On Wed, 11 May 2005 13:44:22 +0300, Gadi Evron said:
First, I don't really see why an attack should be estimated by the tool used. If a 10 years old exploit would work, why should an attacker look for and use a 0day? It's silly allocation of resources.
Burrowing from that, if the attack is successful, and the loss is significant, I think the way there - although cute, is irrelevant except for the defender.
Actually, it *is* relevant for the "rest of us". Given the number of boxen that got whacked, and the number of sites involved, "the defender" *is* "the rest of us", and "we as an industry" obviously need to get our collective act in gear. Remember - *Your* boxes may be hardened beyond all belief and plausibility, but you're *STILL* screwed if some teenaged kid on another continent has more effective control of the router at the other end of your OC-48 than the NOC monkey you call when things get wonky....