Disclaimer: This information comes from sources that cannot be verified. As such, make no assumptions about its completeness or accuracy. We endeavor to keep this information up to date as much as possible. Feel free to send comments/ updates to the Security News Editor.

November 20, 1997, TechWeb News

E-Commerce Sites Top Hacker Hit List
ByRutrell Yasin

If your company operates a high-visibility electronic-commerce Website, that site probably is experiencing as many as five serious security attacks per month, according to a new survey published by NetSolve. NetSolve, a provider of remote network management and security services, this week released the results of a study of its customer sites, which was conducted from May to September.

NetSolve engineers culled the data from customer networks by using NetSolve's ProWatch Secure remote network monitoring service. ProWatch Secure uses The WheelGroup's NetRanger intrusion detection system for detailed security analysis, according to Mike Turner, president of NetSolve, in Austin, Texas.

NetSolve performed the survey to give its users a better sense of the network security issues they face, Turner said.

"Very few have [hard] data to work from," Turner said. Using results from the survey -- which the company now hopes to conduct on a regular basis -- users will be able to make better decisions about the type of security tools and policies they need, Turner explained.

Most security surveys query organizations about suspected problems, so the information is based on subjective data, Turner said. By using NetRanger Sensors deployed at users' sites, NetSolve was able to gather data on actual alarms, including 550,000 security events, he said.

Based on an analysis of the data, NetSolve identified several trends.

For example, about half of the attacks on customer sites came from ISP addresses, rather than independently registered network addresses. Almost 100 percent of the attacks were targeted at electronic-commerce sites; 72 percent came from outside the United States.

The most prevalent attack on Web servers was the Common Gateway Interface (CGI)-bin attack, in which hackers attempt to modify information on servers. The second most-frequent attack was the Transport Control Protocol port sweep, which lets the hacker know if TCP services such as e-mail, File Transfer Protocol, or Telnet are running on a server, according to the survey.

During the period from July to September, the network monitoring service picked up an increase in attacks that incorporate the Internet Message Access Protocol's (IMAP) ability to modify remote access folders.

There also was a rise in the ICMP Storm attack, also known as the Smurf attack, over the past few months, said Carlos Gomes, a NetSolve engineer.

Despite the attempts to penetrate customer sites, ProWatch Secure disabled the hacking attempts before they caused any serious damage, Gomes said.