[ISN] Cracking Tools Get Smarter

From: mea culpa (jerichoat_private)
Date: Wed Mar 03 1999 - 03:14:42 PST

  • Next message: mea culpa: "[ISN] Under lock and key (crypto)"

    Forwarded From: William Knowles <erehwonat_private>
    [Wired.com] (3.3.99) With awe and alarm, security analysts have observed
    the capabilities of Nmap, a network-scanning program that crackers are now
    using to plot increasingly cunning attacks.
    "Just before Christmas, we detected a new [network] scanning pattern we'd
    never seen before," said John Green, a security expert on the "Shadow"
    intrusion-detection team at the US Navy's Naval Surface Warfare Center.
    "Other sites have seen the same activity. The problem was, no one knew
    what was causing it." 
    Green made the remarks Tuesday in an online briefing hosted by the SANS
    Institute, a nonprofit network-security research and education
    organization. The group held the briefing to alert network administrators
    of the alarming increase in the strategies of network attacks. 
    The culprit software prowling outside the doors of networks participating
    in the study is Nmap, an existing software utility used by administrators
    to analyze networks. In the hands of intruders, security analysts
    discovered, Nmap is a potent tool for sniffing out holes and network
    services that are ripe for attack. 
    The analysts didn't look for actual damage that was carried out.  Instead,
    they silently watched as various networks were scanned by untraceable Nmap
    "The intelligence that can be garnered using Nmap is extensive," Green
    said. "Everything that the wily hacker needs to know about your system is
    Rather than feel in the dark to penetrate network "ports" at random, Nmap
    allows intruders to perform much more precise assaults. The implications
    are a bit unnerving for the network community. The tool makes planning
    network intrusions more effective, while simultaneously bringing this
    sophistication to a wider audience of hackers. 
    "It takes a lot of the brute force out of hacking," said Green. "It allows
    [intruders] to map hosts and target systems that might be vulnerable." 
    And that should result in a higher success rate for attempted intrusions. 
    "I think we're going to see more coordinated attacks. You can slowly map
    an entire network, while not setting off your detection system,"  said
    software developer H. D. Moore, who debriefed network analysts at the
    But Moore is part of the solution. He authored Nlog, software that
    automatically logs activity at a network's ports and parlays it to a
    database. Weekly checks of the database enable the user to tell if someone
    is performing an Nmap analysis. 
    Nlog serves as a companion tool to Nmap. Just like intruders,
    administrators can use Nmap to detect their own network weaknesses, then
    plug the holes. 
    Prevention is the only defense, Green and Moore said. There is no other
    known way to combat an Nmap-planned network attack. 
    "Right now it's basically a suffer-along scenario," Green said. But, at
    least, Nmap lets administrators "know what the hackers know about you." 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:20:10 PDT