Which takes more skill - defence or attack?

[The Grunt]

Originally posted here by gore
Just like the attacker has to stay a step ahead of the defender....

How many of you in this thread have actually rooted a box without ANYONE knowing about it?

How many people defend against that each day? (All of us I'd assume).

For each successfull attack there are 200 non.

A successfull attack doesn't mean much.. I could get admin on about half of the companies in my town without being detected... COULD I get detected, YES, by someone who knew wtf they were doing, but most of the IT people in this **** town are either "self taught" folks who don't know **** but have the arrogance of a teenage jock or people straight out of devry or the community college who passed with Bs and have no real knowledge of how to properly run a network... It's ****ing sad when I could run a better network if I worked there for a month with no real schooling compared to their 2 years of school.

[Aspman]

Defender must also protect against the action of his/her users with access. The also have the potential to compromise the system accidentally or otherwise.

The defender is defending on 2 fronts and also working blind against the attacks that may be launched.

The defender also has to work within the rules of his/her organisation which may mean fighting with one hand behind your back or opening doors in their defense on the instruction of managers.

The attacker follows no rules but those set by himself/herself.

[gore]

The only limits are those we set on ourselves.

[Kthln01]

Many attackers (as previously stated) piggy back off of other's previous work. This is obviously easy to do. With the rapid change in technology, defenses have already been set up for these attacks.

For attackers to come up with "new" ways to hit a system (hard) could be difficult, but in the end, the real forte comes in providing a worthwhile defense.

Just my verbose way of agreeing with the majority.....sorry.

[gore]

I rarely agree with a majority. Complacent consent is the enemy.

anyone can set up a good firewall, get a good Policy and then the attacker needs to find a way in. I don't think I've heard of many successfull attacks where someone used a program.

[Spyder32]

Defender must also protect against the action of his/her users with access. The also have the potential to compromise the system accidentally or otherwise.

Agreed. It's also something that a defender must do that the attacker doesn't obviously.

The only limits are those we set on ourselves.

Co-sign.

Many attackers (as previously stated) piggy back off of other's previous work.

That's not an attacker. That's a skiddie, there's a difference.

[The Grunt]

Many attackers (as previously stated) piggy back off of other's previous work.

That's not an attacker. That's a skiddie, there's a difference.

Sorry, But I'm going to have to disagree with this... I think EVERYONE piggybacks off of someone else's previous work.. How often does an attacker find a NEW vuln in a piece of software, and exploit it, and how often does a defender find a new vuln, and write his own patch for it? Not too terribly often I'd think... Skiddie's don't piggy back... they just use... Piggy backing is taking someone's work and adding to it, which happens to be the very essence of OSS. Piggy backing is something that basically must be done to be successul, using a packaged tool isn't.

Gore is also right when he says that a skiddie can't download and run something and expect to get in to a server undetected, even if the admin sucks. Why? Becuase most at least have a firewall. netbus doesn't work through a firewall that has netbus blocked.

[Spyder32]

The Grunt: Piggy Backing is that -- catching a free ride. By that meaning no work involved which leads the skiddies to Piggy Back. It basically means they are using others code and exploits and not adding nothing to it, simply using it. Thus the term "point and click", it has nothing to do with adding ANYTHING on.

I think EVERYONE piggybacks off of someone else's previous work

Possibly, in some way or another. However I know people who code their own exploits to use in a hack or people who code their own defense systems as well.

How often does an attacker find a NEW vuln in a piece of software

Happens everyday.

and how often does a defender find a new vuln, and write his own patch for it?

Again, everyday.. go on some other security websites who report vulnerabilities and exploits. They'll show you.

Piggy backing is something that basically must be done to be successul

I don't agree with that. It's not something that MUST be done to succeed.

Becuase most at least have a firewall. netbus doesn't work through a firewall that has netbus blocked.

That's right. A firewall that "has netbus blocked" usually is one with a permission or rule set TO block netbus activity.

Bleh, sorry. I think the statement "Piggy backing is taking someone's work and adding to it" is untrue. I believe it's only the first part of it and has nothing to do with adding to it.

[darkinferno9908]

I gotta say both of them because an attacker is nothing if they know nothing about how an defender does his defending and this also works the opposite way. Like the saying says, if you want to stop a hacker you have to be one.

This is close enough to be true

[Spyder32]

Like the saying says, if you want to stop a hacker you have to be one.

I guess I'm old but I never heard of that saying. You don't have to be one, but it help's to atleast possess the knowledge that a hacker would.