Zombie attacks can be traced

Featured eBooks
Health Tech
Read Now

Next-Generation Computing

Read Now

Space Tech

Read Now
Insights & Reports
Cyber-Informed Engineering for OT Security and AVEVA PI Users
Presented By Carahsoft
Download Now
Revolutionizing Workforce Management for Federal Employees
Presented By Ultimate Kronos Group
Download Now
By Dan Verton

By Dan Verton

|

The overwhelming amount of system logs that must be combed through to locate the culprits in last week's denial of service attacks on the Internet undoubtedly has slowed the FBI's investigation and created a formidable obstacle to compiling forensic evidence.

The overwhelming amount of system logs that must be combed through to

locate the culprits in last week's denial of service attacks on the

Internet undoubtedly has slowed the FBI's investigation and created a

formidable obstacle to compiling forensic evidence.

But security experts say technologies are available that could have aided

the companies that found themselves the targets of such attacks, as well as

the FBI, which is now involved in a frantic search for the hackers.

Parhe Pruthi, president and chief executive officer of Niksun Inc., said

his company offers a tool called Net Detector that could detect denial of

service attacks and compile a log of electronic footprints leading back to

the originator of the attack.

"It's a network security appliance that filters data in real time," Pruthi

said. "It's like a recorder.... So when something like this happens, it is

able to detect it and alert you right away, and it has all of the packets

recorded so that you can reconstruct where the hacker came from."

However, such tools have yet to be widely adopted by Internet companies.

Although the FBI has offered its own tool for companies to download, many

are skeptical of the FBI's motives because it has not released the code

behind the tool for inspection.

Paul Bresson, an FBI spokesman, said the FBI does not release the source

code so that the bureau can prevent hackers from seeing the electronic

signatures the agency looks for. "We don't want to provide a roadmap for

someone to basically penetrate any vulnerabilities that we might have," he

said.

Niksun recently installed Net Detector on a university network, similar to

the ones used as a launch pad in last week's denial of service attacks, and

tracked a hacker who compromised the university's server. "We were able to

go in and recreate where the hacker came from, how he picked the lock on

the secure server he compromised, what type of Trojan Horse he put in the

system and how he initiated a denial of service attack," Pruthi said.

More importantly, the product's recording and storage capabilities enable

companies to compile volumes of data that can later be used to make the

FBI's job of tracing the culprits more efficient, Pruthi said.

Other companies offer similar tools, but experts say that automating an

enterprise's intrusion detection and tracking mechanism is key to assisting

the law enforcement investigation during such incidents.

— L. Scott Tillett contributed to this story

IN THIS SERIES

Network security problems at EPA "serious and pervasive"

Security problems force EPA off the Internet

Industry teaming on cybersecurity analysis center

FBI urges Congress to provide more cybersecurity funding

Justice Department studying cybercrime law

Feds to industry: You have a responsibility for security too

DMS security cracked during testing

Cyber security meeting participants list

Asleep at the security wheel?

NSA concerned about PKI scalability

Conspiracy theories abound

Few downloaded FBI tool to detect e-commerce attacks

Details of President Clinton's National Plan for Information Systems Protection

Related Sites

FBI counter-denial-of-service software

BY Daniel Verton
Feb. 18, 2000

More Related Links

NEXT STORY: Security problems force EPA off the Internet