Network Associates weathers DoS attack

Crackers seek revenge for unravelling of BIND bug

Wed 7 Feb 2001 // 12:34 UTC

Security firm Network Associates was subject to a denial of service attack last night after crackers posted a Trojan horse on security mailing list, BugTraq.

An anonymous posting to the full-disclosure security mailing list, which has 85 000 readers, that appeared to be an exploit of recently discovered vulnerability in BIND name server program, was in fact cleverly disguised malicious code that attacked Network Associates' web site, Nai.com.

Anyone who compiled and ran the code, which security experts estimate might have been as many as 20 000 of BugTraq's readers, became unwitting participants in an attack against Nai.com.

Douglas Hurd, European business development manager for security products at Network Associates, said the attack affected the availability of Nai.com for 90 minutes.

"This was a denial of service type attack - with no penetration of our corporate network. Basically we got blasted with a lot of traffic - which was all noise," said Hurd, who said the effect would have been much worse if the firm did not already have both perimeter defences and intrusion detection software in place.

Unsurprisingly Hurd takes an extremely negative view of the posting of the Trojan, but he is not particularly harsh in his criticism of BugTraq.

"I accept there has to be openness in Internet communities like BugTraq but they have to be made more secure, so that they can't be used against firms. This isn't easy to do because you can't take a totalitarian approach to security."

Chris McNab, a network security analysts at MIS Corporate Defence, said that since BugTraq is a moderated security list the malicious posting, which he said contained fairly sophisticated code, should nonetheless have been detected earlier.

Network Associates issued a security advisory about the BIND vulnerability earlier this week, and McNab said the mode of attack used by the Trojan, sending packets to Network Associates DNS servers, suggests a possible revenge motive for the attack.

"Network Associates web site was intermittently up and down last night," said McNab, "NAI's Covert Labs discovered the BIND problem and this could be an attempt to kick NAI in the shins. This was quiet sophisticated coding and not the work of script kiddies, we're dealing with elite crackers here."

The posting of the malicious code to BugTraq was made from made from nobody@replay.com, an email address of an anonymous posting service. A hunt is on to discover who was responsible for the attack, by Network Associate's Hurd did not express any particular confidence that the attacker would be brought to book. ®

External links

Vulnerabilities in BIND 4 and 8

Topics

Special Features

Vendor Voice

Resources

Legal

Network Associates weathers DoS attack

Crackers seek revenge for unravelling of BIND bug

External links

Related Stories

More about

TIP US OFF

Other stories you might like

Software glitch saw Aussie casino give away millions in cash

HPE sues China's Inspur Group over server patents

Hugely expanded Section 702 surveillance powers set for US Senate vote

Reducing the cloud security overhead

Snowmobile, Amazon's truck-powered migration service, reaches the end of the road

Uncle Sam earmarks $54M of CHIPS funding for small-biz semiconductor boffinry

Psst, hey. It's the NSA. You want some AI security advice?

America may end up with paid-for 5G fast lanes under net neutrality anyway

ASML ships another high NA EUV lithography machine to mystery client

Kremlin's Sandworm blamed for cyberattacks on US, European water utilities

Boston Dynamics' humanoid Atlas is dead, long live the ... new commercial Atlas

Are we in a cost of technology crisis? Our vultures think so

About Us

Our Websites

Your Privacy