<nettime> [jitof:341] KNOW WHAT HACKERS KNOW ABOUT YOU

["david d'heilly" <david {AT} 2dk.net>]

forwarded message
********************

Date: Sat, 13 Mar 1999 11:32:40 +0900
From: Chris Case <r-anima {AT} qb3.so-net.ne.jp>
Subject: [jitof:341] KNOW WHAT HACKERS KNOW ABOUT YOU


   The cracker's screwdriver has become more of a Swiss
   Army knife, his F-16 more of a stealth bomber. With awe
   and alarm, security analysts have observed the
   capabilities of Nmap, a network-scanning program that
   crackers are now using to plot increasingly cunning
   attacks.

   "Just before Christmas, we detected a new [network]
   scanning pattern we'd never seen before," said John
   Green, a security expert on the "Shadow" intrusion-
   detection team at the US Navy's Naval Surface Warfare
   Center. "Other sites have seen the same activity. The
   problem was, no one knew what was causing it."

   Green made the remarks in an online briefing hosted by
   the SANS Institute, a nonprofit network-security
   research and education organization. The group held
   the briefing to alert network administrators of the
   alarming increase in the strategies of network attacks.

   The culprit software prowling outside the doors of
   networks participating in the study is Nmap, an existing
   software utility used by administrators to analyze
   networks. In the hands of intruders, security analysts
   discovered, Nmap is a potent tool for sniffing out holes
   and network services that are ripe for attack. The
   analysts didn't look for actual damage that was carried
   out. Instead, they silently watched as various networks
   were scanned by untraceable Nmap users.

   "The intelligence that can be garnered using Nmap is
   extensive," Green said. "Everything that the wily
   hacker needs to know about your system is there."

   Rather than feel in the dark to penetrate network
   "ports" at random, Nmap allows intruders to perform
   much more precise assaults. The implications are a
   bit unnerving for the network community. The tool
   makes planning network intrusions more effective,
   while simultaneously bringing this sophistication to
   a wider audience of crackers.

   "It takes a lot of the brute force out of hacking," said
   Green. "It allows [intruders] to map hosts and target
   systems that might be vulnerable."

   And that should result in a higher success rate for
   attempted intrusions. "I think we're going to see
   more coordinated attacks. You can slowly map an
   entire network, while not setting off your detection
   system," said software developer H. D. Moore, who
   debriefed network analysts at the conference.

   But Moore is part of the solution. He authored Nlog,
   software that automatically logs activity at a
   network's ports and parlays it to a database. Weekly
   checks of the database enable the user to tell if
   someone is performing an Nmap analysis.

   Nlog serves as a companion tool to Nmap. Just like
   intruders, administrators can use Nmap to detect
   their own network weaknesses, then plug the holes.

   Prevention is the only defense, Green and Moore said.
   There is no other known way to combat an Nmap-planned
   network attack.

   "Right now it's basically a suffer-along scenario,"
   Green said. But, at least, Nmap lets administrators
   "know what the hackers know about you."

   http://www.nswc.navy.mil/

 . . . . . . . . . . . . . . . . . . . . . . .

---
#  distributed via nettime-l : no commercial use without permission
#  <nettime> is a closed moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo {AT} desk.nl and "info nettime-l" in the msg body
#  URL: http://www.desk.nl/~nettime/  contact: nettime-owner {AT} desk.nl