Most common attack methods used against FNAL

OS vulnerabilities

Current lagtime between announcement of vulnerability and widespread distribution of exploit in kits is:
  • Unix - 2 weeks
  • Windows - 1 week
  • VMS, Macs - not appreciable targets

World writable areas

  • Allowing world write access to system or user files, outside of authorized and intended areas, through anonymous ftp, nfs export, world wide web, Windows shares, or other means.
  • Allowing world read/write access to the same directory, creating a "file drop" for unauthorized users.

Webserver exploits

  • IIS vulnerabilities listed weekly
  • leaving example scripts enabled/online.
  • Putting passwords in "clear" text in world-readable files
  • Allowing arbitrary destinations in forms mail.

Denial of Service (DOS) kits and worms

Fallout of scans causing failures;
  • HP printers choking on lprng exploit attack.
  • IRIX inetd hangs after ISS classification scans.
  • VME controller hangs after port scans
For assistance contact helpdesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified by TR on July 13, 2006.
(Address comments about page to the Computer Security Team.)