The QuadShot

 Posted by at 10:06 am  Ethical Hacking  Comments Off on The QuadShot
Sep 102011
 

I heard about (on the the HAK5 podcast) a trick new platform for aerial autonomy called the quadshot, from a group of developers out of Santa Cruz, CA. It has four propellers and takes off vertically, but uses a mono wing design, so flying under a pitch-yaw-roll scenario is second nature. I even contributed to their fund raising cause over at kickstarter.com. If I had time I would get busy playing with one, but I need to devote myself to my new job, which means constant techno-lust

IP Spoofing is the DoS attacker’s tactic

 Posted by at 9:54 pm  IDS & IPS, Security  Comments Off on IP Spoofing is the DoS attacker’s tactic
Aug 152009
 

IP Spoofing is the act of modifying the source IP address of an IP packet. Each IP packet contains a header within which ther exists a source and destintion IP address. Spoofing is the act of changing the source IP address of an IP packet, without regard to the validity of that address. Source IP address validity is immaterial in a DoS attack, because the intent is to overwhelm the target site or server.

Some backround is essential–Based on the OSI reference model, the Internet Protocol (IP) is a layer 3 protocol and as such is connectionless, meaning there is neither transaction state information in the IP packet (aka datagram) header, nor a method to insure packet delivery to the proper destination. Digressing for a moment on packets versus datagrams, the term packet refers to a “reliable” service whereas datagrams refer to an “unreliable” service. IP datagrams are unreliable because they do not convey delivery failure information to the receiver, TCP packets on the other hand is a layer 4 protocol, and is connection-oriented and does convey delivery information to the receiver.

references:

IP Spoofing: An Introduction, http://www.securityfocus.com/infocus/1674

Wikipedia on Packets versus Datagrams, http://en.wikipedia.org/wiki/Packet_(information_technology)

Open Web Application Security Project

 Posted by at 5:31 pm  Incident Response, Security  Comments Off on Open Web Application Security Project
Aug 062009
 

OWASP is an effort to “organize the world’s application security information.”� A lofty mission, but an effort worth following.

The group advocates vulnerability scanning, code review, penetration testing, and stati review of applications to identify software secuirty issues. OWASP has also created a purposefully insecure website called webgoat, for teaching and demonstration purposes.

The script hit for this website is 4: so its a security website that asks that you enable JavaScript for four different scripts