2009/5/17 snort user <[email protected]>: > Greetings All, > > Typically, network based attacks have multiple stages. > (reconnaissance, infection, download rootkit, call home, further infection > etc) > > Some attacks may have a single stage (without reconnaissance) to > compromise a host. > However, even those attacks have a post-compromise stage, such as call home > or transfer/steal data or something else. > Otherwise, what's the motivation for compromising in the first place? > > Can someone enlighten me if there are attacks that only have a single stage? > Examples or scenarios is much appreciated.
SQL Slammer. (stage 2 - if there was one - was just stage 1, but outgoing instead of incoming, so not really separate in my opinion) cheers, Jamie -- Jamie Riden / [email protected] / [email protected] http://www.ukhoneynet.org/members/jamie/
