Lab 4
1. What is a PHP Remote File Include (RFI) attack, and why are these prevalent in today’s Internet world?
a. A Remote File Include allows an attacker to include a remote file. This vulnerability is most often found on websites and is usually implemented through a script on the web server.
2. What country is the top host of SQL Injection and SQL Slammer infection? Why can’t the US Government do anything to prevent these injection attacks and infections?
a. Peru.
3. What does it mean to have a policy of Nondisclosure in an organization?
a. It means that certain information can’t be made public under the company’s policy.
4. What Trends were tracked when it came to Malicious Code in 2009 by the Symantec Report researched during this lab?
a. Swifi, Interrupdate, Fostrem, Kuaiput, Mibling, Pilleuz, Ergrun, Bredolab, Changeup, Induc
5. What is Phishing? Describe what a typical Phishing attack attempts to accomplish.
a. Stealing online account information by posing as a legitimate company.
6. What is the Zero Day Initiative? Do you think this is valuable, and would you participate if you were the managing partner in a large firm?
a. A program to reward security researchers for disclosing vulnerabilities. Yes.
7. What is a Server Side Include (SSI)? What are the ramifications if an SSI exploit is successful?
a. A Server Side Include is a process of adding content to an existing HTML page.
8. According to the TippingPoint Report researched in this lab how do SMB attacks measure up to HTTP attacks in the recent past?
a. There was almost a 60% shift from a SMB type attack, towards an HTTP-based attack. In addition, nearly 100% of the observed attacks are automated, botnet, or worm-based attacks.
9. According to the TippingPoint Report, what are some of the PHP RFI payload effects DVLabs has detected this year?
a. PHP Remote file-include attacks saw a steady overall downward trend, except for a massive spike in mid-year of 2010.
10. Explain the steps it takes to execute a
a. A Remote File Include allows an attacker to include a remote file. This vulnerability is most often found on websites and is usually implemented through a script on the web server.
2. What country is the top host of SQL Injection and SQL Slammer infection? Why can’t the US Government do anything to prevent these injection attacks and infections?
a. Peru.
3. What does it mean to have a policy of Nondisclosure in an organization?
a. It means that certain information can’t be made public under the company’s policy.
4. What Trends were tracked when it came to Malicious Code in 2009 by the Symantec Report researched during this lab?
a. Swifi, Interrupdate, Fostrem, Kuaiput, Mibling, Pilleuz, Ergrun, Bredolab, Changeup, Induc
5. What is Phishing? Describe what a typical Phishing attack attempts to accomplish.
a. Stealing online account information by posing as a legitimate company.
6. What is the Zero Day Initiative? Do you think this is valuable, and would you participate if you were the managing partner in a large firm?
a. A program to reward security researchers for disclosing vulnerabilities. Yes.
7. What is a Server Side Include (SSI)? What are the ramifications if an SSI exploit is successful?
a. A Server Side Include is a process of adding content to an existing HTML page.
8. According to the TippingPoint Report researched in this lab how do SMB attacks measure up to HTTP attacks in the recent past?
a. There was almost a 60% shift from a SMB type attack, towards an HTTP-based attack. In addition, nearly 100% of the observed attacks are automated, botnet, or worm-based attacks.
9. According to the TippingPoint Report, what are some of the PHP RFI payload effects DVLabs has detected this year?
a. PHP Remote file-include attacks saw a steady overall downward trend, except for a massive spike in mid-year of 2010.
10. Explain the steps it takes to execute a