The Chinese Hack Attack


Interesting article came out yesterday saying “hackers in China are believed responsible for four out of five major cyber attacks on government targets in 2007”. 

http://news.yahoo.com/s/ap/20071129/ap_on_hi_te/mcafee_cybercrime_report;_ylt=Anbi.FL2E0D0ceU15GAZZ94E1vAI

Although, I’m in no place to confirm or deny this research my experience shows that the majority of actual incidents (The organization has been hacked) usually come from ASIA pacific (Korea, China) or from internal employees.

To protect from the ASIA pacific consider blocking the IP ranges listed in my IP Blacklist Post.  Internal incidents are usually a result of too much trust of internal employees and lack of segregation of duties between functions.

Malware Embedded in Advertising – What is the Solution?


Malware is everywhere and becoming one of the most common security threats in the industry.  The link below provides some insight into the seriousness of this issue.

There really is not a great solution for this problem at this time, but how can a company that serves adds mitigate the risk.  There are several ways.

  1. Ensure all ads that are uploaded are hashed in some way to ensure the add being delivered is the add uploaded by the client.

  2. Use file monitoring tools like tripwire on image servers to help ensure that adds are not modified.  This will also help provide proof if there is an actual attack on the add server.

  3. Scan adds with anti-virus software.  Although this will not catch everything it will catch some of the files.

  4. Scan adds for known malware URL’s to prevent phishing type attacks.  (This is like a signature based solution and takes a great deal of maintenance to keep up with the attackers)

  5. Hope someone comes up with a good solution that can regularly scan all the adds for malware.

The above will help limit the liability of the ad company serving adds and has some preventive measures that can be implemented to protect both the add companies brand and their customers who may be uploading malware adds without knowing it.

IP Address BlackList


IP Address Blacklists are great for short time security events.  This information is important for a paper that I am working.  It took me a while to find this information again.  I actually had to dig into an old email file to get all of the information because typical internet search engines were not providing good results. 

Here is a good list of IP addresses and ranges that can be blacklisted to help prevent DOS attacks, etc.  Before using this list be sure your organization does not have clients in the below ranges.   

 Dshield Top 10 Attack IP’s

http://www.dshield.org/top10.php

  •  074.052.180.114
  •  218.003.209.174
  •  211.106.172.081
  • 195.068.089.211
  • 121.015.253.104
  •  218.004.137.213
  •  202.062.224.090
  • 150.164.029.253
  •  058.215.065.237
  •  218.006.009.099 

Dshield Recommend Block List

http://feeds.dshield.org/block.txt

 

Start End Country
121.150.29.0 121.150.29.255  
64.80.28.0 64.80.28.255  
81.3.254.0 81.3.254.255  
139.55.62.0 139.55.62.255 US
139.55.82.0 139.55.82.255 US
203.152.123.0 203.152.123.255 NZ
196.22.194.0 196.22.194.255 ZA
139.55.113.0 139.55.113.255 US
81.3.248.0 81.3.248.255  
202.144.113.0 202.144.113.255 IN
139.55.97.0 139.55.97.255 US
121.18.13.0 121.18.13.255  
81.3.250.0 81.3.250.255  
121.18.12.0 121.18.12.255  
139.55.103.0 139.55.103.255 US
74.86.127.0 74.86.127.255  
200.207.155.0 200.207.155.255 BR
206.51.136.0 206.51.136.255 CA
85.88.191.0 85.88.191.255  
217.175.179.0 217.175.179.255  

 Asia Pacific Black List

http://www.apnic.net/db/ranges.html#country

  •  58.0.0.0/8
  •  59.0.0.0/8
  •  60.0.0.0/8
  •  61.0.0.0/8
  • 116.0.0.0/8
  • 117.0.0.0/8
  • 118.0.0.0/8
  • 119.0.0.0/8
  • 120.0.0.0/8
  • 121.0.0.0/8
  • 122.0.0.0/8
  • 123.0.0.0/8
  • 124.0.0.0/8
  • 125.0.0.0/8
  • 126.0.0.0/8
  • 169.208.0.0/12
  •  202.0.0.0/8
  •  203.0.0.0/8
  •  210.0.0.0/8
  •  211.0.0.0/8
  •  218.0.0.0/8
  •  219.0.0.0/8
  • 220.0.0.0/8
  • 221.0.0.0/8
  • 222.0.0.0/8 

New Foundstone Blog


Its about time!  Foundstone Professional Services has been added to the Avert Labs research blog.  So now the makers of all the free hacking tools are accessible online.  Check it out there are already some great posts. 

 http://www.avertlabs.com/research/blog/index.php/category/foundstone/

I’ve also added it as a Blogroll.