Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: From the mailbag: Sympatico hacked, TCP dead, SHA-1 out, Belarus DoS - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
From the mailbag: Sympatico hacked, TCP dead, SHA-1 out, Belarus DoS

In other news this week...

Sympatico may have been hacked, TCP might be dead, SHA-1 may be on its way out, and political hacktivism.

A major ISP in Canada, Sympatico, appears to have had a breach of their web site according to Websense, malicious code appeared to have been inserted briefly. More info is here http://securitylabs.websense.com/content/Alerts/3416.aspx

A major issue with the TCP protocol implementation may lead to Denial of Service (DoS) to virtually any web site. Reported in Phrack issue 66.

The SHA-1 hashing algorithm is showing its age, researchers may be on their way to creating practical collisions. The paper is found here. http://eprint.iacr.org/2009/259.pdf

Arbor reports that Denial of Service attacks have been ongoing against a Belarus news site. The article is here. http://asert.arbornetworks.com/2009/06/ddos-floods-in-belarus-political-motivations/

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Adrien de Beaupre

353 Posts
ISC Handler
Still getting my head around the TCP 'attack', but out of curiosity I'm using this iptables rule to check for the 'win 0' packets used to trigger this: -p tcp -m u32 --u32 "12 & 0x0000ffff = 0" -j ZERO-WIN
Steven C.

171 Posts
Speaking of political DDoS, the British National Party was under frequent DDoS during the UK's elections for European Parliament. The Conservative party also claimed they were briefly offline on election day due to a DDoS attack, and I observed other party websites running very slowly, perhaps due only to bursts in genuine traffic.
Steven C.

171 Posts

Sign Up for Free or Log In to start participating in the conversation!