Case study #1

The following is a mixture of tactics from several incidents occuring in 1997 and 1998.

Attack scenario

Lessons Learned


(1) "Attacker" here means one or more people involved in a single incident, or series of incidents.

(2) DNS spoofing is described in several pages on the web, including:

(3) "Choice targets" are more of your favorite systems that don't yield to remote attacks, file servers (where you can get access to lots of accounts and big password files), name servers (for DNS cache poising), systems with compilers that run operating systems to which you don't otherwise have access, and IRC servers that make it easier for you to attack or monitor channels.

Dave Dittrich <>
Last modified: Tue Mar 30 13:01:40 1999