Focus on IDS
Single Stage Attacks? May 17 2009 06:39AM
snort user (snort user gmail com) (3 replies)
Re: Single Stage Attacks? May 20 2009 04:47PM
Stuart Staniford (sstaniford FireEye com)
Re: Single Stage Attacks? May 19 2009 08:22PM
dreamwvr (dreamwvr dreamwvr com)
snort user wrote:
> Greetings All,
> Typically, network based attacks have multiple stages.
> (reconnaissance, infection, download rootkit, call home, further infection etc)
> Some attacks may have a single stage (without reconnaissance) to
> compromise a host.
> However, even those attacks have a post-compromise stage, such as call home
> or transfer/steal data or something else.
> Otherwise, what's the motivation for compromising in the first place?
> Can someone enlighten me if there are attacks that only have a single stage?
> Examples or scenarios is much appreciated.
> Thanks
Any attack on mail and web systems using their default domainnames
to spray discord would fit the bill IMHO. Take any that does privilege
escalation on mail or webservers coupled with worm tendencies. Then simply
gets the type of daemon and attacks accordingly. Most often it will get
enough information to wreak havoc by the way the daemons responds..
That is all..
Best Regards,
dreamwvr (at) dreamwvr (dot) com [email concealed]
ps - sure you could consider this
a multi level attack if you want

[ reply ]
Re: Single Stage Attacks? May 19 2009 04:33PM
Jamie Riden (jamie riden gmail com)


Privacy Statement
Copyright 2010, SecurityFocus