Skype可提供僵尸网络控制
Skype could provide botnet controls
Skype可提供僵尸网络控制
by Joris Evers
作者:Joris Evers
翻译:endurer
2006-02-17 第1版
Keywords: VoIP and IP telephony | Security threats | Hacking | Spam and phishing | Viruses and worms
关键字:VoIP 和 IP telephony | 安全威胁 | Hacking | 垃圾邮件和网络垂纶 | 病毒和蠕虫
英文来源:http://techrepublic.com.com/2100-1009_11-6031306.html?tag=nl.e044
Takeaway:
Net phone services could allow cybercriminals to launch attacks without being detected, a communications group has warned.
概述:
一个通讯团体曾经发出警告,网络电话服务能让网络罪犯发动打击而不被检测到。
Internet phone services such as Skype and Vonage could provide a means for cybercriminals to send spam and launch attacks that cripple Web sites, experts have warned.
专家曾经发出警告,诸如Skype和Vonage之类的网络电话服务可为网络罪犯提供发送垃圾邮件和发动对有残破网站的打击的方法。
Moreover, because many voice over Internet protocol applications use proprietary technology and encrypted data traffic that can't easily be monitored, the attackers will be able to go undetected.
此外,因为一些语音,是使用专利技术和不易被监控的加密数据的Internet协议使用程序来交流的,打击者将能不被检测到。
"VoIP applications could provide excellent cover for launching denial-of-service attacks," the Communications Research Network said Wednesday. The Communications Research Network is a group of industry experts, academics and policy makers funded by the Cambridge-MIT Institute, a joint venture between Cambridge University and the Massachusetts Institute of Technology.
“VoIP使用程序能为提倡回绝服务打击提供极好的掩护,”Communications Research Network周三说。Communications Research Network是一个行业专家,实际和计谋制定者团体,为其提供基金的剑桥-麻省理工学院团结研讨所(CMI,The Cambridge-MIT Institute)是由剑桥大学和麻省理工学院合股的。
《endurer注:1。joint venture 合股》
The group urges VoIP providers to publish their routing specifications or switch to open standards. "These measures would...allow legitimate agencies to track criminal misuse of VoIP," Jon Crowcroft, a professor at Cambridge University in the U.K., said in a statement.
该团体敦促VoIP提供商公然路由规范或开关为开放标准。“这些措施将...容许合法代理追踪罪犯对VoIP的滥用,”英国剑桥大学传授Jon Crowcroft在一个声明中说。
《endurer注:1。U.K. 英国, 团结王国》
Essentially, some of the features to protect VoIP applications can now be used maliciously, Crowcroft said. "While these security measures are in many ways positive, they would add up to a serious headache if someone were to use a VoIP overlay as a control tool for attacks," he said.
其实,一些用来掩护VoIP使用程序的特性如今被恶意利用,Crowcroft说。“虽然这些安全措施在很多方面是积极的,如果或人利用VoIP笼罩作为打击的控制工具,它们合起来是令人很头痛的。”他说。
《endurer注:1。in many ways 在很多方面
2。add up to 算计达》
In a denial-of-service attack, a flood of information requests is sent to a Web server, bringing the system to its knees and making it difficult or impossible to reach. Today, such attacks often involve many hacked computers, so-called "zombies," that have been networked in a so-called "botnet."
在回绝服务打击中,信息请求洪水被发送到Web服务器,使系统屈服,很难或不克不及抵达。今天,这样的打击每每包括一些被hacked的机算机,这些被称为“僵尸”的计算机被构成网络,该网络名为“僵尸网络”。
《endurer注:1。bring sb. to his knees:迫使或人屈服》
Cybercriminals rent out use of their botnets on the black market. About 60 percent of the world's spam is sent through such compromised computers, and the zombies are also used in extortion schemes where a Web site owner is told to pay or face a denial-of-service attack.
网络罪犯们在黑市上出租他们的僵尸网络的使用权。天下上大约60%的垃圾邮件是通过这种受害计算机发送的,这些僵尸(电脑)也被用于勒索筹划,网站所有人原告知付钱或面临回绝服务打击。
《endurer注:1。rent out 租出》
Botnets are typically controlled by an attacker via Internet Relay Chat. Zombies listen for instructions from their masters on IRC channels. Investigators monitor those channels to help catch cybercriminals, and Internet service providers can block traffic to the IRC servers used by zombies in order to thwart attacks, experts have said.
僵尸网络通常由打击者通过Internet多线交谈(IRC)控制。僵尸(电脑)监听其控制者在IRC频道发出的指令。调查职员监控这些频道有助于抓获网络罪犯,Internet服务提供商可以阻塞被僵尸(电脑)利用的IRC服务器的交流以拦阻打击,专家们曾经指出。
VoIP applications such as eBay's Skype and Vonage could give cybercriminals a better way of controlling their zombies and covering their tracks, the Communications Research Network said. "If the control traffic were to be obfuscated, then catching those responsible for DoS attacks would become much more difficult, perhaps even impossible," the group said in a statement.
诸如eBay的Skype和Vonage这样的VoIP使用程序可赐与网络罪犯控制僵尸(电脑)和隐蔽打击的更好方法,Communications Research Network说。“如果控制交流被扰乱,那么抓获这些DoS打击责任人将变得更困难,乃至不大概。”该团体在声明中称。
《endurer注:1。responsible for 为...负责;是形成...的缘故原由》
There has yet to be an instance of an online attack launched through a VoIP application, but the Communications Research Network believes it is only a matter of time. "If left unresolved, this loophole in VoIP security won't just decrease the likelihood of (attack) detection and prosecution, it could also undermine consumer confidence in VoIP," the group said.
还没有通过VoIP使用程序发动的在线打击实例,但Communications Research Network相信这只是时间题目。“如果置之不睬,VoIP安全中的毛病将不但仅会低落(打击)检测和起诉的大概性,还将破坏消耗者对VoIP的信任,”该团体说。
《endurer注:1。It's only a matter of time. 这只是时间题目。
2。consumer confidence 消耗者信任》
Communications Research Network contacted VoIP providers with its concerns, it said. Skype and Vonage did not immediately respond to a request for comment.
Communications Research Network说它带着关怀联系VoIP提供商,Skype和Vonage没有立即相应。
《endurer注:1。with concern: 关怀地(担心着)》
- 文章作者: 福州军威计算机技术有限公司
军威网络是福州最专业的电脑维修公司,专业承接福州电脑维修、上门维修、IT外包、企业电脑包年维护、局域网网络布线、网吧承包等相关维修服务。
版权声明:原创作品,允许转载,转载时请务必以超链接形式标明文章原始出处 、作者信息和声明。否则将追究法律责任。
TAG:
|
评论加载中...
|
