I was reading the ever cynical UK register (I love thier style), and I come across this article that had me on the floor laughing. Apparently NAI was under a DDOS attack yesterday for about 90 minutes. Not an unusual occurance nowadays (unfortunatly) but the hilarious thing is that it was not launched by a lone teenager sitting bored in his parents basement. It was launched by up to 20,000 security professionals and enthusiasts.
On Wednsday, Jan 31, a person posted code for an expliot for the recently discovered BIND problem onto the ever popular Bugtraq mailing list (hosted by Security Focus who removed it after they said they would not). The script was rather sophisticated and had the initial appearance of something related to BIND and not to NAI. An unknown number of subscribers, many of whom (like myself) are security enthusiests/professionals, compiled this program to test thier servers. What they did'nt know was that it forked off many copies of itself and was dumping a tremendous number of requests at dns1.nai.com. NAI's labs were the ones who discovered the BIND flaw, leading many to belive this was a retaliation for releasing the details.
Now on to the RANTING!
Network associates, once touting themselves as the largest security company on the planet, who now can no longer afford thier domains (OK, blatent plug) are taken down by a (now) common attack. One would think to lead by example and install some sort of throttling on thier routers. Hell, even I have some facility at home to control that.
I digress though, the program used was fairly sophisticated. Looking at the source it is not immediatly apprent that it is attacking anything unless you run it and monitor what it's doing. However the methods of distribution had to be one of the more elegantly simple ways, the funny part was that it was not the general 'non-security-aware' public, it was security professionals!, people who should generally know better than to run untrusted code from a site that anyone can subscribe to. It points to a lack of paranoia that is unfortunatly nessecary in this industry.
With the recent DNS troubles of M$ and the defacement of NAI's and Microsoft forgein sites it makes you take pause at the actions of the whole industry
Every day I see new vulnerabilities and the reaction of industry to package a new fix for the marketplace, but it's getting to the point where even those in the industry that most look to, to protect them frow the problems, are getting nailed by the very glitches they find or create. I think It's time to re-vamp the way we look at security
Return To Main