Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Group Offers to Sell Supposed Dragon IDS Code



 By: Dennis Fisher
2004-07-14
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Updated: The Source Code Club, which a member said comprises professional hackers in it for the money, says the code for Enterasys' intrusion detection system is available for $16,000. It also claims to have Nap

A group calling itself the Source Code Club is offering to sell files that it claims contain the source code for Enterasys Networks Inc.s Dragon IDS (intrusion detection system) software. The asking price: $16,000.

The groups rudimentary Web site, which is registered under a Ukrainian domain name, lists hundreds of files that appear as though they could indeed be source-code files. There is no way to tell whether the group actually has the code, although it claims to have obtained it by breaking into the Enterasys network.

"Enterasys is investigating the alleged theft of what may be a portion of source code of an older version of our Dragon IDS software. We dont expect complications from this situation, as we have made significant modifications to the product since the 6.1 version. To further protect their networks, customers running the older Dragon 6.1 version can go to www.dragon.enterasys.com to download the version 6.3 upgrade," said Kevin Flanagan, senior manager of corporate communications at Enterasys.

"Our continuing investigation indicates that any possible misappropriation of the code would have been linked to a physical theft of media and not a breach of our network. We base this conclusion on our review of the file structure on the Web site purporting to possess the code and our ongoing forensic analysis of our systems to ensure they have not been compromised. There is no indication that such a breach occurred. We are working with law enforcement authorities to investigate this situation and, therefore, we can provide no further details at this time."

Resource Library:
The group also claims to have the source code for the Napster client and server software, which it is offering for sale at $10,000.

Someone using the name Larry Hobbles posted a message to the Full Disclosure security mailing list Monday night saying that both the Dragon and Napster code were available for sale.

"The Source Code Club is now open for business. SCC is a business focused on delivering corporate intel to our customers. Our main focus is selling source code and design documents, but there are many other facets to our business," the message reads. "To get the ball rolling, we are now offering the souce [sic] code/design docs for both Enterasys Intrusion Detection System (NIDS/HIDS) and Napster server and clients."

The files listed on SCCs site appear to be from version 6.1 of Dragon; the current release is 6.3.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

In an e-mail interview, the SCC member who posted the message to Full Disclosure said the group is made up of professional hackers who are simply in it for the money.

"The Enterasys and Napster code were both acquired via a remote penetration of said corporate networks. SCC is not worried about the legal consequences of such actions for a number of reasons: 1) The countries where we originate from do not have hacking laws. 2) Our team has over 10 years in the information security industry. We know what we are doing," he said.

"Our motivation for selling the property is money and to put our skills to use. We do not only offer source code; there are many hacking services that we provide. We do not wish to continue offering source code publicly, but it is something that must be done initially to ensure the public that we are real."

Both the message and the groups Web site provide an e-mail address registered to a South African domain. The groups site says customers have the option of buying the code all at once or in smaller chunks, which supposedly allows the buyer to verify the authenticity of the code before committing to buying the entire archive.

Dragon is Enterasys flagship security product and is one of the more popular and well-regarded IDS systems on the market. It is both a network and host IDS.

Editors Note: This story was updated to include comments from an Enterasys representative.

Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.

Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:  



  Reader Comments: Group Offers to Sell Supposed Dragon IDS Code
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Dennis Fisher
 


