[Dailydave] SMBLoris
Bob Auger
bobauger at gmail.com
Tue Aug 8 19:40:33 UTC 2017
TLDR: Sockets/connections can always be exhausted at the app level based on
the hardware, configuration, and design.
1. Discuss <InsertDaemonNameHere>loris.
2. Hype the media on #1
3. Discuss that DOS is still bad (no debate)
4. Inform users of configuration/rate limiting opportunities/hardware/fault
tolerance design (to the extent you can)
5. Profit from #4
- Robert
On Tue, Aug 8, 2017 at 12:15 PM, Konrads Smelkovs <
konrads.smelkovs at gmail.com> wrote:
> Mostly due to BCP. Guys that do construction can probably live without a
> domain controller for a bit
>
> --
> Konrads Smelkovs
> Applied IT sorcery.
>
> On 8 August 2017 at 19:27, Dave Aitel <dave.aitel at gmail.com> wrote:
>
>> So I know it's Microsoft Tuesday, but we've been working on that SMBLoris
>> bug a bit more for release to customers as well, and as part of that, we're
>> spending a lot of time thinking about it, as deceptively simple as it is.
>>
>> The thing I'm wondering is why people outside of FinancialSec think DoS
>> is almost a non-issue. Most companies have only a few domain controllers,
>> and when those go down, the company goes down. And they have to be
>> reachable on these exact ports, from anywhere in the company, essentially.
>>
>> It seems like this is one of those things that got a tiny splash of
>> attention, but could be worth more. :)
>>
>> -dave
>>
>>
>> _______________________________________________
>> Dailydave mailing list
>> Dailydave at lists.immunityinc.com
>> https://lists.immunityinc.com/mailman/listinfo/dailydave
>>
>>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20170808/71ed8733/attachment.html>
More information about the Dailydave
mailing list