Return-Path: <sentto-279987-3694-1004533713-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 31 Oct 2001 05:10:08 -0800 (PST) Received: (qmail 26114 invoked by uid 510); 31 Oct 2001 13:07:49 -0000 Received: from n25.groups.yahoo.com (216.115.96.75) by 204.181.12.215 with SMTP; 31 Oct 2001 13:07:49 -0000 X-eGroups-Return: sentto-279987-3694-1004533713-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by n25.groups.yahoo.com with NNFMP; 31 Oct 2001 13:08:24 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 31 Oct 2001 13:08:33 -0000 Received: (qmail 74551 invoked from network); 31 Oct 2001 13:08:32 -0000 Received: from unknown (10.1.10.142) by l9.egroups.com with QMQP; 31 Oct 2001 13:08:32 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3 with SMTP; 31 Oct 2001 13:08:32 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9VD8fR11224 for iwar@onelist.com; Wed, 31 Oct 2001 05:08:41 -0800 Message-Id: <200110311308.f9VD8fR11224@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 31 Oct 2001 05:08:41 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Attacks.from.the.heart.of.the.net] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Attacks from the heart of the net BBC, 10/30/2001 <a href="http://news.bbc.co.uk/hi/english/sci/tech/newsid_1627000/1627707.stm">http://news.bbc.co.uk/hi/english/sci/tech/newsid_1627000/1627707.stm> White House website was hit by a denial of service attack As the security improves on one part of the internet, malicious hackers are changing their tactics to take advantage of lapses elsewhere. A report by the Computer Emergency Response Team has revealed that some computer vandals are now targetting the machines making up the fabric of the net. Some attackers are starting to use routers - devices that pass data packets around the net - to bombard sites and servers with enormous amounts of data. The report also warns that the pace of attacks is growing, and that security experts have a ever-shrinking opportunity to close holes or develop patches. Smurfing The report traces the development of the methods malicious hackers and vandals are using to carry out Denial of Service (DoS) attacks on websites and servers. The first DoS attacks took place in February 2000 when popular sites such as Yahoo, Amazon, eBay and CNN were knocked offline by being bombarded with bogus data packets. At the time anyone wanting to carry out these attacks had to use largely manual methods to find and compromise machines that could launch data packets on their behalf. The response to these high-profile attacks meant that the tactic used to generate the net traffic, known as smurfing, became much more difficult to carry out. But as one loophole closed, attackers moved on to develop new methods and strategies. Now tools are available that can automatically scan for vulnerable machines and infect them. Once infected, machines can be made to report their readiness to net chat services. Many attackers co-ordinate the machines under their control via the same chat channels. Intruders One new strategy is causing particular alarm. "One of the most recent and disturbing trends we have seen is an increase in intruder compromise and use of routers," said the report. Routers are hardware devices that pass data packets around the net. They are attractive to attackers for very simple reasons. "Routers are often less protected by security policy and monitoring technology than computer systems, enabling intruders to operate with less chance of being discovered," warn the authors. The routers are being used to scan for vulnerable machines, to hide links to chat channels used to control compromised machines, as well as to launch streams of data packets. The report paints a grim picture of the future and said DoS attacks are likely to prove "attractive and effective" in the future. To make matters worse security experts who protect sites from attack are getting less and less time to learn about new threats and ways to counter them. The report said: "The window of opportunity between vulnerability discovery and widespread exploitation, when security fixes or workarounds can be applied to protect systems, is narrowing." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:58 PST