Network Associates in a bind

News

Network Associates in a bind

Will Garside
Network Associates has been subjected to a denial of service attack that took advantage of the recently publicised vulnerabilities in the Berkeley Internet Name Domain (BIND) server, which affects the majority of the world's DNS servers.

Will Garside and Matthew Burgess

The attack was made via a Trojan horse that was posted to security industry mailing list BugTraq.

The malicious code was disguised as an example of how to exploit BIND vulnerabilities. Anyone running the code inadvertently launched a denial of service attack on Network Associates' Web site.

NAI spokesman Doug Hurd commented: "We did have a lot of traffic pushed to our gateway last night, which we believe was a load-based DOS [denial of service] attack. This was detected by our systems and through contact with our ISP we stopped the bulk of the attack. Our network was never penetrated and during the attack we managed to gather information regarding the identities of those involved."

"We have no proof that the attack originated from the posting of the BugTraq list," continued Hurd, "although we cannot rule this out. BugTraq is a valuable service and we will continue to support it."

Neil Barratt, technical director of Information Risk Management said:

"We have been waiting for the first person to exploit the BIND vulnerability so this is not a surprise. When this exploit was posted, we grabbed it and played with it - more people should have treated it with kid gloves and this is the result of these lapses. DOS is not difficult to do and this won't be the last DOS attack against a high profile target."

Gunter Ollman, principal consultant of Internet Security Systems speculates that NAI could already be tracking the culprit down:

"The Trojan was written in assembly code and the style that the code has been written in can often determine where it came from."


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy