分类: 网络与安全
2008-04-07 15:16:55
Attack Descriptions
| back | Denial of service attack against apache webserver where a client requests a URL containing many backslashes. |
| crashiis | A single, malformed http request causes the webserver to crash. |
| dict | Guess passwords for a valid user using simple variants of the account name over a telnet connection. |
| eject | Buffer overflow using eject program on Solaris. Leads to a user->root transition if successful. |
| ffb | Buffer overflow using the ffbconfig UNIX system command leads to root shell |
| format | Buffer overflow using the fdformat UNIX system command leads to root shell |
| ftp-write | Remote FTP user creates .rhost file in world writable anonymous FTP directory and obtains local login. |
| guest | Try to guess password via telnet for guest account. |
| httptunnel | There are two phases to this attack: Setup - a web "client" is setup on the machine being attacked, which is configured, perhaps via crontab, to periodically make requests of a "ser ver" running on a non-privilaeged port on the attacking machine. Action - When the periodic requests are recieved, the server encapsulates commands to be run by the "client" in a cookie.. things like "cat /etc/passwd".. etc.. |
| imap | Remote buffer overflow using imap port leads to root shell |
| ipsweep | Surveillance sweep performing either a port sweep or ping on multiple host addresses. |
| land | Denial of service where a remote host is sent a UDP packet with the same source and destination |
| loadmodule | Non-stealthy loadmodule attack which resets IFS for a normal user and creates a root shell |
| mailbomb | A Denial of Service attack where we send the mailserver many large messages for delivery in order to slow it down, perhaps effectively halting normal operation. |
| multihop | Multi-day scenario in which a user first breaks into one machine |
| neptune | Syn flood denial of service on one or more ports. |
| nmap | Network mapping using the nmap tool. Mode of exploring network will vary--options include SYN |
| ntinfoscan | A process by which the attacker scans an NT machine for information concerning its configuration, including ftp services, telnet services, web services, system account information, file systems and permissions. |
| perlmagic | Perl attack which sets the user id to root in a perl script and creates a root shell |
| phf | Exploitable CGI script which allows a client to execute arbitrary commands on a machine with a misconfigured web server. |
| pod | Denial of service ping of death |
| portsweep | Surveillance sweep through many ports to determine which services are supported on a single host. |
| ps | Ps takes advantage of a racecondition in the ps command in Sol. 2.5, allowing a user to gain root access. |
| rootkit | Multi-day scenario where a user installs one or more components of a rootkit |
| satan | Network probing tool which looks for well-known weaknesses. Operates at three different levels. Level 0 is light |
| secret | |
| smurf | Denial of service icmp echo reply flood. |
| spy | Multi-day scenario in which a user breaks into a machine with the purpose of finding important information where the user tries to avoid detection. Uses several different exploit methods to gain access. |
| syslog | Denial of service for the syslog service connects to port 514 with unresolvable source ip. |
| teardrop | Denial of service where mis-fragmented UDP packets cause some systems to reboot. |
| warez | User logs into anonymous FTP site and creates a hidden directory. |
| warezclient | Users downloading illegal software which was previously posted via anonymous FTP by the warezmaster. |
| warezmaster | Anonymous FTP upload of Warez (usually illegal copies of copywrited software) onto FTP server. |
