ad info
   personal technology

 Headline News brief
 news quiz
 daily almanac

 video archive
 multimedia showcase
 more services

Subscribe to one of our news e-mail lists.
Enter your address:
Get a free e-mail account

 message boards

CNN Websites
 En Español
 Em Português


Networks image
 more networks

 ad info



eToys attacks show need for strong Web defenses

December 21, 1999
Web posted at: 11:33 a.m. EST (1633 GMT)

by Ellen Messmer

Network World Fusion

(IDG) -- Network-based attacks against eToys last week and the emergence of a particularly destructive method for launching such raids are fresh reminders of the need for e-commerce sites to keep their defenses sharp.

Online retailer eToys has taken legal steps to prevent a Swiss art group from using the domain name Last week, that move prompted an Internet activist group to launch what are known as denial-of-service attacks on the toy seller's Web site with the intent of bringing it down.

Denial-of-service attacks involve the flooding of a Web site with bogus requests that wind up blocking legitimate ones. Denial-of-service attacks can be launched using any of dozens of programs available in hacker chat forums and on the Web, including new tools that enable attackers to bombard Web sites with traffic generated by thousands of machines.

Activist group RTMark attempted to justify its attack on eToys' Web site by citing the eToys vs. etoy case as the victory of corporate greed over art and freedom of expression. Declaring a war of revenge against eToys, RTMark sought to rally the public to use a denial-of-service tool called FloodNet to saturate the site with network ping floods.

RTMark also engaged the help of the Electronic Disturbance Theater - a hacker group claiming to attack sites only on behalf of social causes - to help cripple eToys or deface its Web pages.

"We're going to make an example of them," claimed Ray Thomas, a San Francisco-based accountant and RTMark's spokesman, describing how the group wants to "destroy" eToys. The group's Web site made available information, such as eToys' IP address, that would give attackers helpful ammunition to shoot eToys down.

Over at eToys, which has kept a great network-availability record during the holiday season, the e-commerce site showed only slight signs of problems. It slipped from 100% availability to 98% once the RTMark call for attack came, according to Internet online measurement service, Service Metrics.

Ken Ross, a spokesman for eToys, says the online toy store considers the technical defenses it is using against the protest group's sabotage to be "proprietary."

Security professionals have a number of recommendations for coping with such attacks, which are identified by strange names such as SYN Floods, LAND attack, Ping bomb, Ping O'Death, Fraggle, Smurf and WinNuke.

Security experts and e-commerce industry watchers believe denial-of-service attacks happen more often than they are reported. Most companies prefer not to acknowledge such attacks, often begging not to be identified in stories.

According to Paul Proctor, chief technology officer of CyberSafe's Centrax division, there are three categories of denial-of-service attacks.

One method involves flooding the line with ping traffic, or any "garbage to keep the router busy," Proctor says.

  Domain name bullying
  eToys vs. Toys R Us
  The war for's network operating systems page
  Reviews & in-depth info at
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for network experts
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Using another method, an attacker can send malformed packets that give routers, firewalls or switches a kind of network indigestion.

Attackers also can scare off Web visitors by making them think something is wrong or dangerous about the site.

The discovery earlier this month of a new, more dangerous kind of denial-of-service tool on the 'Net has security pros sounding the alarm.

The new type of tool, which includes variations called Tribal Flood Network and Trin00, enables attackers to invade Web sites with bogus messages sent from many machines simultaneously. Until now, denial-of-service tools have limited attackers to launching a single ping flood, which wasn't usually enough to fill up the T-1 or T-3 bandwidth typically available at an e-commerce site, says Chris Klaus, chief technology officer at Internet Security Systems.

But Unix-based Tribal Flood Network and Trin00 overcome that barrier by allowing a single user, by means of the appropriate client software, to launch a coordinated attack on a target from thousands of compromised machines in which the necessary server software has been installed.

"I call these compromised machines 'zombies' because of the intended use of them in denial-of-service attacks," Claus says. Attackers can remotely install Tribal Flood Network and Trin00 on unsuspecting hosts by exploiting buffer-overflow vulnerabilities or one of a handful of other vulnerabilities.

Claus says thousands of these ping-launching zombie machines have already been identified, many in university and government networks that are unprotected by firewalls.

This new type of ping flooding capability means that a single attacker at his desktop could masquerade as a huge group sending out disabling pings.

What if your site gets hit by a distributed denial-of-service attack? According to a recent CERT Coordination Center advisory, the target of an attack may not be able to rely on Internet connectivity for communications. CERT suggests that firms have alternatives to the Internet for data communications.

CERT also recommends that if you discover one of these distributed attack tools installed on your servers, realize that it might provide information useful in locating or disabling other parts of the distributed attack network. "We encourage you to identify and contact other sites involved," CERT says.

Known vulnerabilities are No. 1 hack exploit
December 17, 1999
DVD-hack concerns delay audio products
December 2, 1999
Activist defends DVD hack
November 8, 1999
Cyberattacks against DOD up 300 percent this year
November 5, 1999
DVD encryption hacked
November 5, 1999
Hacking contest spotlights many ways to attack Web sites
November 3, 1999

Domain name bullying
(The Industry Standard)
An eToy(s) story
(PC World)
eToys vs. Toys R Us
NFL sues site for cybersquatting
(The Industry Standard)
The war for
(The Industry Standard)
Senate approves anti-cybersquatting bill
Who's the master of your domain?
(PC World)
Year 2000 World
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RTMark - An online "sit-in" against eToys.
The First Amendment Project: SLAPP - Strategic Lawsuits Against Public Participation
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.