Full Disclosure mailing list archives

Re: Linux - Indicators of compromise

From: Scott Solmonson <scosol () scosol org>
Date: Wed, 25 Jul 2012 12:36:32 -0700

I can't tell if I'm being trolled or not...

Inlined-

On Wed, Jul 25, 2012 at 7:04 AM, Григорий Братислава
<musntlive () gmail com> wrote:


Is I am on your network, good luck is find me especially in is post
exploitation as I am is liable to float around is piggyback from one
machine is to the next. You can is assume all you want about port
security in is in fact, utterly worthless in post exploitation as is
likely I am not even in your physical network. Please is go back to
CCNA studies and is stop bastardize is something you know a
''modicum'' of is about. You fail is off jump with word 'assume'


Whatever layer-2 feats you've performed or will continue to perform,
you're still very trackable and monitoring/blocking you at layer-3 is
trivial.

So let us is go back to the beginning since you is fail to understand.
Pay is close attention for you is not learn this with Lammle.

1) MusntLive is perform remote exploit and is get on your machine
2) MusntLive exploits is "other" machines and send broadcast via
spoofing on "OTHER" compromised machines
3) MusntLive is listen for broadcast on any compromised machine


Remote-to-machine or remote-to-network? Ultimately I can just say it
again: Whatever layer-2 feats you've performed or continue to perform,
you're still very trackable and monitoring/blocking you at layer-3 is
trivial.

You is expect to track me how? Everyone is listen. Is you can go
narrow down who is broadcast. Even turn of port! I am is still listen
and is will still start again. What is it you is think you will do?
Shut down all ports everywhere? Is maybe BCP filter? URPF? Is you
think so, you is definitely need lay off Lammle and is read
Oppenheimer, Baker, and is too many others you is obviously not ready
for.


You've figured it out- tap-port the entire switch's traffic, and then
once you've got what you need, shut down every port. Once data
integrity has been compromised, service downtime is almost always the
lesser cost.

--
NUNQUAM NON PARATUS ☤ INCITATUS ÆTERNUS

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Linux - Indicators of compromise, (continued)
- - Re: Linux - Indicators of compromise Gary Baribault (Jul 16)
    - Re: Linux - Indicators of compromise Benji (Jul 16)
    - Re: Linux - Indicators of compromise Giles Coochey (Jul 17)
    - Re: Linux - Indicators of compromise Григорий Братислава (Jul 17)
    - Re: Linux - Indicators of compromise Giles Coochey (Jul 19)
    - Re: Linux - Indicators of compromise Григорий Братислава (Jul 18)
    - Message not available
    - Re: Linux - Indicators of compromise Григорий Братислава (Jul 18)
    - Re: Linux - Indicators of compromise Leutnant Steiner (Jul 20)
    - Re: Linux - Indicators of compromise Giles Coochey (Jul 25)
    - Re: Linux - Indicators of compromise Григорий Братислава (Jul 25)
    - Re: Linux - Indicators of compromise Scott Solmonson (Jul 26)
    - Re: Linux - Indicators of compromise Григорий Братислава (Jul 26)
    - Re: Linux - Indicators of compromise valdis . kletnieks (Jul 26)
    - Re: Linux - Indicators of compromise Григорий Братислава (Jul 26)
    - Re: Linux - Indicators of compromise Scott Solmonson (Jul 28)
    - Re: Linux - Indicators of compromise Григорий Братислава (Jul 30)
    - Re: Linux - Indicators of compromise jerry (Jul 28)
- Re: Linux - Indicators of compromise Bzzz (Jul 16)
- Re: Linux - Indicators of compromise Григорий Братислава (Jul 16)
  - Re: Linux - Indicators of compromise coderman (Jul 16)
- Re: Linux - Indicators of compromise Jerry Bell (Jul 19)

(Thread continues...)