Which takes more skill - defence or attack? - Page 5

View Poll Results: Who will win the worldcup?

Voters
21. You may not vote on this poll
  • Brazil

    6 28.57%
  • Czech republic

    1 4.76%
  • Holland

    2 9.52%
  • England

    5 23.81%
  • France

    1 4.76%
  • Italy

    2 9.52%
  • Argentine

    1 4.76%
  • Germany

    5 23.81%
Multiple Choice Poll.
Page 5 of 8 FirstFirst ... 34567 ... LastLast
Results 41 to 50 of 79

Thread: Which takes more skill - defence or attack?

  1. #41
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,024
    Being intentionally offensive and having been banned twice and avoided the ban hammer for the 3rd time so far certainly takes much more skill than being inoffensively additive to a discussion. While one may be more useful than another, unless your a politictian, one certainly takes more skill. However, if you are unoffensively adding to a discussion with unbiased, truthful, and offensive to some people because it strikes fear of truth into their hearts, you are even more skilled. Antagonization is a world renowned skill perfected by the democrats and older brothers everywhere.


    Sorry, that post was the most meaningless, stupid post ever, but it sure as hell was fun.
    [H]ard|OCP <--Best hardware/gaming news out there--|
    pwned.nl <--Gamers will love this one --|
    Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.

  2. #42
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Originally posted here by gore
    Some people seem to think defending is hard..

    Home user: installs a firewall with Macfee or Norton. Done.

    Attacker has to code an exploit, find a way in, use it, get admin or root, and hide his tracks.

    Yea, I can see why someone would say it's harder...
    "Home hacker:"
    "Oh, geez a new tool for me attack do l33t. lemme d/l it and attack M$"

    If you read the entire thread, we are not discussing this.

    Please Gore, if you dont have anything to add to the discussion, just dont... post.
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  3. #43
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by cacosapo
    "Home hacker:"
    "Oh, geez a new tool for me attack do l33t. lemme d/l it and attack M$"

    If you read the entire thread, we are not discussing this.

    Please Gore, if you dont have anything to add to the discussion, just dont... post.
    "Which takes more skill - defence or attack?"

    Hmm silly me, maybe it's not English?

    And he said ATTACK. NOT DDOS. NOT some other sack of **** where no one is successfull. And who the hell are you telling me if I have nothing to add don't reply?

    Average Defense:

    Set up a firewall and permissions.

    Average attack, Try to find a way to expoit how it was set up or the software. I don't think you understand the amount of effort that goes into an actual sucessfull attack.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  4. #44
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    OFF TOPIC:


    Originally posted here by gore
    . And who the hell are you telling me if I have nothing to add don't reply?
    Im am the guy that is trying to contribute to the thread and not be "funny".
    If you had read carefully the thread you notice that is about enterprise, business, companies, professional hacker/crackers and professional admins.

    BTW, i know what is the "average effort" to do a successfully attack. just download a tool and attack.
    Or you mean the "average effort" to "create something"? I know how hard is create anything on this area, including a successfully buffer overflow. Do you? from scratch?

    Again, Nobody is talking about that.
    We are talking about "coders" (attackers) and professional admins (not a home user).

    If you at least tried to read, before starting to be "a funny guy", i do believe that you can contribute a lot to it (because at least i think that you know something).
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  5. #45
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    "Which takes more skill - defence or attack?"

    Hmm silly me, maybe it's not English?

    And he said ATTACK. NOT DDOS. NOT some other sack of **** where no one is successfull. And who the hell are you telling me if I have nothing to add don't reply?
    Co-sign and cacosapo that wasn't needed. Anyways, back on topic..

    I think the average defense concerns more than merely setting up the firewall and it's permissions. You can't simply load up a firewall and it's settings and think you're safe. Log files must be attended to regularly, monitering, updates, etc.. Now for the average attack, it can vary from something small (running an already coded exploit on a machine) to actually going through the steps of the "Anatomy of the Hack". This was something I read on AO and on other sites awhile back:

    Anatomy of The Hack

    Foot printing

    Objective
    Target address range, namespace acquisition, and gathering information are essential to a surgical attack. The key is not to miss any detail

    Techniques
    Open source search
    Whois
    Wed interface whois
    DNS zone Tran sphere

    Scanning

    Objective
    Bulk target assessment and identification of listening services focus the attacker attention on the most promising avenues for entry.

    Techniques

    Ping sweep
    TCP/UDP port scan
    OS detection

    Enumeration

    Objective
    More intrusive probing now begins as attackers begin to identified valid user accounts or poorly protected recourse shares.

    Techniques

    List of user accounts
    List of share files
    Identify applications

    Gaining access

    Objective
    Enough data has been collected to allow an informed attempt to access the target.

