(Our goal is still to develop a set of traces, tools, and
metrics that can be used to easily evaluate and compare
firewalls/IDSs, and avoid the pitfalls discussed in the McHugh
paper.)

Types of Attacks

1. Denial of service
- Flooding attacks
- Software vulnerabilities / false positives (Only a few packets causing denial of service)
http://www.more.net/technical/research/security/dos/

2. System misuse (breaking into accounts, unauthorized activity)

3. Worms

Attack Tools

1. Scanners
- NMAP
- Nikto (not so stealthy)
- Kismet (wireless)
- N-Stealth (web server scanner, commercial, Windows)
- HPing2 (network probe)
- XProbe2 (active OS fingerprinting tool)
- Retina network scanner (commercial, Windows) 
- Netcat

2. Password cracking
- John the Ripper, l0phtcrack4 (commercial), Cain & Abel (commercial, Windows)

3. Covering tracks
- rootkits eg. Knark, t0rn (see http://www.chkrootkit.org/)

4. Packet sniffers
- DSniff Suite
- Ettercap (ethernet LANs)

5. DDoS tools
- trinoo, Tribal Flood Network (TFN), Stacheldraht, Shaft, TFN2K (in chronological order from earliest to latest, these are all in the same family)
- Smurf (Jan '98-Mar '00, ICMP echo packets) and Fraggle attacks (UDP echo packets)
- In Sept 2000 variants of known DDOS attacks appeared

6. Worms
Blended threats (use multiple methods to attack or propagate):
- Code Red (contains instructions for DoS, July '01)
- Klez (Klez and Elkern viruses, April '02), Avron (Avril and lirva viruses, Jan '03) (twin viruses)
- Slammer / Sapphire (MS SQL server, Jan '03)
- Nimda (Sept '01, DoS effects)
- Yaha (May '02, DoS)

Tools

Vulnerability scanners
http://www.cotse.com/tools/vuln.htm

http://www.securityfocus.com/tools/
http://is-it-true.org/pt/ptips13.shtml
http://www.insecure.org/tools.html
http://www.hackingexposed.com/tools/tools.html
Worms
http://216.239.39.100/search?q=cache:qWjK9ntdDIcJ:wbln0018.worldbank.org/html/FinancialSectorWeb.nsf/(attachmentweb)/BlendedThreats/%24FILE/Blended%2BThreats.pdf+worms+klez+code+red&hl=en&ie=UTF-8
Virus top 20
http://www.informsecurity.com/en/news1/virus/index.khtml

Taxonomy links
http://216.239.41.100/search?q=cache:pszlnI5W8xwJ:www.testingeducation.org/articles/bug_taxonomies_use_them_to_generate_better_tests_star_east_2003_paper.doc+Jayaram+Morse+taxonomy&hl=en&ie=UTF-8

More Links
Attacks / Attack Tools

Worms
http://216.239.39.100/search?q=cache:qWjK9ntdDIcJ:wbln0018.worldbank.org/html/FinancialSectorWeb.nsf/(attachmentweb)/BlendedThreats/%24FILE/Blended%2BThreats.pdf+worms+klez+code+red&hl=en&ie=UTF-8

Virus top 20
http://www.informsecurity.com/en/news1/virus/index.khtml

Vern Paxson
http://www.icir.org/vern/

Blended threats
http://wbln0018.worldbank.org/html/FinancialSectorWeb.nsf/(attachmentweb)/BlendedThreats/$FILE/Blended+Threats.pdf

Yaha worm
http://itmanagement.earthweb.com/secu/article.php/2173351

Smurf
http://www.cert.org/advisories/CA-1998-01.html
http://www.pentics.net/denial-of-service/white-papers/smurf.cgi

John the Ripper
http://www.bebits.com/app/2396
http://www.securiteam.com/tools/John_the_Ripper__a_password_cracker.html

Hacking exposed: Links to common attack tools
http://www.hackingexposed.com/tools/tools.html

Attackers' techniques (Dec 1998)
http://secinf.net/misc/Techniques_Adopted_By_System_Crackers_When_Attempting_To_Break_Into_Corporate_or_Sensitive_Private_Networks_.html

IDS definition
http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci295031,00.html

DDOS Variants (Sept 2000) -- DDOS tools
http://news.zdnet.co.uk/story/0,,t269-s2081654,00.html

Bug taxonomies: Using them to generate better tests
http://216.239.41.100/search?q=cache:pszlnI5W8xwJ:www.testingeducation.org/articles/bug_taxonomies_use_them_to_generate_better_tests_star_east_2003_paper.doc+Jayaram+Morse+taxonomy&hl=en&ie=UTF-8
http://216.239.41.100/search?q=cache:pszlnI5W8xwJ:www.testingeducation.org/articles/bug_taxonomies_use_them_to_generate_better_tests_star_east_2003_paper.doc+&hl=en&ie=UTF-8

Taxonomy of Attacks (Wireless)
http://216.239.41.100/search?q=cache:RgjYMqqB0dYJ:https://courseware.vt.edu/marchany/papers/mitretek.talk.8.dec.2000.ppt+network+attack+taxonomies&hl=en&ie=UTF-8

Root kits
http://staff.washington.edu/dittrich/misc/faqs/rootkits.faq

Usenix Security Symposium 2000: DDoS -- Is There Really a Threat?
http://staff.washington.edu/dittrich/talks/sec2000/

DoS for sensor networks
http://citeseer.nj.nec.com/wood02denial.html

Morris Worm
http://www.msnbc.com/news/209745.asp?cp1=1#BODY