The short answer is that 0-day exploits do happen, they can be devastating, and it hurts - a lot. The good news is they don't happen nearly as much as they used to - thank the security community, which is more numerous and more collectively vigilant than they used to be, and technology like IDS and firewalls which will give you warning signs of general badness heading your way even if they don't get the specifics of the attack. FWIW, the last time I got 0-day'ed was in 1995 - a combination of nfsshell (file handle guessing pre-fsirand), waterworks (does anyone remember waterworks? It was a session hijacker), and other evilness ripped the living daylights out of some of my systems - the only tipoff I had were some TCP wrapper events, and I wouldn't have had even that if the attackers had maintained their discipline. So I set up a Network General sniffer and waited. I still have the trace somewhere - I dig it up and re-run it every once in awhile just to remind myself how bad things can get, and how quickly it can happen. Thanks to the trace, I was able to develop enough evidence to positively identify the two perps. We were able to get one busted - the other slipped away. I still keep track of the guy that got away to this day - last I heard he was working for a managed security provider. *chuckle* I'm real glad that particular company has nothing to do with watching _my_ stuff. ;) Hope this helps. 8) Best regards, Randy ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 13:28:30 PST