x}r㶲s\@♵MQGJɖlkmyY{MT(S$I٣'ˮO7t%_&3S%\@h4I"f\8̢dw7郿K$wmL9P[ Ϡ^=WZj:@a5NzpDwd>B_'Щѩ€dB$tL|OTS_ƾQ/?6G LbhqF٨XC< tWü'~0h='@Ib/u)pcP e$,oQX|؁䛿Q=,2tĩM}! Ka> Bk4ًʏш(qGOw?0;/<Pcw̪0}dh9r4(`:x =3~4dЌnQ/! d4F#rb5#Ϟ~b>4 .ܪa?WuomZVuwcϙyֻI]T],q,U-M ͻ /dPtpXdQ=}9e V42MYU\WkaZJϢC L{ĥq3No?;/TU-/z `|`hiv5M-0n{'ݛyظ} ?Fb}"@DeR)I"0i'6tt<_MB^$9@FI?jj/Ղz H.C=I-Lcv=ӧH0CВF^8(Ja>gSK߾ڤ>>;O|bPUUz 12Ίgxo_-:nOZϗVGNפվ{H GtH Wh: -NZk_oG}o E[CyCm0Mߑj~Fb=jI>wIN,-90io,Yn_H.ża)XY|Dͼ94o o SE@- uj +:YK70) 4%y_5>Hr Ca)#8?̓EpJq䰉cYSl \捇BiOO2Xʅ U >I,A[!f}N} $y3DDȽ g3E94>BzBp4<01FpJn.b?uK󁮚girNTW꒬2Sb{gHKzc'fuEzW^?]{i8^$glh|* ]ezbcZ6Wje?VRa *aG'-djˠqaeBݠ#mfyw< `M6u1}J s65N8>h2胆:m5ƙh$ 47P}HOQI$7(x<s3 aKUԇR߭}PCGA :]TRml;>tPhSP<xwܛ@[S衟%]ѽ[:?`#0/ Z-{ BeV~m̢Pş}MrA}1sD{ʹiǀxԘ/.aHd˕F ] #RR,H6'I#r*Bl`@n!9 P,  +RR .:BI(r x%,R,ЂW-KᗄPQf9e2̈́VANDlPPW)`L)^\IIbЙn!@ )z٦ll.?ƖuV"k̲X]۽/ 7ryO_օVP= 2T%{ N-JƗZZ"JM;P>WL"HEɣ%ue2L?InPx{8`k+=P)\T5 Kb ՂZװYϚc; T 24` DolvCbx5^zǎ As,rsAz=X{vl-n9 18y<=Zjbq'Ea e@֨P8L->ka@/ı``K5ߛ Z%75f/nKI{y_ؕ.R\|rn X> LcTlb82-|O=͝tmļRF_` EEQ?O~2;2ne PY΁6mJr'jY$tEi.ڴ20Y(p,*'~'"!>|ڣs3R*/sW3g T'HZ+kP+RjV{m|3??=ehČR8pF#}y 6w'ϷTFi Y<\[JPt *tȕ6gs|<}j6v0adEe>fLZմdxTf/I;D# wKNJ R0=f^9/l'?L!IC8D"pLΨ-g>jנJ8@ CylRA)btxLǖ8)ѡ,Hr*-ÏV U#4T# a{0 XMQiRiQ9^RӲʧ𯔔ZӁQ~Ϲ6u4|X\.(``#>z0b*^W TuPݯʚuZu^4%mpH1)dzD4@+q8h tbk}r@l%Rq݌5"vzڀVIJhQ{_TMШ4> 37}&mo^g7d[̌<9u2D8ZA1J,;E9Ȳ5(_c1Jnbۤq:n&C2161ǐ\` ~oo'U`OW= BRճ(Rq$ {259p\Semiԭ57oE) Zxh RfL,RBw}BY`"M]1u%&jXO8,y܊5 c@@f"'wiŏkoȧ5rvݏG>+*~%եGQպm2TKbU)> +8rmUrhOḳزo<7i ތmcr; y|楲_-,sKiʌg _|r]rf)uyā5B/4]s▴Fyq )3k[qmKZ&iԔ5X0TiɊZW$XԚkEI= OL31hQ.ˤ̛oggk]4}3݀,+,<|͙gJPT]; 1 0`!0T}Q{D(s,E~w9ـo9 |R)TU+ ePDBRNbxtxW !i*6ǏWXO<dK!M7F@"'!rM+7 3bb\&мէݽ]V}" }MXޟUv٭vFd# ;?Jn;){ٗNxǀs5_u{~{y@DXyYsz֏ ﵲe珥%4sj뀔 Z>^w?]E&Ӹoٷ(!K1NCbwm ɾW2zV^5[tцi~py+ sG@*G~{!