    Techniques

    Password eve dropping
    File share brute forcing
    Password file grab
    Buffer overflows

    note this can go straight to DOS attacks after this step or they may continue on down the chain

    Escalating privileged

    Objectives

    If only user level access has been obtained in the last step the attacker will now seek to gain compete control over the system

    Techniques

    Password cracking
    Known exploits

    Pilfering
    Objectives

    The information gathering process to begin to identify access to trusted systems.

    Techniques

    Evaluate trusts
    Search for clear text passwords

    Covering track

    Objectives
    Once total ownership of the target is secured, hiding this fact from the systems administrator becomes paramount.

    Techniques

    Clear logs
    Hide tools

    Create back doors

    Objectives

    To insure that the intruder has privileged access whenever they choose.

    Techniques
    Create rogue user accounts
    Schedule batch jobs
    Infect start up files
    Plant RAT's
    Install monitoring systems
    Replace app with trojens

    Denial of service

    Objective
    If the attacker is unsuccessful in gaining access they may use a readily available exploit code to disable the target as a last resort

    Techniques

    SYN flood
    ICMP techniques
    Identical src/dst SYN requests
    Overlapping fragment/offset bugs
    Out of bound TCP options(OOB)
    DDos
    THAT takes skill, talent, aswell as time/patience.
    Space For Rent.. =]

  6. #46
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by cacosapo
    OFF TOPIC:



    You're dragging this off topic to tell ME not to do the same? Nice one.



    Im am the guy that is trying to contribute to the thread and not be "funny".

    I'm not trying to be ANYTHING... I said what I thought about this, how you took it is not my problem, nor will it become one.


    If you had read carefully the thread you notice that is about enterprise, business, companies, professional hacker/crackers and professional admins.
    You just countered yourself. You said an attacker can simply download something, now were talking about coder and admins? Hmm, when you pick which one it is we are in deed talking about you let me know and I'll reply to THAT.

    BTW, i know what is the "average effort" to do a successfully attack.
    Successful, as in, rooted, not caught, logs show nothing and admin knows nothing about it. That takes a lot of things.


    just download a tool and attack.

    Yea, that way it shows up in the logs.... Or better yet you accidently target the wrong system and some Windows admin wonders why a Unix shell exploit shows up in an IIS log.


    Or you mean the "average effort" to "create something"? I know how hard is create anything on this area, including a successfully buffer overflow. Do you? from scratch?
    I know hex and binary and some Perl, that's enough for just about any buffer overflow. IU don't use overlows, those can be patched, but stupidity can not.


    We are talking about "coders" (attackers) and professional admins (not a home user).
    Perhaps the poster should have named this thread admin VS coders then? Or was it being dragged off his original topic?

    Does it take more skill to attack a network or defend a network? or is it about even?
    Seems like he asked a simple question and some dick head took it another way and dragged it off topic to mean what THEY wanted it to mean. Like your example of what we are talking about and not talking... I gave my contribution saying an attacker needed more. The more an admin knows the harder and more creative they have to be not to get whacked.


    Also, to what extent do attacker and defender share the same skillset and to what extent is it different?
    I brought up my point on a home user installing a firewall and an attacker having to find a way around it. He mentions NOTHING of professionals.

    If you at least tried to read, before starting to be "a funny guy", i do believe that you can contribute a lot to it (because at least i think that you know something).
    And when you stop pretending you know me or what I mean by anything, you can make a statement like that where I'll listen to it.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  7. #47
    King Arana: Super Moderator
    Join Date
    Oct 2002
    Posts
    4,055
    *sigh*

    You must spread your AntiPoints around before giving it to gore again.
    Oh well.. and guys, can we please not turn this thread to ****? I like this topic. Cacosapo, like I said, your comments weren't needed. I appreciate the greens and ****, but honestly you should knock it off for now and help to get back ON topic.

    Bleh, I guess I'm guilty of the same **** now. Shame on me....
    Space For Rent.. =]

  8. #48
    Junior Member
    Join Date
    Jun 2005
    Posts
    9
    I think Defense requires more knowledge. I mean there are programs out there that makes attacking easy for any new comer however, you actually have to know what your doing inorder to protect a network, and that means having knowledge in all the different ways an attacker can penetrate a network.

  9. #49
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    gore, now this is where it depends as to what you classify to be defender/attackers.

    average attack = find firewall...move on

    or

    find firewall, determine type then google for exploits. didn't work...move on

    thats if we're talking 'average'.

    now if we're talking skilled professionals....pro thiefs vs. pro security specialists then the numbers drop to a minimum on both sides and these can't even be put into the same catagory as the above groups. with the hacker using code that they write themselves for the particular situation their facing.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  10. #50
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    This is a bad question for two reasons:
    1. It varies from situation to situation, environment to environment.
    2. There will always be arguments as to which side is more effective, and there are several good points to each side. A more useable discussion might be:
    Which is better? To keep your 'opponent' acting, or reacting? You can do both on either side of the fence, and I think you'll probably end up with a more useable discussion of technique than a simple "what's harder -- defending or attacking?"
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides