[693] in Intrusion Detection Systems
Re: Intrusion and Attack Scenarios
daemon@ATHENA.MIT.EDU (Vin McLellan)
Fri May 31 10:42:07 1996
Date: Thu, 30 May 1996 09:01:45 -0400
To: ids@uow.edu.au
From: vin@shore.net (Vin McLellan)
Reply-To: ids@uow.edu.au
>Hi everybody,
>
>
> Can anyone help me finding a list and details of Intrusion and
>Attack Scenarios ?
>
Check out Marcus Ranum's html slide-show, "Taxonomy of Network
Attacks," at URL: <http://www.v-one.com/pubs/attacks/index.html>
It's comprehensive and downright depressing.
On the other hand, CERT incident reports make it clear that the
most dangerous attacks focus on hackers and others using
* sniffers or
* trojan horse program or
* CRACK attacks on encypted password files
... all to obtain old-fashioned reusable passwords.
CERT's Summaries (which endlessly repeat the same unaddressed
threats) are available at URL: <http://www.cert.org>
With the variety of one-time password schemes available (not only
commercial tokens like the SecurID and its competitors, but freeware like
s/key and OPIE) what is the justification for leaving valuable resources so
vulnerable?
Suerte,
_Vin
Vin McLellan +The Privacy Guild+ <vin@shore.net>
53 Nichols St., Chelsea, Ma. 02150 USA Tel: (617) 884-5548
<*><*><*><*><*><*><*><*><*>
