Google
Useful Links: ____ Article Search -___ Link Parters ___- Ebook Library___- Product Search

place1holder

.
New Articles
Ebook Library
Link Exchange
Advertising Space
Computer Directory
Join Our Newsletter
Name:
Email:


You will recieve a weekly email that contains new articles, useful product recommendations & more! [Privacy]


place2holder



Further
Reading ...
Web Host Ethics
Okay, I've had to change web hosts half a dozen times in the last year and I've noticed a pattern. It's a very clear and simple pattern, actually a series of behaviors on the part of web hosting companies. These behaviors cause these companies to...

Configuring Email Addresses
When configuring an email client it is important to set up the correct email addresses. Here we will look at email address set up that is generally applicable to all email clients (outlook express, IncrediMail) and all email providers -POP3...

Recovering Microsoft Great Plains Customization – tips for IT Director
Remember nice and prosperous Clinton era? When you implemented innovative those old days accounting application – Great Plains Dynamics. And did a lot of customizations to fit your business requirements precisely. You still remember the names of...

Bollywood Movies
mail is an experiment in a new kind of webmail, built on the idea that you should never have to delete mail and you should always be able to find the message you want. The key features are: * Search, don't sort. Use Google search to find the...

 

How A Security Specialist Fell Victim To Attack
Written By:
Darren Miller
You may reprint or publish this article free of charge as long as the bylines are included.

Original URL (The Web version of the article)

------------


How A Security Specialist Fell Victim To Attack

Title

-----

How A Security Specialist Fell Victim To Attack

E-mail Attacks - A Bad Day For Submitting Articles

-----------------------------------------------

These days, I write several pages for our site plus two to
three articles per week. The first places these articles are
posted are DefendingTheNet.com and CastleCops.com. Several
days later, I post these articles on other submission sites.
This is standard operating procedure in the world of article
submissions.

E-mail Attacks

--------------

For the most part, articles are re-published without you
even knowing. You typically find out when someone visits
your site from another where the article has been posted.
Other times, the site that plans on posting the article
e-mails you and asks you to review it before it goes live.
Two weeks ago, I received one of these e-mails. Email attack
- It was all downhill from there.

To Click Or Not To Click, That Is The Question

----------------------------------------------

Our systems are protected by state of the art security
systems. Our SPAM filter is a hardware device that is nearly
100% effective. It also helps in protecting against Spyware
and other malicious code. Our Firewall is similar to those
you would find in large corporations. Our Anti-Virus system
has served us well and we've not had problems with virus for
years. I'm not claiming that our systems are 100% protected
as there is no such system at this point in time. However,
we are fairly confident in our security systems.

Two weeks ago, I received approximately twenty e-mails
requesting the review and approval of Defending The Net
articles published on other sites. I thoroughly review the
e-mails to make sure they seem legitimate. I review the
url's included to make sure they are valid and not
redirected to a site that is IP only. The last e-mail I
reviewed seemed to be in proper order. When I clicked on the
URL to the article, the site failed to load.

Approximately five minutes later, my system slowed to a
crawl. I reviewed the running services on the machine and
found that the "SYSTEM" process was running at 100% CPU
utilization. A thorough review of the system did not reveal
anything out of the ordinary. Yet, the machine was barely
operating.

After rebooting the system in safe mode and reviewing - continued below ...




continued ...
the
event logs, I found the cause of the problem. The event log
revealed that the TCP/IP stack repeatedly exceeded the maxim
number of connections. I had fell victim to a local machine
Denial Of Service attack.

In most cases, an event like this would reveal at least
something out of the ordinary; A registry entry, file, or
service that should not be present. But not in this case.

The computers local drives were imaged to preserve their
current state. The images were then submitted to our
Anti-Virus and Firewall vendor research teams. As of today,
they have not been able to determine the exact cause of the
problem. They do know something malicious is going on, and
are looking closely at the TCP/IP stack and system process.
Short-term investigation points in the direction of one of
these components being modified or corrupted. It's quite
possible that a new vulnerability exists and I'm fairly
confident they will be able to pinpoint it.

What's The Point

----------------

I've seen just about every type of exploit, vulnerability,
and e-mail attack you can think of over the years. Some
items we uncover during security assessments would make your
jaw drop.

It never ceases to amaze me how many people out there just
don't care what kind of problems or damage they cause. It
appears as if the point of this recent e-mail attack was
nothing more than to cause the recipient grief, to put the
target computer out of business for a while. One things for
sure, it resulted in a bad day for me. The time I had to put
into investigating the situation, and preparing the images
for delivery to our vendor, could have been spent working on
something productive.

Conclusion

----------

Because of this event, we have configured a dedicated system
who's sole purpose in life is to test potentially harmful
url's. It is actually a virtual machine that if attacked,
can be configured to its default state within seconds.

I can only imagine the stress and frustration others without
technical experience or resources must go through when
something like this happens. I receive countless e-mails
from our site visitors regarding their concern that they may
have been attacked or compromised. I wish I could help them
all out directly but that is not always a reality.

What I can do is share my experiences and recommendations.
This is one of the primary reasons why I enjoy writing
articles as much as a do.

About the Author

Darren Miller is an Information Security Consultant with
over sixteen years experience. He has written many technology
& security articles, some of which have been published in
nationally circulated magazines & periodicals. Darren is a
staff writer for www.defendingthenet.com and several other
e-zines.


_Additional Resources ...








How to Get a Blog on the Internet
Of all people in the world I was easily one of the most pessimistic about computers, the Internet and now that I even know they exist-blogs. I think blogs are pretty cool but I never thought I could have one. I thought the processes of getting a...

Infested with Spyware ? Here are some solutions
When conducting business online every computer user, business and personal, is in jeopardy of being infested with spyware. By clicking on insecure sites or pop ups and downloading freeware programs you may be letting in spyware applications. Once in...

Buffer Underrun and Overrun Scenarios
---------------------------------------------------------- Permission is granted for the below article to forward, reprint, distribute, use for ezine, newsletter, website, offer as free bonus or part of a product for sale as long as no changes are...


This website is powered by Hostland ...