Stumbler mapping networks for future attacks

Thursday, 26 June 2003, 2:28 PM EST

The recently discovered Stumbler network-mapping tool represents a variety of malware that leaves enterprises with little in the way of defense, other than to lock down networks and employ intrusion detection, experts said.

At first, some researchers considered Stumbler a Trojan horse program, but Neel Mehta, a research engineer with Atlanta-based Internet Security Systems Inc.'s X-Force research team, isn't so sure. "It's hard to characterize," he said, noting that Stumbler doesn't enable unauthorized access like a Trojan does.

Stumbler doesn't fit cleanly into a line of the malware family tree. It can be best described as a distributed network-mapping program, Mehta said. It uses a TCP SYN probe with a window size of 55808 to explore networks. Stumbler spoofs its source IP address to cloak where the probe originated.

Stumbler's job is to probe networks for open ports on hosts and firewalls. This information can then be used by the author to attack vulnerable systems. Its reconnaissance scanning is done randomly; it's not targeted at specific companies or sectors, Mehta said.

[ Read more ]




Spotlight

People will do anything for free Wi-Fi

Posted on 30 September 2014.  |  A new Wi-Fi investigation conducted on the streets of London shows that consumers carelessly use public Wi-Fi without regard for their personal privacy.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //