Which takes more skill - defence or attack?

[The Grunt]

Being intentionally offensive and having been banned twice and avoided the ban hammer for the 3rd time so far certainly takes much more skill than being inoffensively additive to a discussion. While one may be more useful than another, unless your a politictian, one certainly takes more skill. However, if you are unoffensively adding to a discussion with unbiased, truthful, and offensive to some people because it strikes fear of truth into their hearts, you are even more skilled. Antagonization is a world renowned skill perfected by the democrats and older brothers everywhere.


Sorry, that post was the most meaningless, stupid post ever, but it sure as hell was fun.

[cacosapo]

Originally posted here by gore
Some people seem to think defending is hard..

Home user: installs a firewall with Macfee or Norton. Done.

Attacker has to code an exploit, find a way in, use it, get admin or root, and hide his tracks.

Yea, I can see why someone would say it's harder...

"Home hacker:"
"Oh, geez a new tool for me attack do l33t. lemme d/l it and attack M$"

If you read the entire thread, we are not discussing this.

Please Gore, if you dont have anything to add to the discussion, just dont... post.

[gore]

Originally posted here by cacosapo
"Home hacker:"
"Oh, geez a new tool for me attack do l33t. lemme d/l it and attack M$"

If you read the entire thread, we are not discussing this.

Please Gore, if you dont have anything to add to the discussion, just dont... post.

"Which takes more skill - defence or attack?"

Hmm silly me, maybe it's not English?

And he said ATTACK. NOT DDOS. NOT some other sack of **** where no one is successfull. And who the hell are you telling me if I have nothing to add don't reply?

Average Defense:

Set up a firewall and permissions.

Average attack, Try to find a way to expoit how it was set up or the software. I don't think you understand the amount of effort that goes into an actual sucessfull attack.

[cacosapo]

OFF TOPIC:

Originally posted here by gore
. And who the hell are you telling me if I have nothing to add don't reply?

Im am the guy that is trying to contribute to the thread and not be "funny".
If you had read carefully the thread you notice that is about enterprise, business, companies, professional hacker/crackers and professional admins.

BTW, i know what is the "average effort" to do a successfully attack. just download a tool and attack.
Or you mean the "average effort" to "create something"? I know how hard is create anything on this area, including a successfully buffer overflow. Do you? from scratch?

Again, Nobody is talking about that.
We are talking about "coders" (attackers) and professional admins (not a home user).

If you at least tried to read, before starting to be "a funny guy", i do believe that you can contribute a lot to it (because at least i think that you know something).

[Spyder32]

"Which takes more skill - defence or attack?"

Hmm silly me, maybe it's not English?

And he said ATTACK. NOT DDOS. NOT some other sack of **** where no one is successfull. And who the hell are you telling me if I have nothing to add don't reply?

Co-sign and cacosapo that wasn't needed. Anyways, back on topic..

I think the average defense concerns more than merely setting up the firewall and it's permissions. You can't simply load up a firewall and it's settings and think you're safe. Log files must be attended to regularly, monitering, updates, etc.. Now for the average attack, it can vary from something small (running an already coded exploit on a machine) to actually going through the steps of the "Anatomy of the Hack". This was something I read on AO and on other sites awhile back:

Anatomy of The Hack

Foot printing

Objective
Target address range, namespace acquisition, and gathering information are essential to a surgical attack. The key is not to miss any detail

Techniques
Open source search
Whois
Wed interface whois
DNS zone Tran sphere

Scanning

Objective
Bulk target assessment and identification of listening services focus the attacker attention on the most promising avenues for entry.

Techniques

Ping sweep
TCP/UDP port scan
OS detection

Enumeration

Objective
More intrusive probing now begins as attackers begin to identified valid user accounts or poorly protected recourse shares.

Techniques

List of user accounts
List of share files
Identify applications

Gaining access

Objective
Enough data has been collected to allow an informed attempt to access the target.

Techniques

Password eve dropping
File share brute forcing
Password file grab
Buffer overflows

note this can go straight to DOS attacks after this step or they may continue on down the chain

Escalating privileged

Objectives

If only user level access has been obtained in the last step the attacker will now seek to gain compete control over the system

Techniques

Password cracking
Known exploits

Pilfering
Objectives

The information gathering process to begin to identify access to trusted systems.

