|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
•An attacker relies on anonymity when attacking
hosts/networks so that he/she can do so without being identified.
|
|
•Attacks like “Smurf” and “Fraggle” (described
in the next few pages) work only when IP source-address spoofing is possible,
because of the reflexive nature of the attack. Without spoofing, they would just be flooding themselves.
|
|
•Other attacks, such as the fragmentation
attacks mentioned, simply use spoofing as a way to avoid being identified.
|
|
•Large lists of super-user accounts, as well as
user-level accounts, are passed around in order to help deter the
identification process when an attack occurs and it can be traced. Hopping from account to account increases
the chance the attacker will not be found due to uncooperative
administrators.
|
|
•Internet Relay Chat (IRC) is a tool used by
many to pass around exploit information.
It’s also used by many attackers to “show off” their attacks to their
peers.
|
|
•Unfortunately, the wide use of IRC by attackers
makes IRC servers, operators, and users a target when the attacker wants
revenge. The first targets of the
“smurf” program were IRC servers.
|
|
•Providers who do terminate accounts due to
abuse are usually targets as well, just like IRC servers who ban users from
using the servers.
|