PHOTO - Sourcefire Malaysia country manager Ivan Wen.
One of the most common Internet threats targets a Denial-of-Service (DoS) vulnerability called 'Apache Killer', according to cybersecurity firm Sourcefire, which has announced a new defence against such an attack.
Sourcefire Malaysia country manager Ivan Wen said on 2 September 2011 that the company's Vulnerability Research Team (VRT) has set a new rule in its Open Source security programme - called 'Snort' - to protect customers against 'Apache Killer', which essentially is a Denial-of-Service vulnerability found on Apache HTTPD [Hypertext Transfer Protocol Daemon] Web Server.
"The 'Apache Killer' allow hackers to launch attacks remotely to take over a great amount of memory and CPU usage with only a few number of request directed at the targeted Web server," said Wen. "However, the 'Apache Killer' attack can now be detected by Sourcefire's Snort engine's HTTP Inspect preprocessor which has the option to block oversized HTTP headers. This functionality proactively detects new security vulnerabilities such as the 'Apache Killer' exploit."
"Being able to protect customers from the dangerous 'Apache Killer' DoS shows how the Sourcefire Snort engine is able to leverage enormous amount of protocol intelligence for deep packet inspection capability,' he said.
"By allowing customers to identify anomalous network traffic at a general level, the Snort engine provides detection ahead of the threat for a variety of new exploits," said Wen. "This flexibility gives network defenders the time they need to patch their networks, as well as protection in cases where a patch is not yet available, as with Apache Killer."
The Sourcefire Vulnerability Research Team VRT is a group of network security experts who proactively discover, assess and respond to the latest trends in hacking activities, intrusion attempts and vulnerabilities.
Sign up for Computerworld eNewsletters.