Techniques

Evaluate trusts
Search for clear text passwords

Covering track

Objectives
Once total ownership of the target is secured, hiding this fact from the systems administrator becomes paramount.

Techniques

Clear logs
Hide tools

Create back doors

Objectives

To insure that the intruder has privileged access whenever they choose.

Techniques
Create rogue user accounts
Schedule batch jobs
Infect start up files
Plant RAT's
Install monitoring systems
Replace app with trojens

Denial of service

Objective
If the attacker is unsuccessful in gaining access they may use a readily available exploit code to disable the target as a last resort

Techniques

SYN flood
ICMP techniques
Identical src/dst SYN requests
Overlapping fragment/offset bugs
Out of bound TCP options(OOB)
DDos

THAT takes skill, talent, aswell as time/patience.

[gore]

Originally posted here by cacosapo
OFF TOPIC:

You're dragging this off topic to tell ME not to do the same? Nice one.

Im am the guy that is trying to contribute to the thread and not be "funny".

I'm not trying to be ANYTHING... I said what I thought about this, how you took it is not my problem, nor will it become one.

If you had read carefully the thread you notice that is about enterprise, business, companies, professional hacker/crackers and professional admins.

You just countered yourself. You said an attacker can simply download something, now were talking about coder and admins? Hmm, when you pick which one it is we are in deed talking about you let me know and I'll reply to THAT.

BTW, i know what is the "average effort" to do a successfully attack.

Successful, as in, rooted, not caught, logs show nothing and admin knows nothing about it. That takes a lot of things.

just download a tool and attack.

Yea, that way it shows up in the logs.... Or better yet you accidently target the wrong system and some Windows admin wonders why a Unix shell exploit shows up in an IIS log.

Or you mean the "average effort" to "create something"? I know how hard is create anything on this area, including a successfully buffer overflow. Do you? from scratch?

I know hex and binary and some Perl, that's enough for just about any buffer overflow. IU don't use overlows, those can be patched, but stupidity can not.

We are talking about "coders" (attackers) and professional admins (not a home user).

Perhaps the poster should have named this thread admin VS coders then? Or was it being dragged off his original topic?

Does it take more skill to attack a network or defend a network? or is it about even?

Seems like he asked a simple question and some dick head took it another way and dragged it off topic to mean what THEY wanted it to mean. Like your example of what we are talking about and not talking... I gave my contribution saying an attacker needed more. The more an admin knows the harder and more creative they have to be not to get whacked.

Also, to what extent do attacker and defender share the same skillset and to what extent is it different?

I brought up my point on a home user installing a firewall and an attacker having to find a way around it. He mentions NOTHING of professionals.

If you at least tried to read, before starting to be "a funny guy", i do believe that you can contribute a lot to it (because at least i think that you know something).

And when you stop pretending you know me or what I mean by anything, you can make a statement like that where I'll listen to it.

[Spyder32]

*sigh*

You must spread your AntiPoints around before giving it to gore again.

Oh well.. and guys, can we please not turn this thread to ****? I like this topic. Cacosapo, like I said, your comments weren't needed. I appreciate the greens and ****, but honestly you should knock it off for now and help to get back ON topic.

Bleh, I guess I'm guilty of the same **** now. Shame on me....

[SGT-Zer0]

I think Defense requires more knowledge. I mean there are programs out there that makes attacking easy for any new comer however, you actually have to know what your doing inorder to protect a network, and that means having knowledge in all the different ways an attacker can penetrate a network.

[Tedob1]

gore, now this is where it depends as to what you classify to be defender/attackers.

average attack = find firewall...move on

or

find firewall, determine type then google for exploits. didn't work...move on

thats if we're talking 'average'.

now if we're talking skilled professionals....pro thiefs vs. pro security specialists then the numbers drop to a minimum on both sides and these can't even be put into the same catagory as the above groups. with the hacker using code that they write themselves for the particular situation their facing.

[chsh]

This is a bad question for two reasons:
1. It varies from situation to situation, environment to environment.
2. There will always be arguments as to which side is more effective, and there are several good points to each side. A more useable discussion might be:
Which is better? To keep your 'opponent' acting, or reacting? You can do both on either side of the fence, and I think you'll probably end up with a more useable discussion of technique than a simple "what's harder -- defending or attacking?"