Mixed links

Conficker is using a few tricks to make reversing harder

Metasploit (and other security sites) are being hit by DDoS. Some interesting thoughts:

  • Use DNS to mitigate the attack (if the bots follow DNS, you can simply point them to, if not, you simply move servers to an other IP range and point DNS there – of course this might not be as “simple” as I put it, but it is a solution)
  • Have multiple points of communication. You can use DNS to “blackhole” www.metasploit.com, but still keep blog.metasploit.com up
  • What are the implications of deflecting the attack to an other address via DNS? What if you’d know the IP of the C&C server for the particular botnet and set the DNS record to that address?

Quite a nice trick preventing user-mode debuggers from attaching

From Bruce Schneier: How people can be manipulated by information, even when they are explicitly advised to disregard it . Nothing new, but still scary.

From the Node 5 blog: PF_RING – a method to dramatically increase packet capture speed under Linux.

From the PacketLife blog: IPv6 does away with ARP, but still vulnerable to ARP-spoofing style attacks.

Surrogate scripts in NoScript – a very cool solution to the problem that some sites stop working if Google Analytics is disabled (because they use it to track certain actions, like clicking on download links).

Leave a Reply

Your email address will not be published. Required fields are marked *