Thursday, 24 May 2007

P2P networks used to launch DDoS attacks

I read a pair of notes about P2P networks (using DC++) hijacked to create botnets. The problem is caused by a vulnerability in the code of the P2P software that allows the injection of malicious code. The compromised host can be used to launch DDoS attacks.


Wednesday, 23 May 2007

Some Security Tools

In the ISC SANS website, Jim Clausing publish a list of tools to capture, analyze, generate, modify and replay packets (the note does not mention "analyze but I think some of the tools cab be used to do it)

I wonder why are not there tools such as tcpreplay and vomit (used in Voice over IP). For more information about security tools a good resource is

To use secure linux distros I would recommend Backtrack (based on slackware) and S-T-D (based on Kanoppix).


Distributed Denial of Service (DDoS) Attacks are Back

Yes, the Distributed Denial of Service (DDoS) Attacks are not in the past as pointed by Symantec's Yazan Gable in the enterprise blog. Some examples after his comments:

Finnish Website prey of DoS
DDoS/DoS to
Computer Terrorism For Sale

And that is not at all. Yesterday the British's Daily Telegraph website was knocked out by a DDoS (the note). In my opinion the more critical event was the apparent Russian's Cyber Attack against Estonia's network infrastructure some days ago. There are not yet enough information to clarify the incident but it would not be the first time that hackers from different countries attack each other after some political events (China v.s Taiwan). This remind me the comments of Professor Dorothy Denning in her book Information Warfare and Security. (Professor Denning was one of the first research works on Intrusion Detection Systems (IDS), her paper).

My opinion is that DDoS will be there no matter what security companies say. While the motivation exists, the problem will remain.