View Poll Results: Who will win the worldcup?
- Voters
- 21. You may not vote on this poll
-
Brazil
-
Czech republic
-
Holland
-
England
-
France
-
Italy
-
Argentine
-
Germany
-
July 4th, 2005, 06:09 PM
#41
Being intentionally offensive and having been banned twice and avoided the ban hammer for the 3rd time so far certainly takes much more skill than being inoffensively additive to a discussion. While one may be more useful than another, unless your a politictian, one certainly takes more skill. However, if you are unoffensively adding to a discussion with unbiased, truthful, and offensive to some people because it strikes fear of truth into their hearts, you are even more skilled. Antagonization is a world renowned skill perfected by the democrats and older brothers everywhere.
Sorry, that post was the most meaningless, stupid post ever, but it sure as hell was fun.
[H]ard|OCP <--Best hardware/gaming news out there--|
pwned.nl <--Gamers will love this one --|
Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.
-
July 4th, 2005, 07:30 PM
#42
Originally posted here by gore
Some people seem to think defending is hard..
Home user: installs a firewall with Macfee or Norton. Done.
Attacker has to code an exploit, find a way in, use it, get admin or root, and hide his tracks.
Yea, I can see why someone would say it's harder...
"Home hacker:"
"Oh, geez a new tool for me attack do l33t. lemme d/l it and attack M$"
If you read the entire thread, we are not discussing this.
Please Gore, if you dont have anything to add to the discussion, just dont... post.
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
July 4th, 2005, 07:37 PM
#43
Originally posted here by cacosapo
"Home hacker:"
"Oh, geez a new tool for me attack do l33t. lemme d/l it and attack M$"
If you read the entire thread, we are not discussing this.
Please Gore, if you dont have anything to add to the discussion, just dont... post.
"Which takes more skill - defence or attack?"
Hmm silly me, maybe it's not English?
And he said ATTACK. NOT DDOS. NOT some other sack of **** where no one is successfull. And who the hell are you telling me if I have nothing to add don't reply?
Average Defense:
Set up a firewall and permissions.
Average attack, Try to find a way to expoit how it was set up or the software. I don't think you understand the amount of effort that goes into an actual sucessfull attack.
-
July 4th, 2005, 08:13 PM
#44
OFF TOPIC:
Originally posted here by gore
. And who the hell are you telling me if I have nothing to add don't reply?
Im am the guy that is trying to contribute to the thread and not be "funny".
If you had read carefully the thread you notice that is about enterprise, business, companies, professional hacker/crackers and professional admins.
BTW, i know what is the "average effort" to do a successfully attack. just download a tool and attack.
Or you mean the "average effort" to "create something"? I know how hard is create anything on this area, including a successfully buffer overflow. Do you? from scratch?
Again, Nobody is talking about that.
We are talking about "coders" (attackers) and professional admins (not a home user).
If you at least tried to read, before starting to be "a funny guy", i do believe that you can contribute a lot to it (because at least i think that you know something).
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
July 4th, 2005, 08:14 PM
#45
"Which takes more skill - defence or attack?"
Hmm silly me, maybe it's not English?
And he said ATTACK. NOT DDOS. NOT some other sack of **** where no one is successfull. And who the hell are you telling me if I have nothing to add don't reply?
Co-sign and cacosapo that wasn't needed. Anyways, back on topic..
I think the average defense concerns more than merely setting up the firewall and it's permissions. You can't simply load up a firewall and it's settings and think you're safe. Log files must be attended to regularly, monitering, updates, etc.. Now for the average attack, it can vary from something small (running an already coded exploit on a machine) to actually going through the steps of the "Anatomy of the Hack". This was something I read on AO and on other sites awhile back:
Anatomy of The Hack
Foot printing
Objective
Target address range, namespace acquisition, and gathering information are essential to a surgical attack. The key is not to miss any detail
Techniques
Open source search
Whois
Wed interface whois
DNS zone Tran sphere
Scanning
Objective
Bulk target assessment and identification of listening services focus the attacker attention on the most promising avenues for entry.
Techniques
Ping sweep
TCP/UDP port scan
OS detection
Enumeration
Objective
More intrusive probing now begins as attackers begin to identified valid user accounts or poorly protected recourse shares.
Techniques
List of user accounts
List of share files
Identify applications
Gaining access
Objective
Enough data has been collected to allow an informed attempt to access the target.
Techniques
Password eve dropping
File share brute forcing
Password file grab
Buffer overflows
note this can go straight to DOS attacks after this step or they may continue on down the chain
Escalating privileged
Objectives
If only user level access has been obtained in the last step the attacker will now seek to gain compete control over the system
Techniques
Password cracking
Known exploits
Pilfering
Objectives
The information gathering process to begin to identify access to trusted systems.
