Are government servers responsible for DOS attacks?

By Diane Frank

By Diane Frank

|

The network security and consulting firm Network Associates Inc. is offering a freeofcharge solution to uncovering the source of this week's denial of service attacks. Some fear government systems may contain the attack code

Network Associates Inc. Thursday released two updates to its information security products free of charge that will detect and remove the underlying vulnerability behind this week's cyberattacks on commercial Internet sites, a vulnerability that possibly turned federal agencies into launching points for the attacks.

A security gap in Solaris and Linux-based servers that allows hackers to place malicious code on a server without the administrator's knowledge is responsible for the series of denial-of-service attacks this week against the Yahoo, eBay, ETrade and Buy.com World Wide Web sites. The attacking code, in the form of an agent, is placed on many machines, which then send multiple requests to the victim's server, essentially flooding the system and forcing administrators to shut it down.

While federal sites have not yet been attacked in such a manner, many officials are concerned that agency systems are unwittingly hosting these agents and are therefore participating in the attack. The FBI, Commerce Department and the Federal Computer Incident Response Capability are working with agencies to determine whether their systems are hosting the agents, and the FBI's National Infrastructure Protection Center has posted a tool that agencies can download and run on their systems to detect the code.

Following the first attacks earlier this week, Network Associates started working on updates to its VirusScan and CyberCop products and services, said Peter Watkins, president and chief executive officer of Network Associates. The company is now offering all of these updates, including a free one-time scan and report, for download through their Web site.

The CyberCop Zombie scan is an extension of the Network Associates' new myCIO.com managed security services offerings. Although now part of the CyberCop ASaP vulnerability scanning service, users can perform a free, one-time CyberCop Zombie scan that will check a system for the agent and the vulnerability. If anything is found, it will be reported back to the system administrator via e-mail, along with the method to remove the agent and the patch to fix the vulnerability, said Zach Nelson, CEO of myCIO.com.

Network Associates has also added the scan for this vulnerability to its VirusScan product, which can be downloaded as an update and will run along with the rest of the checks whenever a scan is scheduled.

MORE INFO

Denial-of-service attacks are when a system is rendered unusable for legitimate users because a resource is "hogged," damaged or destroyed. Denial-of-service attacks may be caused deliberately or accidentally.

Three common forms of network denial-of-service attacks are service overloading, message flooding and signal grounding. Although they are difficult to prevent, many denial-of-service attacks can be hindered by restricting access to critical accounts, resources and files.

(From the National Institute of Standards and Technology's Computer Security Resource Clearinghouse)

Related Stories

Dot-com attacks seen as wake-up call for feds

Proactive e-security

Related Sites

NIPC tool

Network Associates CyberCop Zombie scan

Carnegie Mellon University CERT advisories

BY Diane Frank
Feb. 10, 2000

More Related Links

NEXT STORY: ZENworks 2.0 brings desktop control closer

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.