Eric Lai
SAN FRANCISCO: Despite a series of costly attacks that have shut down some of
the Internet's best-known sites over the past year, experts say it is still
easier to launch an assault like the one that stunned Microsoft this week, than
it is to prevent it.
In fact, the type of denial-of-service attack reported by Microsoft this week
has become so routine that major sites are the regular targets of similar, more
limited attacks, experts say.
"Each site that we monitor is attacked almost every single day,"
said Amit Yoran, chief executive of network security firm, Riptech Inc.
"When I say the Internet is a hostile environment, it's a hostile
environment."
Denial-of-service attacks, in which a Web site is bombarded by a crippling
burst of messages, are a blunt instrument in the hacker arsenal, but a
proliferation of online tools has made it easier for a younger generation of
hackers to use them to bring down major sites. Meanwhile, commercial software
that would intercept an attack before it could move past a crucial threshold -
providing a kind of defensive shield - is still in development or has found a
slow uptake on the Internet.
"If you're being attacked, there's not a whole lot you can do to stop
it," said Mitch Hryckowian, head of network security for Interliant Inc.,
which hosts Web sites. And "even where tools and patches are available,
people aren't taking advantage of them."
That slow response comes despite wide-spread industry hand-wringing following
last February's crippling denial-of-service attacks on seven major Web sites,
including Yahoo! Inc., eBay Inc., Amazon.com Inc., and Excite.
A 16-year-old from Montreal operating under the nickname "Mafiaboy",
last week pleaded guilty to 56 charges related to those attacks, which caused
damages estimated as high as $1.7 billion in lost sales.
Microsoft, a target
Microsoft Corp. said that its Web sites were hit by denial-of-service
attacks on Thursday and again on Friday morning. In a statement, Microsoft's
chief information officer, said that while no customer data was compromised by
the attacks, the company had not deployed "sufficient self-defense
techniques" at what it described as the front-end of its networks.
Denial-of-service attacks have plagued the Internet since 1987, when a
computer virus written by a Cornell University student crashed e-mail servers
worldwide.
"This is not a new problem to the Internet. It's one of the old
classics," said Yoran.
Distributed denial-of-service attacks, used by Mafiaboy last year, involve a
hacker taking control of hundreds or thousands of "zombie" computers
to launch an attack.
The basic technique remains the same: flood the target - either the computer
hosting the Web site or a router, which directs traffic - with millions of junk
messages. The result: sites that slow to a crawl or refuse to download at all.
Blocking the offending traffic is no easy task. The packets are virtually
indistinguishable from legitimate Internet data, and can originate from many
sources. To the untrained eye, a denial-of-service attack simply looks like an
increasing mob of visitors to the Web site - until it is too late.
The potential damage caused by a denial-of-service attack is increasingly
disproportional to the effort involved to launch one, industry watchers said.
"It's really the most mundane" sort of hack, said Yoran.
The proliferation of sophisticated hacker tools are now allowing "script
kiddies" - hackers barely in their teens - to get in the game, Hryckowian
said.
Universities, with their big Internet pipes and lax security policies, have
been seen as favorite sources of zombie computers from which to launch attacks.
But many home users - especially those with broadband connections like cable
modem or digital subscriber line (DSL) - may also be unwitting accomplices.
Better technology, stiffer penalties
Some emerging companies, like Seattle-based Asta Networks and Boston-based
Mazu Networks, are bringing out products which promise better prevention of
denial-of-service attacks.
Mazu, for instance, is developing hardware that builds statistical models of
traffic so that when deviations occur, as in a denial-of-service attack, it can
block the packets before they hit the Web servers, said Phil London, Mazu's
chief executive. The hardware also keeps legitimate traffic moving through
quickly - unlike many firewall-type solutions.
Others say the solution is to force the Internet service providers, who
unwittingly transmit the bad traffic, to take some responsibility for shutting
them down. But other experts doubt that ISPs have the ability to cooperate.
"ISPs are really like a highway system, they're not set up to do more
than let traffic go through," said Yoran.
Which is why still others advocate the ultimate get-tough measure: making
owners of computers repeatedly hijacked to launch denial-of-service attacks
liable for damages.
"You see the government going after the perpetrator, but what about the
bandwidth provider?" London said. "I think you'll see this tested in
court this year."
(C) Reuters Limited 2001.