Stumbler mapping networks for future attacks

Thursday, 26 June 2003, 2:28 PM EST

The recently discovered Stumbler network-mapping tool represents a variety of malware that leaves enterprises with little in the way of defense, other than to lock down networks and employ intrusion detection, experts said.

At first, some researchers considered Stumbler a Trojan horse program, but Neel Mehta, a research engineer with Atlanta-based Internet Security Systems Inc.'s X-Force research team, isn't so sure. "It's hard to characterize," he said, noting that Stumbler doesn't enable unauthorized access like a Trojan does.

Stumbler doesn't fit cleanly into a line of the malware family tree. It can be best described as a distributed network-mapping program, Mehta said. It uses a TCP SYN probe with a window size of 55808 to explore networks. Stumbler spoofs its source IP address to cloak where the probe originated.

Stumbler's job is to probe networks for open ports on hosts and firewalls. This information can then be used by the author to attack vulnerable systems. Its reconnaissance scanning is done randomly; it's not targeted at specific companies or sectors, Mehta said.

[ Read more ]


The big picture of protecting and securing Big Data

Today almost every company is dealing with big data in one way or another – including customer data, tracking data, and behavioral marketing information – connecting every aspect of our lives. While this is a cutting edge use of technology, data monitoring can become dangerous when placed in the wrong hands.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Aug 28th