1999 CERT Incident Notes

Abstract

The sscan tool performs probes against victim hosts to identify services which may potentially be vulnerable to exploitation. Though sscan itself does not attempt to exploit vulnerabilities, it can be configured to automatically execute scripts of commands that can be maliciously crafted to exploit vulnerabilities. Thus, it is possible for an unpredictable set of attacks to be mounted against a victim site in conjunction with the sscan probes. The documentation distributed with sscan includes an example set of scripted commands illustrating how a self-replicating attack might be crafted using well known vulnerabilities detected by sscan. We encourage you to familiarize yourself with the actions sscan performs and to insure that your site is not vulnerable to attack. The current version of sscan has been written specifically to execute on a UNIX platform. Because the tool crafts packets with custom attributes, privileged access to the source host is required to run sscan. We encourage you to be mindful of the potential for intruder control of the source host when responding to an incident involving sscan probes.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 1999
Accession Number
AD1130404

Entities

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Anti-Virus Software
  • Computer Programming
  • Computers
  • Cybersecurity
  • Denial Of Service Attack
  • Detection
  • Directories
  • Engineering
  • Guarantees
  • Intellectual Property
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Law
  • Materials
  • Network Architecture
  • Network Protocols
  • Operating Systems
  • Patents
  • Software Development
  • Trojan Horse
  • Websites

Readers

  • Computer Science.
  • Neurotoxicology
  • Strategic Security Studies