From...

by Matt Hamblen

(IDG) -- The Systems Administration, Network and Security (SANS) Institute in Bethesda, Md., has issued an advisory for network administrators to help them avoid network attacks.

The advisory also is urging admininistrators to help "take the pulse of the Internet" during the coming holiday season, until Jan. 5, and report "suspicious network traces" to intrusion@sans.org.

The advisory, from Stephen Northcutt, calls on the 62,000-member SANS community to "isolate network traffic traces that represent attacks, to find the malicious code and to get the word out to people who can block it."

	ALSO
Feds leave doors open for hackers

Northcutt said SANS has been detecting evidence of increased network scanning, which is probably a search for Trojan horse software. He said two new examples of Trojan horse software have been analyzed by SANS, according to his memo dated Dec. 18.

MORE COMPUTING INTELLIGENCE

IDG.net home page

Computerworld's home page

Computerworld Year 2000 resource center

SANS Information Security awards: Shining a light

SANS Institute battles cyberterrorism

News Radio

Fusion audio primers

Computerworld Minute

Malicious hackers often scan numerous ports on a system to find vulnerabilities. SANS posted a sample scan detected by an administrator in Canada that showed probes on dozens of ports. "If your firewall or perimeter router is configured to only block a few 'dangerous' ports, this type of Trojan multiscanner could spell trouble for your site," Northcutt said in his advisory.

Attacks are more frequent in December because network administrators tend to not be working and high school and college students are at home with less to do, Northcutt said.

SANS will be working with the U.S. government's national Y2K watch center, which made a request to SANS for monitoring assistance, he said.