Advertisment

Balance of power favors crude hack

author-image
CIOL Bureau
Updated On
New Update

Eric Lai

Advertisment

SAN FRANCISCO: Despite a series of costly attacks that have shut down some of

the Internet's best-known sites over the past year, experts say it is still

easier to launch an assault like the one that stunned Microsoft this week, than

it is to prevent it.

In fact, the type of denial-of-service attack reported by Microsoft this week

has become so routine that major sites are the regular targets of similar, more

limited attacks, experts say.

"Each site that we monitor is attacked almost every single day,"

said Amit Yoran, chief executive of network security firm, Riptech Inc.

"When I say the Internet is a hostile environment, it's a hostile

environment."

Advertisment

Denial-of-service attacks, in which a Web site is bombarded by a crippling

burst of messages, are a blunt instrument in the hacker arsenal, but a

proliferation of online tools has made it easier for a younger generation of

hackers to use them to bring down major sites. Meanwhile, commercial software

that would intercept an attack before it could move past a crucial threshold -

providing a kind of defensive shield - is still in development or has found a

slow uptake on the Internet.

"If you're being attacked, there's not a whole lot you can do to stop

it," said Mitch Hryckowian, head of network security for Interliant Inc.,

which hosts Web sites. And "even where tools and patches are available,

people aren't taking advantage of them."

That slow response comes despite wide-spread industry hand-wringing following

last February's crippling denial-of-service attacks on seven major Web sites,

including Yahoo! Inc., eBay Inc., Amazon.com Inc., and Excite.

Advertisment

A 16-year-old from Montreal operating under the nickname "Mafiaboy",

last week pleaded guilty to 56 charges related to those attacks, which caused

damages estimated as high as $1.7 billion in lost sales.

Microsoft, a target



Microsoft Corp. said that its Web sites were hit by denial-of-service

attacks on Thursday and again on Friday morning. In a statement, Microsoft's

chief information officer, said that while no customer data was compromised by

the attacks, the company had not deployed "sufficient self-defense

techniques" at what it described as the front-end of its networks.

Denial-of-service attacks have plagued the Internet since 1987, when a

computer virus written by a Cornell University student crashed e-mail servers

worldwide.

Advertisment

"This is not a new problem to the Internet. It's one of the old

classics," said Yoran.

Distributed denial-of-service attacks, used by Mafiaboy last year, involve a

hacker taking control of hundreds or thousands of "zombie" computers

to launch an attack.

The basic technique remains the same: flood the target - either the computer

hosting the Web site or a router, which directs traffic - with millions of junk

messages. The result: sites that slow to a crawl or refuse to download at all.

Advertisment

Blocking the offending traffic is no easy task. The packets are virtually

indistinguishable from legitimate Internet data, and can originate from many

sources. To the untrained eye, a denial-of-service attack simply looks like an

increasing mob of visitors to the Web site - until it is too late.

The potential damage caused by a denial-of-service attack is increasingly

disproportional to the effort involved to launch one, industry watchers said.

"It's really the most mundane" sort of hack, said Yoran.

Advertisment

The proliferation of sophisticated hacker tools are now allowing "script

kiddies" - hackers barely in their teens - to get in the game, Hryckowian

said.

Universities, with their big Internet pipes and lax security policies, have

been seen as favorite sources of zombie computers from which to launch attacks.

But many home users - especially those with broadband connections like cable

modem or digital subscriber line (DSL) - may also be unwitting accomplices.

Better technology, stiffer penalties



Some emerging companies, like Seattle-based Asta Networks and Boston-based

Mazu Networks, are bringing out products which promise better prevention of

denial-of-service attacks.

Advertisment

Mazu, for instance, is developing hardware that builds statistical models of

traffic so that when deviations occur, as in a denial-of-service attack, it can

block the packets before they hit the Web servers, said Phil London, Mazu's

chief executive. The hardware also keeps legitimate traffic moving through

quickly - unlike many firewall-type solutions.

Others say the solution is to force the Internet service providers, who

unwittingly transmit the bad traffic, to take some responsibility for shutting

them down. But other experts doubt that ISPs have the ability to cooperate.

"ISPs are really like a highway system, they're not set up to do more

than let traffic go through," said Yoran.

Which is why still others advocate the ultimate get-tough measure: making

owners of computers repeatedly hijacked to launch denial-of-service attacks

liable for damages.

"You see the government going after the perpetrator, but what about the

bandwidth provider?" London said. "I think you'll see this tested in

court this year."

(C) Reuters Limited 2001.

tech-news