Strange net traffic could herald new attacks
|
Strange packets of data found on the internet are worrying net security experts.
Some believe that the data packets are part of a new scanning tool that maps networks and reports vulnerabilities it finds.
So far the strange packets are no threat as they do not automatically attempt to spread themselves to other networks.
Experts also point out that the program producing the strange packets of data is riddled with bugs that prevent it working very well.
Attack tool
The net works as well as it does because any data you want or send is broken down into chunks, or packets, before it is despatched into cyberspace.
One of the key parameters of these data packets is the amount of data they can transport without needing a response from their destination.
Tweaking this parameter helps speed up or improve the reliability of data transfer.
The strange data packets are being closely watched
|
Since May net security experts have caught data packets travelling across the net that have an abnormally large data window size of 55,808 bytes.
Efforts to track down the source of the large data packets have proved largely fruitless.
The data packets are thought to have been despatched by computers infected with a hidden, or trojan, program that seems to be trying to map network addresses and link them with the computer resources sitting behind them.
Many attempts to crack networks begin with computer vandals using scanning tools to root out weak points that can be easily penetrated.
Experts believe that the strangely sized data packets are part of a distributed scanning or probing system that reports what it has found to other systems infected with the same program.
Security firms Intrusec and Internet Security Systems have issued warnings about the data packets.
ISS believes the packets are being formed by a scanning tool called "Stumbler". However, other security firms dispute this explanation.
Experts say the scanning tool is little threat because its poor design prevents it quickly sharing and acting on any information it finds.
However, some security experts believe that the badly formed packets are evidence of a new type of scanner that could slip past existing detection systems and be used to knock sites offline by swamping them with bogus data.
Security experts are continuing to monitor the activities of the strange data packets.