\4O;K5wH;m)^{%o=rH$BjwN/X G^9>o7OM1k&05hȼ<)!麫`JR os_,@Cppz g(n1xA\޴Ro4 jGY{.Nm{6-~=`Rr(SJ$M6'in&.s[5Kb).ȔRJ4:<A2ٞ$iYIzJ,bTeH(SQSQKzI3>evޜ,Hy9Yi@ybZӽM3Bmc%1jsdg[e # KQk q<\) |8RB[,>ɫI)jwaU! 0>9G3`ce5>¸*,K4+~Ubݩm3D95u<v'2Qf -dzP' _YL.40{믾]#Γd4W T16^j S>O4dkX / '伉~+ѻ݋^Q/,dk.}?H+I턟isP!KK$ɘNBAW5vn(rY9sJeO.vȔWN /Hƣb@Ɍ7CKҁ[&-3l#{zi9_3}KwK}E<c뻌wUGGww~wYnYUv9c<]M-/^Ss>]Eju@OKtGY_ QKwv{쬐ki\xlQ;Wg u'Ldј@.-vh14YAAXy !Vr8Grq&cx2HB%6÷Fp7. f_!O!%JJMc- !_к ŵcZǴ IpjulD[cCƓdǟcz sf2i p௹o_lXR| \@՞ M_}z2nm.ZQvc-F}7޿˷t8a86#,ҜiV+M&tş:98Y?~9+ֻǸ!c /h ewN3ٹ* ӯZ-?3Mra{rнc.J @dFZySԚ/#өi29tYkrzwĀ193f-SkYB'x(ٟ)CKڄ FWsHfYs)$ 캌Yؼbgx N$]c 2M SakH]69; + d.Ox帗c꣱fhsA Hx<-d0?k엋9 ڏ1> wz'o l'E~0n!R7+렳. .b# &.0.ݨ3peqb@P;rՊZFc}TdQAAxĊwKk~C& [> ? J=a\Q*N'E @{Ne6BAŤR0!R^:Ǚ>^]_>q<+”}@걕WE_L)Xv88` *@ i YauB&|MchMJ-?kxX$)T(O^ I% $N,@MrDϗW=&̂ ScR;$, bfoGQm`EykspxN{[ߔO'$Kmʮs_:`+ Fe: TʯBrڌꓰ~,y^7pQh"nJ1Ij{j9.ncemT)rLN*u]j G12F !t{GHbxtb1^䨅MɪdG7fTc1֑:. b ՔbV "a#dG8L`&'#(ؾֽڦDXy)"_R/vl~_:f>\ E> I"TTKJ9 23 H0 AI1ضkY삅Sc*mzo"͗T [.ciRsLCb|ɴq3jUݯeLd4a h B4=5'W}UX,J | X\1 YYYY kpa|kp,^(^N~{=SeDx5ڈ29tfݒLА&55X}iV`k԰1Ycnl\tC*P_ ڑL4 ү@-=RjY9H!A/*V&8a6`s_ۡWFa{/ƋِJ_lVs1i"| g71/3 wMU'au«.ݚ1PWn>pțq ,>0>wM}+]ơIܿ͐J?m:dKm`#K \C,tፑ ଱7BR_ :_!QҊ iǦ$t\*|$& ݋[f!D!F*l!"iZXS3*oHsDs)us'h=o6qaUU%*ħ =ylԍmHW@̓5.Tǎ/5MӰfE$ִLJё5+΂]҄}l0000߸ T*+fw%gt:v:l|ކ/`a oѠKgN8h,}mcbbוt+mZ3\/AkQTΣMc1<,4BL>SP.>D8$T~WVBEr{co"pPK paȮu\*/yw4|m[Dhg&̄ pK#cֳ/3 %a]v=`k<^-PY.lRm& ԑ,N:^H9u9a#|d`7d KKw5#jND@&{X78C?L2:s1D.~OO5x{uآuciYko #j35v6uɝmcyW&{13e|L$GF0+&;.WWa72^^.:fY{Ko Kx ƿ2I;rO|kgvS",^uvw@WtϠ6k1 R_tyi&]$%~?VPs&`lVG4YQdz\\&QVk:t)\芕P3HLnŴh>[Ҷ=W/!4SXubM$4F87?