You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: botnet-wiki/_posts/anatomy/2015-01-27-vulnerabilities.markdown
+14-4Lines changed: 14 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -1,15 +1,24 @@
1
1
---
2
2
layout: post
3
3
title: "Vulnerabilities"
4
-
date: 2015-12-03 21:21:50
4
+
date: 2015-01-27 21:21:50
5
5
categories: anatomy
6
6
---
7
7
8
-
**INCOMPLETE MISSING CONTENT AND REFERENCES**
9
8
10
-
Due to their immense size - botnets can consist of several ten thousand compromised machines - botnets pose serious threats. Distributed denial-of-service (DDoS) attacks are one such threat. Even a relatively small botnet with only 1000 bots can cause a great deal of damage. These 1000 bots have a combined bandwidth (1000 home PCs with an average upstream of 128KBit/s can offer more than 100MBit/s) that is probably higher than the Internet connection of most corporate systems. In addition, the IP distribution of the bots makes ingress filter construction, maintenance, and deployment difficult. In addition, incident response is hampered by the large number of separate organizations involved. Another use for botnets is stealing sensitive information or identity theft: Searching some thousands home PCs for password.txt, or sniffing their traffic, can be effective.
9
+
In computer security, a vulnerability is defined as: a weakness that allows an attacker to reduce a system's information assurance.
10
+
11
+
Vulnerability is a intersection of three elements: **a system susceptibility or flaw**, attacker **access to the flaw**, and attacker capability to **exploit the flaw**.
Due to their immense size - botnets can consist of several ten thousand compromised machines - botnets pose serious threats. Distributed denial-of-service (DDoS) attacks are one such threat. Even a relatively small botnet with only 1000 bots can cause a great deal of damage. These 1000 bots have a combined bandwidth (1000 home PCs with an average upstream of 128KBit/s can offer more than 100MBit/s) that is probably higher than the Internet connection of most corporate systems. In addition, the IP distribution of the bots makes ingress filter construction, maintenance, and deployment difficult. In addition, incident response is hampered by the large number of separate organizations involved.
16
+
17
+
Another use for botnets is stealing sensitive information or identity theft: Searching some thousands home PCs for password.txt, or sniffing their traffic, can be effective.
11
18
The spreading mechanisms used by bots is a leading cause for "background noise" on the Internet, especially on TCP ports 445 and 135. In this context, the term spreading describes the propagation methods used by the bots. These malware scan large network ranges for new vulnerable computers and infect them, thus acting similar to a worm or virus.
12
19
20
+
As listed
21
+
13
22
**Vulnerability-specific ports:**
14
23
15
24
* 42 - WINS (Host Name Server)
@@ -25,7 +34,8 @@ The spreading mechanisms used by bots is a leading cause for "background noise"
25
34
* 6129 - dameware (Dameware Remote Admin - DameWare Mini Remote Control Client Agent Service Pre-Authentication Buffer Overflow Vulnerability)
26
35
27
36
28
-
The vulnerabilities behind some of these exploits can be found with the help of a search on Microsoft's Security bulletins (sample):
37
+
**The vulnerabilities behind some of these exploits can be found with the help of a search on Microsoft's Security bulletins (sample):**
38
+
29
39
* MS03-007 Unchecked Buffer In Windows Component Could Cause Server Compromise
30
40
* MS03-026 Buffer Overrun In RPC Interface Could Allow Code Execution
0 commit comments