|
Dailydave
mailing list archives
Re: Beyond Fast Flux
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sat, 15 Dec 2007 01:58:40 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 14 Dec 2007 13:03:56 -0600 (CST)
Gadi Evron <ge () linuxbox org> wrote:
On Fri, 14 Dec 2007, Dave Aitel wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://www.immunityinc.com/resources-papers.shtml
Immunity has released a presentation regarding CANVAS's
next-generation client-side attack framework available at the above
URL.
Good work and interesting presentation, however, you guys should
consider clueing up on what's out there before you make assumptions,
as your C&C ideas, although neat, are light-years behind the
criminals.
Which side of the fence are you on again?
Gadi.
Gadi,
If you're going to attack something you should back your argument up
with a little evidence. The C&C methods mentioned in the paper are:
* IRC
* HTTP to single server
* Fast-Flux of DNS Servers
* Storm P2P protocols
* PINK
About the only thing they missed was DHT, which is arguably covered by
Storm.
PINK is a good idea. If it really is light-years behind the criminals
show us the papers, presentations, and discussions of more advanced C&C.
If your argument is that PINK is primitive or that it won't work,
respond with a paper, a countermeasure, or at the very least a detailed
email of possible flaws in it. C'mon, Gadi, you know better.
Brandon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHYzTQqaGPzAsl94IRApqWAJ9Vh90WStxKVsiz2cBwJX3JgEJMtgCbB5ms
tOhDuAU2XR9FnRjlxRTHG4Y=
=PVAw
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
|
Intro
