Tuesday, December 1, 2009

Free Internet Tool Paints Picture of Stealthy Attacks

http://www.darkreading.com/vulnerability_management/security/intrusion-prevention/showArticle.jhtml?articleID=221901483&cid=nl_DR_DAILY_2009-12-01_h

I gotta say, one of the most baffling aspects of the various kinds of vicious attacks against our computers is the hidden nature of what is going on behind the scenes. For many years, it has been obvious that when your computer has been, or is being hacked, data is flowing in and out of your internet IP connection, but it seems impossible to catch the suckers in the act. Only after you suffer damage and know for sure that your are the subject of their tender ministrations will you take action to wipe them out - if you can.

This tool answers that need.

It allows a view of the various amounts and kinds of IP traffic in and out of your computer and by clever viewing of the logs of activity, it can give you insight into what is happening, and who - at least the attacker's IP address/domain - is the offending party.

I read the pdf file that comes with the article, and I must admit that I still am over my head as to most of the aspects of what and how it does its magic. So using this tool, which is a major advance in diagnostic software for IP traffic tracking, will still require some user training and education into the working of the IP system itself to be of much use. IE: you have to learn something.

But the payoff seems to be enormous. You can find out if anyone is hacking your system - even if it is some very subtle worm that only sends info once in a while, or receives info from multiple sources. A clever analysis of the types of transmissions to and from your computer can reveal a stealth culprit - even of the "storm worm" variety.

Unless a virus or worm disables the logging features or attacks this software itself, then the bad guys won't be able to remain hidden because they are forced to use the IP system to do their dirty work after they have gotten into your system. If they disable the software, that is kind of a "duh!" clue that someone with evil intent has been busy in your computer.

You may have a problem keeping them out, but using this tool, you ought to be able to catch them at work. Knowing they are there and active is 90% of the battle.

Kudos to the developers! Kudos also to them for making it available, even in its prototype form, to the public for free! Thanks also to the darkreading.com site that keeps an eye out for such developments and clues us in.

This tool is going to be one that I will be following from now on. It is something that could be automated and sold as a simple package for novices to gain some insight into what is happening to their computers, even if they lack the sophistication to get subtle with their queries.

Maybe for a while, we can get a handle on the noxious vermin that have made life miserable and expensive for many innocent users of the internet.

No comments:

Post a Comment