'Shore up security this autumn' warns security expert
By Dan Ilett
Published: 12 October 2004 09:20 GMT
Security experts have discovered an instant-messaging tool that could change the way denial-of-service (DoS) attacks are performed.
Combining the open-source tool nmap - a program that discovers devices on a network - with an IM bot, hackers can infiltrate, steal information and carry out denial-of-service attacks on networks, says the director of security for Whitehat UK, Jason Hart.
IM runs over port 80, which is often regarded as a trusted port because internet traffic travels through it. Nmap uses ping requests and port scans to discover network devices.
Hart said: "The bot could send itself to 10,000 addresses, which could then attack one IP address. This means that 'denial-of-service attack' has taken on a whole new meaning. What's worrying is that this would look internal."
If instructed, the nmap bot is capable of a DoS attack by sending a massive amount of pings, a term hackers have dubbed 'the ping of death'.
"IM has always been a major concern," said Hart. "Just imagine the consequences - it can do a ping of death from an internal address, which confuses administrators. And the technology might not know to protect from the inside."
For the bot to run, it must be executed via either a download, an attachment or a .JPEG file - so won't run automatically. However, many of these approaches require little or no social engineering - hence the huge increase in simple phishing attacks. Although the tool is still in its 'proof of concept' stage, Hart said he has been able to make it work in the lab and that it may already have been used in the real world but simply been undetected.
"Between now and Christmas we're going to see some major developments in the hacking world," he added.
Many firms favour IM over email to get around compliance regulations, which require them to log all emails. In this year's SANS top 20 vulnerabilities, threat research director Ross Patel highlighted IM as a major cause for concern.
Whitehat's Hart advised companies to avoid use of IM: "Don't use instant messenger. Anything going over port 80 should be checked and controlled. The easiest way of preventing the bot is by stopping people installing software."
To see a proof-of-concept example of the nmap bot, see: http://www.sharp-ideas.net.
Dan Ilett writes for ZDNet UK
The article’s advice, “The easiest way of preventi...
Daniel Schrader
Well, thanks for letting us all know this, I will ...
Anonymous
i agree with the above, and after asking several p...
royston
totally agree, working out new flaws is good, prot...
Anonymous
With all "do" respect - it doesn't take a rocket-s...
Anonymous
Proof-of-concept prototypes. Key responsibilities and accountabilities for the role are as follows:- • Concept generation • Analysis and ...
In compliance with the regulations in place under the Employment Agencies Act, proof of identification will be required. By sending us your CV, you ...
Typical examples of the deliverables are building proof-of-concept solutions with data management technology and architecting data management ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...
Naked CIO Naked CIO: Cloud computing more expensive than we thought? Smart IT leaders will examine the impact of how they pay for tech