|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||
|
Mirage Networks Stops Zero-Day Exploit of Microsoft DNSApril 19, 2007; 02:07 AM The Rinbot variant seeks to establish an Internet Relay Chat backdoor, giving the exploiter complete control over the compromised system. The worm scans the network for a vulnerable server, against which it launches a series of exploits, including one that takes advantage of the DNS software weakness. When successful, the worm conscripts the machine into a botnet that allows the attacker unrestricted remote access to the system. “This exploit is especially troubling because it targets servers, which have fairly unrestricted access to other servers and typically do not submit to network access control scans on entry,” said Grant Hartline, chief technical officer for Mirage Networks. “This means that even if a patch is made available, administrators cannot themselves enforce a system-wide application of the patch. Rather, they must work with the teams individually responsible for each server to perform the upgrade. Additionally, the exploit specifically targets and commandeers DNS servers. These servers play a critical role in the company’s public Web presence.” Mirage Endpoint Control thwarts this attack by flagging the IP-based reconnaissance activity of the worm as threatening behavior and quarantining the system responsible for the suspicious sniffing. “IP-based port scanning is one of the hallmarks of malicious software, so when Mirage Endpoint Control detects this activity, it triggers a quarantine of the offending device. This and other behavioral rules are the backbone of Mirage Endpoint Control,” said Hartline. “Behavioral rule-based security gives our network access control technology an unparalleled ability to quarantine a dangerous system before it causes a catastrophic network-wide infection without relying solely on entry-based scans.” By relying on behavioral rules rather than agents, signature files, and patches, Mirage Endpoint Control ensures effective containment of network threats even if, as in this case, no patches have been issued to correct the underlying problem. About Mirage Networks Mirage Networks, Inc. is the leading provider of Network Access Control (NAC) solutions, including both pre- and post-admission security. The Austin, Texas-based company's patented technology gives organizations control over unknown, out-of-policy, and infected devices resulting in increased network uptime, policy compliance and reduced operational costs. Mirage's NAC appliances work in all network environments, deploy out-of-band and require neither signatures nor agents to enforce policies and terminate zero-day threats. Mirage Networks' Endpoint Control is a consistent winner of industry awards and recognition. Learn more at http://www.miragenetworks.com. |
Copyright © 1998 - 2018 DevStart, Inc. All Rights Reserved |