New Windows tools fend off denial-of-service attacks
Last week saw the release of distributed denial-of-service (DDoS) attack agents for the Windows platform, agents that had previously been known to work only on Unix and Unix-like systems. These were first discovered at James Madison University, and the news has been widely reported. But security experts say the Windows port of the tools was not really surprising.
"Nobody [in the security community] was surprised that there was a Windows port," says Carole Fennelly, a partner in Wizard's Keys Corporation and a security columnist for SunWorld magazine. "What was surprising was that it surprised everyone else."
Trend Micro was the first to release updates to its virus detection software that would eradicate such Windows-based trinoo agents as troj_trinoo and wintrinoo; other antivirus companies quickly followed. The company has also published information on how to detect and remove the Windows-based DDoS tools manually.
BindView, a company that provides administrative and security tools, has released updates to its Zombie Zapper program, a tool that helps fend off denial-of-service attacks. The program works by duplicating the command a cracker would send to the attacking DDoS agents (called zombies) to stop the packet attack. In the downloadable configuration, Zombie Zapper sends the default message zombies expect to hear from their masters when told to cease an attack.
Although Zombie Zapper hasn't yet been tried out in the field, it has performed well in simulations, according to security analyst and BindView Razor team member Mark Loveless. Loveless is also known in security circles as Simple Nomad.
The tool has been released free and accompanied by source code so that security professionals can alter the stop-attack message in cases where a cracker has altered an attack tool's default settings. The stop-attack command can be salvaged from an attack program by using disassembly or other methods. As new agents and agent messages are discovered, they will be added back into the original Zombie Zapper source tree.
Currently, Zombie Zapper can send cease-and-desist orders both to Unix- and Windows-based zombies. The tool should be downloaded in advance of an attack.
When used in conjunction with new tools such as Zombie Zapper, a solid set of security practices can do the most to protect computers from becoming unwitting dupes in DoS attacks.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