Techniques
Evaluate trusts
Search for clear text passwords
Covering track
Objectives
Once total ownership of the target is secured, hiding this fact from the systems administrator becomes paramount.
Techniques
Clear logs
Hide tools
Create back doors
Objectives
To insure that the intruder has privileged access whenever they choose.
Techniques
Create rogue user accounts
Schedule batch jobs
Infect start up files
Plant RAT's
Install monitoring systems
Replace app with trojens
Denial of service
Objective
If the attacker is unsuccessful in gaining access they may use a readily available exploit code to disable the target as a last resort
Techniques
SYN flood
ICMP techniques
Identical src/dst SYN requests
Overlapping fragment/offset bugs
Out of bound TCP options(OOB)
DDos
THAT takes skill, talent, aswell as time/patience.
-
July 4th, 2005, 08:24 PM
#46
Originally posted here by cacosapo
OFF TOPIC:
You're dragging this off topic to tell ME not to do the same? Nice one.
Im am the guy that is trying to contribute to the thread and not be "funny".
I'm not trying to be ANYTHING... I said what I thought about this, how you took it is not my problem, nor will it become one.
If you had read carefully the thread you notice that is about enterprise, business, companies, professional hacker/crackers and professional admins.
You just countered yourself. You said an attacker can simply download something, now were talking about coder and admins? Hmm, when you pick which one it is we are in deed talking about you let me know and I'll reply to THAT.
BTW, i know what is the "average effort" to do a successfully attack.
Successful, as in, rooted, not caught, logs show nothing and admin knows nothing about it. That takes a lot of things.
just download a tool and attack.
Yea, that way it shows up in the logs.... Or better yet you accidently target the wrong system and some Windows admin wonders why a Unix shell exploit shows up in an IIS log.
Or you mean the "average effort" to "create something"? I know how hard is create anything on this area, including a successfully buffer overflow. Do you? from scratch?
I know hex and binary and some Perl, that's enough for just about any buffer overflow. IU don't use overlows, those can be patched, but stupidity can not.
We are talking about "coders" (attackers) and professional admins (not a home user).
Perhaps the poster should have named this thread admin VS coders then? Or was it being dragged off his original topic?
Does it take more skill to attack a network or defend a network? or is it about even?
Seems like he asked a simple question and some dick head took it another way and dragged it off topic to mean what THEY wanted it to mean. Like your example of what we are talking about and not talking... I gave my contribution saying an attacker needed more. The more an admin knows the harder and more creative they have to be not to get whacked.
Also, to what extent do attacker and defender share the same skillset and to what extent is it different?
I brought up my point on a home user installing a firewall and an attacker having to find a way around it. He mentions NOTHING of professionals.
If you at least tried to read, before starting to be "a funny guy", i do believe that you can contribute a lot to it (because at least i think that you know something).
And when you stop pretending you know me or what I mean by anything, you can make a statement like that where I'll listen to it.
-
July 4th, 2005, 08:35 PM
#47
*sigh*
You must spread your AntiPoints around before giving it to gore again.
Oh well.. and guys, can we please not turn this thread to ****? I like this topic. Cacosapo, like I said, your comments weren't needed. I appreciate the greens and ****, but honestly you should knock it off for now and help to get back ON topic.
Bleh, I guess I'm guilty of the same **** now. Shame on me....
-
July 4th, 2005, 10:46 PM
#48
Junior Member
I think Defense requires more knowledge. I mean there are programs out there that makes attacking easy for any new comer however, you actually have to know what your doing inorder to protect a network, and that means having knowledge in all the different ways an attacker can penetrate a network.
-
July 4th, 2005, 11:36 PM
#49
gore, now this is where it depends as to what you classify to be defender/attackers.
average attack = find firewall...move on
or
find firewall, determine type then google for exploits. didn't work...move on
thats if we're talking 'average'.
now if we're talking skilled professionals....pro thiefs vs. pro security specialists then the numbers drop to a minimum on both sides and these can't even be put into the same catagory as the above groups. with the hacker using code that they write themselves for the particular situation their facing.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
July 5th, 2005, 01:23 AM
#50
This is a bad question for two reasons:
1. It varies from situation to situation, environment to environment.
2. There will always be arguments as to which side is more effective, and there are several good points to each side. A more useable discussion might be:
Which is better? To keep your 'opponent' acting, or reacting? You can do both on either side of the fence, and I think you'll probably end up with a more useable discussion of technique than a simple "what's harder -- defending or attacking?"
Chris Shepherd
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|