Most common attack methods used against FNAL

sidemenu

Security Home Page

Policy Guidelines

Support and Services

Meetings and Events

Sysadmin Round Table

Restricted Access

OS vulnerabilities

Current lagtime between announcement of of vulnerability and widespread distribution of exploit in kits is:

Unix - 2 weeks
Windows - 1 week
VMS, Macs - not appreciable targets

World writable areas

Allowing world write access to system or user files, outside of authorized and intended areas, through anonymous ftp, nfs export, world wide web, Windows shares, or other means.
Allowing world read/write access to the same directory, creating a "file drop" for unauthorized users.

Webserver exploits

IIS vulnerabilities listed weekly
leaving example scripts enabled/online.
Putting passwords in "clear" text in world-readable files
Allowing arbitrary destinations in forms mail.

Denial of Service (DOS) kits and worms

Fallout of scans causing failures;

HP printers choking on lprng exploit attack.
IRIX inetd hangs after ISS classification scans.
VME controller hangs after port scans

For assistance contact helpdesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified by TR on July 13, 2006.
(Address comments about page to the Computer Security Team.)