The Initial Intrusions
- Initial root compromise points of origin
- "No charge" ISPs
- Single PPP account "guest", password "password"
- No AUP, no user records, no Caller-ID, no trap/trace
- Compromised systems in Korea, Germany, Sweden, Jamaica, UK, etc.
- Compromised name servers, web servers, home systems,
software development companies, "day trading" companies,
e-commerce sites, ISPs, NASA, .mil sites... you name it
- Using wingate and telnet gateways to bounce off
foreign sites
- Stolen dialup accounts
- 24x7 scanning, sifting into sets
of single architecture/service/vulnerability combination
- Attacks then come in waves, hitting many
systems in a very short time period:exploit,
install backdoor, install tools, lather, rinse, repeat
- Anatomy of setting up a DDoS network
- Often using "Root Kits" to conceal programs/files/connections
[Next]
|
[Prev]
|
[Top]
Dave Dittrich <dittrich@cac.washington.edu>
Last modified: Thu Jul 6 14:07:08 PDT 2000