. Not everyone knows how to pick a lock... so perhaps it is easier to break the glass window. But someone else with lock picking skills would probably prefer picking the lock (preferred because no glass breaking noise to attract attention).

Breaking into computers could be similar. There are people with network expertise. They know how to subvert DNS. Or they know how to inject routes. Or they know where to find tools to do ARP spoofing. Otoh, someone else may have more skills with buffer overflowing SSH daemons, or mangling URLs to the webserver, etc. Ah, and then yet someone else might have even better social engineering skills :)

Furthermore, consider an attacker who has some motivation (e.g. monetary...) to break into the system. If he doesn't have the skills... he will find out, or he will find someone to do it, etc.

The more likely vector for attacks are inside personnel and poor
security procedures (bad passwords, sloppy firewall rules, etc.).

That's happens very often, I agree :)



-- -------------------------------------------------------------------------- Joel Jaeggli Unix Consulting joelja darkwing uoregon edu GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]