Can you 'fake' an IP address?
Alejandro Imass
aimass-EzYyMjUkBrFWk0Htik3J/w at public.gmane.org
Tue Mar 13 18:35:29 UTC 2012
On Tue, Mar 13, 2012 at 2:25 PM, Jamon Camisso
<jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org> wrote:
> On 12-03-13 01:57 PM, Alejandro Imass wrote:
[...]
>
> metasploit was hijacked via ARP poisoning a few years ago:
> http://seclists.org/fulldisclosure/2008/Jun/13
>
> If it can happen to Mr. Moore, it can happen to anyone.
>
Yep, by taking possession of a router. It's always a cost/benefit
equation. A high-ranking cracker will do this to obtain something in
return, usually in the form of money or recognition. The possibilities
of this type of attack happening to the majority of servers out there
is rare. Most attacks are either by brute force and can be mitigated
by something as simple and effective like fail2ban. The rest are
mostly exploits on poorly designed PHP software. Very rarely you will
see sophisticated attacks on your common server, unless you happen to
be in the path of a bigger fish. Following the money is usually a good
guide to your level of exposure. Most servers today are being hijacked
to mass mail, or perpetrate other attacks.
--
Alejandro Imass
> Jamon
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list