[2948] in WWW Security List Archive
Re: 'phf' cgi-bin attack -- Distributed Coordinated Attack ?
daemon@ATHENA.MIT.EDU (Steen Larsen)
Tue Sep 17 06:41:11 1996
Date: Tue, 17 Sep 1996 10:34:40 +0200
From: Steen Larsen <steen.larsen@ed.nce.sita.int>
Reply-To: steen.larsen@ed.nce.sita.int
To: "Jordi \"Matem\`tic\" Salvat" <jordi@webarna.com>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Jordi "Matem=E0tic" Salvat wrote:
>=20
> Many Spanish ISPs are receiving attack attempts on their WWW servers...
> they detect them on their log files in entries such as:
>=20
> info26.jet.es - - [04/Sep/1996:03:17:21 +0100] "GET
....=20
> What is curious about these attacks is that they all come from differen=
t
> dial-up providers, from users apparently scattered throughout Spain.
> Maybe an "organized" group who meets and exchanges ideas over the > I-n=
et?
Maybe you have a case of a Distributed Coordinated Attack:
Frederik B. Cohen wrote an interesting article in "Computers &
Security", volume 15 no 2. The title is "A Note on Distributed
Coordinated Attacks".
He decribes a scenario were the bad guy puts some "attack code" on a
WWW server. When an innocent person browses the bad page his browser
will start to execute code that attacks another site.
The target site will see attacks that seem to originate from all
over the Internet.
Best regards
--=20
Steen Koefoed Larsen <steen.larsen@ed.nce.sita.int>
Disclaimer: This letter may contain pure garbage that differs
from the opinion of myself and the companies I work for.
SITA -- Societe Internationale de Telecommunications Aeronautiqes
R & D Nice, Heraklion - 1041 Route des Dolines, F-06560 Valbonne
Phone: +33 92.96.63.67, Fax: +33 92.96.64.92, SITATEX: NCEEMXS
E-mail@home: steenkl@dircon.co.uk, GSM Mobile: +45 40512486
*** Syntax? Why not - they tax everything else! ***
