From the mailbag: Sympatico hacked, TCP dead, SHA-1 out, Belarus DoS

From the mailbag: Sympatico hacked, TCP dead, SHA-1 out, Belarus DoS
In other news this week... Sympatico may have been hacked, TCP might be dead, SHA-1 may be on its way out, and political hacktivism. A major ISP in Canada, Sympatico, appears to have had a breach of their web site according to Websense, malicious code appeared to have been inserted briefly. More info is here http://securitylabs.websense.com/content/Alerts/3416.aspx A major issue with the TCP protocol implementation may lead to Denial of Service (DoS) to virtually any web site. Reported in Phrack issue 66. The SHA-1 hashing algorithm is showing its age, researchers may be on their way to creating practical collisions. The paper is found here. http://eprint.iacr.org/2009/259.pdf Arbor reports that Denial of Service attacks have been ongoing against a Belarus news site. The article is here. http://asert.arbornetworks.com/2009/06/ddos-floods-in-belarus-political-motivations/ Cheers, Adrien de Beaupré Intru-shun.ca Inc.	Adrien de Beaupre 353 Posts ISC Handler
Reply Subscribe	Jun 12th 2009 9 years ago
Still getting my head around the TCP 'attack', but out of curiosity I'm using this iptables rule to check for the 'win 0' packets used to trigger this: -p tcp -m u32 --u32 "12 & 0x0000ffff = 0" -j ZERO-WIN	Steven C. 171 Posts
Reply Quote	Jun 13th 2009 9 years ago
Speaking of political DDoS, the British National Party was under frequent DDoS during the UK's elections for European Parliament. The Conservative party also claimed they were briefly offline on election day due to a DDoS attack, and I observed other party websites running very slowly, perhaps due only to bursts in genuine traffic.	Steven C. 171 Posts
Reply Quote	Jun 13th 2009 9 years ago