Rootkit再保险(建议):DDOS——分布式DoS(1候选人)

斯科特,你假设人的工具安装的不愿意。假设理论上说,有一个地下黑客组织(或学生协会)是连接到DSL线路(像在大学住宅),他认为是“酷”形成一个“军队”。流行的民间运动如何抗议,像世贸组织去年夏天?我认为有些人会自愿“招募”他们的电脑在使用DDoS攻击的原因。rootkit类比并不持有,但DDoS攻击可能同样有效。然而,如果大学或互联网服务提供商实现出口过滤,DDoS攻击很容易停止,因为人们可以被追究责任。问题的关键是提供的匿名IP欺骗。你是正确的,在大多数情况下,在您的系统上安装DDoS工具曝光像rootkit。也许这值得CVE条目。然而,我认为并不捕获DDoS的性质,关于出口过滤,一个条目是至关重要的,因为它补丁IPv4的根本弱点。 At 8:18 AM -0500 2/16/2000, Scott Blake wrote: >I don't agree with Pascal that this is a filtering problem analogous to >smurf. Rootkit is a better analogy. The DDoS software doesn't exploit >any unique vulnerability directly. It's presence is entirely predicated >on the existence of at least one other, easily exploited vulnerability. >>From the perspective of the system owner, this is just one of several >backdoors that could be installed. Seems to me that the presence of a >known backdoor package should be considered a vulnerability (or at least >an exposure). > >I'm really torn on whether or not to split them out, though. My >inclination is to group master and slave by package; i.e., trinoo >master/slave, tfn master/slave, etc. > >REVIEWING