On Thu, 29 Apr 2004, Sudhakar-bugtraq Govindavajhala wrote: > I am a Ph.D. student studying network security at Princeton > University. I am trying to see if attacker can use a series of > vulnerabilities to take over a particular resource. Has there been prior > work on this topic earlier? Can someone give me a real example where the > adversary actually uses a series of vulnerabilities to break into a > resource? > > May be he uses the webserver in DMZ and then uses it to get access > to fileserver and then uses it to compromise something else? Almost any compromise is conducted in this manner. I can't think of any single compromise that didn't start at one point and then turn into a romp through more vulnerable resources. Dig around for horror stories of IP capable printers configured with default gateways and default admin passwords. Another example would be the use of worm style backdoor infections used as launchpads for more nefarious hilarity. Go, go, gadget google. - billn
