On Wed, Jul 18, 2012 at 8:30 AM, alex <f...@daloo.de> wrote: > Source MAC faking would result in switchport shutdown in some environments. > Further you cannot communicate with outside world using broadcasts. > ICMP payloads is quite common and hard to detect. > > Me study CISSP, too. Already CCNA Security. CCNA not worth the money. Better > get CISA/CISM. > >
You miss point. If I sent data to broadcast, original poster is say: "I will know who you are via MAC address" to which I say: "You is need to go back to Cisco bootcamp" Everyone is receive broadcast, no way for him to detect who I am since I am is not alone in receiving the broadcast. Needle in is haystack. Second, ICMP tunneling, GRE tunneling is too much trouble. Advanced Persistent Threats as defined by (is now give North Korean title to him) Super Grand Master of the Internet Universe Richard Bejtlich as advanced and is persistent. But is also stupid and lazy. Will not waste time on this is vector. Will use SSL and HTTP to is stay under radar. Attacker >>> Own is your data >>> post data in $WBEDIR >>> visit $WEBDIR using proxy [small packets] Is how else can attacker download 867 terabytes of data (http://www.eddupdate.com/2012/02/cyberthieves-stole-867-terabytes-in-2011.html)? You believe attackers is using FTP, ICMP, GRE tunnels? No. Too noisy is this. Better to visit website like everyone else use proxy of another country, this is country take blame. MusntLive >>> use is never use 213.24.76.77 address >>> use proxy 210.75.193.49 >>> download data \ Supreme Grand Master of Internet Universe >>> analyze >>> see proxy >>> chant APT APT APT >>> See I told you is China \ Fox News >>> report on Chinese threat \ MusntLive >>> facepalm at report and go back is drink Stoli CISA/CISM is have nothing on InfoSecInstitute! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
