Repeated attacks usually involve a systematic probing of certain widely used network ports, looking for responses indicating that the host operating system may be vulnerable to attack. A recent CERT (Computer Emergency Response Team) incident note [CERT 98] alerts Internet network administrators of the existence of new cracker tools to perform repeated systematic attacks.
On July 9, 1998, CERT announced that a new intruder tool had been released by the cracker community which could be used to scan networks on the Internet for many different vulnerabilities. CERT received many reports in early July 1998 that the tool was in widespread use within the intruder community. The tool has the capability to test an Internet host for the following security vulnerabilities:
This is an example of the kind of sophisticated tools being developed and used within the cracker community. When such tools become widely available, they may be used by novice crackers to gain access to systems or otherwise disrupt operation of systems, however, they may also be utilized by systems administrators to test the vulnerability of their system and take appropriate security action.