Bugtraq mailing list archives
Re: New DDoS?
From: Ryan Russell <ryan () SECURITYFOCUS COM>
Date: Tue, 9 Jan 2001 23:26:35 -0800
On Wed, 10 Jan 2001, Darren Reed wrote:
What about placement (or addition) of an ActiveX control (which downloads into IE on the quiet) that's not quite so benign ?
The important criteria IMHO is stealth, if the exploit has any hope of staying hidden long enough to nail enough clients. I believe lots of people have IE configured to warn about even signed ActiveX controls. It comes default that way for the majority of controls. Some folks will shut off the warnings, because they are given the option every time they have to answer the question. There are a number of trusted ActiveX controls that Microsoft has put out, which load silently. Georgi has been able to leverage at least one for exploit purposes: http://www.securityfocus.com/bid/1754 This particular problem has been patched of course, but it illustrates the concept. So, ActiveX holes could be exploited, along with any browser hole. To be extra clean, most web servers provide an easy way to serve up different pages, depending on the user agent info the browser supplies (i.e. the info that the browser sends that identifies the type and version). Using that, the defaced web site could be configured to serve up the appropriate exploit for Netscape or IE, or no exploit at all if the client appears to be a non-vulnerable version. To hide even further, it could only exploit 1 in 100 clients, making it even harder to identify. (No, that site couldn't have hacked you... I just combed through the code by hand, and it's clean...) Obviously, it's a little less effective at that point. I have no idea what the ideal exploit/hide ratio would be. Even .jpgs aren't safe, as there is an exploit for Netscape that is delivered via .jpg files: http://www.securityfocus.com/bid/1503 In short, if you've got a malicious web server, or a web server that has been compromised in a non-obvious way, the problem is much more serious than a DoS or DDoS. Ryan
Current thread:
- New DDoS? nealk (Jan 09)
- Re: New DDoS? Szilveszter Adam (Jan 09)
- Re: New DDoS? Alfred Perlstein (Jan 09)
- Re: New DDoS? Ryan Russell (Jan 09)
- Re: New DDoS? Darren Reed (Jan 10)
- Re: New DDoS? Ryan Russell (Jan 10)
- Re: New DDoS? Darren Reed (Jan 10)
- Re: New DDoS? Mailing List (Jan 09)