In Depth
A Health-Care Provider Solves a Denial-of-Service Mystery
After daring a security vendor to prove his product worked, one network engineer ends up with a global solution for a denial-of-service attack.
By Scott Berinato
she didn't know was that the owners of the site had rigged Google so that the first five hits in a Google
search for the toolbar directed the searcher to an attack site posing as the legitimate toolbar site.
The three days of the crisis were the employee's first three days on the job. She was mortified and
thought she would lose her job. (She did not.) And even though Smith's team had uncovered all this
information, "There were still a lot of unknowns," he says, specifically about how it worked and how to
block it if someone did accidentally land on the site. While Smith could harden the network at the
firewalls, remote users remained a threat to accidentally bring another, similar attack to the network. So
Smith blasted a series of awareness e-mails to remote users, and hoped.
Sales Jujitsu
Several weeks passed without incident. Then one day, sitting through a sales pitch, Smith had a
eureka moment when the salesman promised that his product would have stopped the DoS attack.
p>
So Smith told the vendor, SecureWave, to prove it. It was sales pitch jujitsu, using the vendor's
claims of strength to Smith's advantage. It was also a clever ploy for a company strapped for security
resources. After all, Smith had been unable to pursue the source of the DoS attack. "We didn't think
they could stop the attack or figure it out," Smith says plainly. "The [vendor's] engineer was all for it. I
think the salesman was more nervous it wouldn't work and he would lose a sale."
So that day, the vendor and Smith's guys set up the system in a lab and invited the malicious
website that had attacked the network weeks before onto the lab network.
Within minutes, the test machine was rendered useless. But this time, Smith could see how the
attack wended its way onto his network. It was an exploit of Java and ActiveX vulnerabilities, and it was
professional-grade code, Smith says. "We were amazed at how sophisticated the thing was. It had
hundreds of techniques at its disposal, and it would try one after the other until something worked.
And it just got deeper and deeper into the network. This was not amateur at all."
Smith was satisfied with the demo, but unsatisfied leaving the results in the lab. Smith volunteered
the information to all interested parties. He informed Google about the rigged search results. He shared
information on the vulnerability with the major antivirus vendors and Microsoft. He handed the exploit
code over to experts who confirmed its sophistication and nastiness.
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
