Sun Says Fixes in Place to Stop Solaris Attacks

Sun Microsystems Inc. admits that many of its servers have been victimized by Denial of Service (DoS) attacks during the past few months, but in the same breath says the problem has been fixed. It's just that users aren't taking advantage of the patches that are readily available.

"The solution for the problem has been issued already. This is a problem that's come and gone," said Russell Castronoval, public relations manager for Sun Solaris. "They [the attacks] can happen if a person hasn't kept things up to date."

In some cases, Sun released operating system patches as much as six months ago as a deterrent to DoS attacks, Castronoval said.

Patches are available for Solaris 2.5.1 (Sparc and Intel), Solaris 2.6 (Sparc and Intel), and Solaris 7 (Sparc and Intel), at http://sunsolve.sun.com/.

The DoS attacks capable of crippling Sun servers have come in the form of Trojan-horse software attacks implementing stacheldratht -- the German for "barbed wire" -- trin00, the Tribal Flood Network, and TFN 2000, according to alerts by the Computer Emergency Response Team (CERT), the National Infrastructure Protection Center (NPIC), and the SANS Institute.

The trojans are deployed by master computers to assemble and control the infected machines with commands to continuously bombard sites with bogus flood packets, ultimately clogging up the traffic stream and shutting down sites both large and small, including Solaris-run sites.

Researchers from the SANS Institute said the most common paths used to compromise systems to insert trojans have been weaknesses in remote procedure call (RPC) implementation.

Sun Microsystems, in Palo Alto, Calif., is at http://www.sun.com.

Join the newsletter!

Or
Error: Please check your email address.

More about CERT AustraliaComputer Emergency Response TeamIntelSANS InstituteSun MicrosystemsThe SANS Institute

Show Comments