+V)c<rfn4͑h`P_EГw5ztowwv{41wjp)^"R7jT[=_E@kZb2$6M fPL,Ù@t}œsa1`C(:/!>=hT1P87I?žZ+X6W+H~,u`qF!iCz->6RW~"x?qT&ݦ!e lզIl1i":&M=_󒉲G~}' 9E fϒSaQM:'V燐"x$|Bt<;@ "uDgziRZ3ʑmOћ\ NU#jL7oo.qHj*VM ,yaqGÎ+G#0cY~'zCh^"J\xJsH+I#C!5{H id}$Fݡtyy`D{dh GʨX_[aZ$[Ԓ3rh!bQf':Ƣuϕǂa6}8b_j~OR.mgE*j@4`C"dhR$2ԟVVߡZ,Jvwk1 .ؑZjG@.([ӆ]Pv[#*9NjP/,ht`G>yԑ8nx##/FKyg@#UXl|链9 X鳏bi+1 M&?=w}rÏd1l˶C0ۏUztcMŲaLA! ĩޡ0s{YF^]O92YTp:0۱p pM[.{=yMh<#Ծ7=]}~9~K:hv`Wlm>ڲTm4υhwY&nX蜜ifMxDs)^Weg~RۈuX{070~" \/2yA@2 _eԿΠ11>jʠ _?}}ʠȿʇdw[ȿ͠[h6[ KuA~3ϚWqz~;9/GRȪ_~ʇ-IF>gȳJ3vڍnV`{J1g+^W} KJ+ƥw WY[xUy-k{Z1n6d b/ BU(X2M*+(78%]}fMJ 44k 7b]YDY0*}h:=WVv+aJY.ߔYnƊ6sLqϜOǽqa@BXkSPW}oND6KA1_wͣ,N5'H_hĻOEٞ<辉rc>v#~]¸x&`~niMڧ^[vt3k]Օq@Axa_ 9q?'OxWfw|4;(^w_qЙq֢@)+zyXkLg4?jAzOםgxuCחUٴ^d,mq4 9uQu8 % {Q&ƀ;'R?аs307xz ~g̞$h@Lt ;J*V*r;~G;F$ô{D(0#*+P#}a`U|;T,g/g2l]gJjCO\3CX.x}l-G PxmEt+cAV7/\tj^"^v:ic(<;#@(sYFlOBfC83Ϩ`2V-kD҃Yp䓿 t؝?i[Ìc,!i܃xql4QA{TXʹ)9T(U%a ̀N5Wે1/47 \=w1p*ر0NnpBb2 rBon<vu6| #0#V/%{R6bRFՏçcƠ}QA I0[,H,'cB꯿aXkt rV7Bf+Σ80̦I6$wl93CBGY<T#^0.?fu|q+6d1۪nG)\״DEK5 X 9c֯L_Gkg+jxB|(pIi`gĈ{/I>7I {!f7AMx+˄7,|Ͷ/w:YR/!Imy 0t;'SrC!֬Y`_CBb ;SVj͙*q9wI7\,AOd=:r& ~q8$DJ  Vj vE݉cFvtHϱf98ޚ0E# /mjcf\gHa.x<A_km8p5o2sJ &A,L\>oy^D, o*HSq1^RXsmqKunyDjcb~` [BI<`5_x|TLlsDo )@AekA/?tI3۱x&%mY dv.ychE*6\JT~3(HbHq@>av8|%K `C^ⶁE":}  q:a3YD:>yEPމik./[v4 SL+4$Rxy?Y uK 1m.A҄ O1K;u Ѫr!|x@ooiMb.C2J_vs[/'B`O)xH>%B6Iry5}~X>0EiѼ;ř"?P߯GVvLʙcSּA5|ylR$|C=Ay$O>jA@` V3|f7ZЮ36M&Sga+b2z(ͦ,1_\,@<P&=`B4<1@TFE@G7dqVĄFѵb\RJfrmuck 0M݄r["4pkq=dzИH pGg<;rg.Y^8XpT/$ o2b%_ydB/Я,#/XC0N3ʓe_:i^t?pJrC=C= a\'=fF\O}Vdwϻ1X745?^w?]4I2V; AHc定V4Yu+ߴeFkWy*F ϦkuEՄ;idMn+:cQEae=/jō`;+|(6lS24s_hj)BjxTʉY+J̭q;f¦[Hh bfղ7")