I already talked with Renaud about this, but maybe somebody has a
bright idea.
Currently we have 7 "categories":
#define ACT_DENIAL 6
#define ACT_DESTRUCTIVE_ATTACK 5
#define ACT_MIXED_ATTACK 4
#define ACT_ATTACK 3
#define ACT_GATHER_INFO 2
#define ACT_SCANNER 1
#define ACT_SETTINGS 0
ACT_ATTACK is supposed to be an attack that does not try to destroy
anything (e.g. stealing a file through web/FTP directory traversal)
ACT_MIXED_ATTACK an attack that _may_ destroy something, although it
was not its goal.
ACT_DESTRUCTIVE_ATTACK an attack which tries to destroy something.
And ACT_DENIAL a denial of service. Which is supposed to be different
from ACT_DESTRUCTIVE_ATTACK :-\
1. I understood that ACT_DESTRUCTIVE_ATTACK meant a DoS against a
program, and ACT_DENIAL something that killed the machine.
Renaud told me that this was not supposed to be the case.
2. So... We need IMHO another category: ACT_KILL_HOST (or any better
name) for DoS against the OS. ACT_DENIAL would be DoS against a
program / daemon / service.
--
mailto:arboi@bigfoot.com
GPG Public keys: http://michel.arboi.free.fr/pubkey.txt
http://michel.arboi.free.fr/ http://arboi.da.ru/
FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/
bright idea.
Currently we have 7 "categories":
#define ACT_DENIAL 6
#define ACT_DESTRUCTIVE_ATTACK 5
#define ACT_MIXED_ATTACK 4
#define ACT_ATTACK 3
#define ACT_GATHER_INFO 2
#define ACT_SCANNER 1
#define ACT_SETTINGS 0
ACT_ATTACK is supposed to be an attack that does not try to destroy
anything (e.g. stealing a file through web/FTP directory traversal)
ACT_MIXED_ATTACK an attack that _may_ destroy something, although it
was not its goal.
ACT_DESTRUCTIVE_ATTACK an attack which tries to destroy something.
And ACT_DENIAL a denial of service. Which is supposed to be different
from ACT_DESTRUCTIVE_ATTACK :-\
1. I understood that ACT_DESTRUCTIVE_ATTACK meant a DoS against a
program, and ACT_DENIAL something that killed the machine.
Renaud told me that this was not supposed to be the case.
2. So... We need IMHO another category: ACT_KILL_HOST (or any better
name) for DoS against the OS. ACT_DENIAL would be DoS against a
program / daemon / service.
--
mailto:arboi@bigfoot.com
GPG Public keys: http://michel.arboi.free.fr/pubkey.txt
http://michel.arboi.free.fr/ http://arboi.da.ru/
FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/