From the "I can't believe it's Java!" department comes Visual Route. If you like mapping and/or if you like networking you'll probably get a kick out of this app. Nicely done interface with all kinds of interesting goodies. I tracked a spam email back through VA, GA, MD, London, Paris, Frankfurt, and finally to Infostrada hosting in Italy.
1 comment
permanent link
email thisWhen we moved offices I setup our network with a Sonicwall firewall/router. It's a pretty cool unit, quite a step up from the little home Linkysys boxes I'd played with before. Among its many feautures it will send out email alerts when someone is attacking the network. This means at least once a day I get an email that someone is attempting a Smurf Amplification Attack or a Ping of Death or something equally weird.
After this weekend's Microsoft SQL worm cluttered up the Internet and slowed things down one has to wonder how much faster and fun the Internet would be without all of the attacks and spam. Of course that's like wondering how enjoyable and educational the Science and Discover channels might be without all of those brain dead advertisements. I suspect the whole reason Tivo was invented was an the engineer wanted a way to skip the bowflex ads and the repetitive announcer before and after each break.
For your work-break reading pleasure let me clog the internet with the following list of potential network attacks.
Back Orifice Attack Back Orifice is a Trojan Horse attack that, once executed on a remote computer, will allow an attacker to perform illicit activities such as capturing screenshots or keyboard commands, performing file transfers, or installing applications. Back Orifice communicates over TCP port 31337. IniKiller Attack IniKiller is a Trojan Horse attack that allows an attacker to destroy .ini files on a remote computer communicating over TCP port 9989. IP Spoof An IP Spoof is an intrusion attempt in which a hacker attempts to send TCP/IP packets using the address of another computer. This can be used to access a protected network by using an IP address of a machine on the protected network. The SonicWALL recognizes this as an intrusion attempt and drops these packets. An IP spoof alert on the log often indicates a SonicWALL misconfiguration; if you see an IP spoof alert, make sure that all IP addresses on the LAN, WAN, and DMZ are correct. This can also occur if an IP address on the LAN does not fall within the LAN subnet. Land Attack A Land Attack is an attempt to slow down a computer or network connection. In a Land Attack, a packet is sent with identical source and destination IP addresses which match an IP address of a computer on the network. Because this is theoretically impossible, Windows goes into an infinite loop trying to resolve these illegal connections, causing the whole network performance to be degraded. NetBus Attack NetBus is a Trojan Horse attack for Windows 95/98/NT that, once executed on a remote computer, will allow an attacker to perform illicit activities such as opening and closing the CD-ROM, starting applications, showing different messages or even redirecting a web browser to a specific URL on the Internet. NetSpy Attack NetSpy is a Trojan Horse attack that allows an attacker to perform illicit activities on a remote computer communicating over TCP port 1024. Ping of Death A ping of death is a denial of service attack that attempts to crash your system by sending a fragmented IP packet. IP does not allow single packets to exceed 65536 bytes, but the fragments themselves can add up to more than that. Since this is a theoretically impossible condition, operating systems crash when they receive this data. A ping of death attack can be launched from older versions of Windows-newer versions of Windows prevent users from sending these packets. Port Scan A Port Scan indicates that someone may be scanning your system to identify open ports. Sometimes this is done in preparation for a future attack or to identify whether you have rules which allow a service susceptible to attack. A false positive may occur if an application or user is legitimately connecting to several ports. To determine whether this is likely, look at the port to see if it is an expected port number. Priority Attack Priority is a Trojan Horse attack that allows an attacker to perform illicit activities on a remote computer communicating over TCP port 16969. Ripper Attack Ripper is a Trojan Horse attack that allows an attacker to steal passwords from a remote computer communicating over TCP port 2023. Senna Spy Attack Senna Spy is a Trojan Horse attack that allows an attacker to perform illicit activities on a remote computer communicating over UDP port 13000. Smurf Attack A Smurf Attack occurs when a single packet such as an ICMP echo frame is sent to a group of machines on the Internet with the source address replaced by the target computer or network IP address. This causes a flurry of echo responses to be sent to the target machine, which can overflow the target computer or network. This alert indicates that somebody is attempting to use your network as a smurf amplifier. Broadcasts on the local segment can sometimes trigger false Smurf Attack alerts. Striker Attack Striker is a Trojan Horse attack that allows an attacker to crash remote Windows PC’s communicating over TCP port 2565. SubSeven Attack SubSeven is a Trojan Horse attack that allows an attacker to perform illicit activities on a remote computer communicating over TCP ports 6667, 6711 and 27374. This Trojan is particularly dangerous and can send an IRC chat message to notify the hacker that the system is up and running. SYN Flood Attack A SYN Flood is a denial of service attempt in which TCP connection requests are sent faster than the system can process them. This causes the memory to fill up, forcing the new connections to be ignored. This detection triggers whenever a large number of SYN packets are seen in a short period of time. There are cases when it will trigger incorrectly, producing a false positive. For example, if a busy website becomes unavailable for a few minutes, then is brought back online, this event triggers because of the "pent up" connections waiting for the system to become available. Stealth Scanning Stealth scanning is used by intruders to discover what ports are listening on a machine without being detected. A TCP FIN, or Stealth FIN, scan will send a FIN packet to each port. A Xmas Tree scan uses packets with the FIN, URG, and PUSH flags set. A Null scan will send packets with no TCP flags set.
TedHieron • 2003-01-27 02:19pm
The "Land Attack" reminds me of the "Nomad" episode of the original Star Trek. Silly.
Doug L. • 2003-01-27 05:36pm
Next question: How many of these particular attacks would be effective in their current forms if computers running Microsoft operating systems were not permitted on the net?
Just curious...
Jeremyx • 2003-01-27 08:55pm
If Microsoft Operating Systems were not allowed on the net, then this list would contain exploits for the next most popular OS. If Linux or Mac had the market share M$ does, then we'd see just as many Linux or Mac viri too...
Jerry • 2003-01-28 12:32pm
So you are saying that people who run Windows are sort of like the front line in a hand-to-hand field battle? They are up there taking arrows, spikes, and swords, while the rest of us sit back and contemplate strategies and sip Champagne?
We should pause from time to time to thank the hapless windows users for being such good decoys and foils.
":^)
Faith • 2003-01-28 10:14pm
I am Nomad. I am HE!
You will be absorbed...
Or was that Landru?
What's the kick in slowing down the net? Just doesn't make any sense. Or is it just getting your 'baby' on the news?
Send this message to 8 friends or you will have bad luck for 8 years. A man in new Hampshire did not forward this message and he got 3 feet of snow...
This one is for Faith. Kombu Noodles, a flourless noodle made from 100% seaweed. Saute Wednesday offered a description:
The Kombu Seaweed Noodles are made from kelp found in the China Sea, although these are the giant version, with strands reaching over 1500 feet long. The kelp is harvested, cleaned and cooked, until it is a big gelatinous mass, and then extruded into a noodle form. They are then packed in 6 oz. packages and shipped frozen.
I can't imaging being online much without this valuable and fun tool! I've used it for years. They now have another product specifically aimed at getting information about spam sent to you.