|Editions | myCNN | Video | Audio | Headline News Brief | Feedback||
Denial of service hackers take on new targets
(CNN) -- The denial of service (DoS) attacks Tuesday on major e-commerce Web sites and CNN Interactive were a common type of cyber-attack, but one that is normally used against Internet Service Providers rather than retail or news organizations.
While it is a little more complicated than meets the eye, a DoS attack can be avoided.
A DoS attack is commonly referred to as a "hack" because it is a malicious offensive against another computer system; but unlike most other hacks, it does not involve the attacker gaining access or entry into the target server. Instead, a DoS is a merciless stream of information sent to a target with the intention of flooding it until it crashes or can no longer take legitimate traffic.
The information is frequently in the form of "pings," which are small packets of data sent by one computer to another with the intention of checking to see if the other computer is accessible. The target computer responds to the ping and the connection is made. But if the pinger gives a false address, the target computer can't return the ping to make the connection. In that case, the target waits and finally gives up. In great amounts, this can overwhelm a server.
A distributed DoS attack is a concerted effort to take down a target. Instead of a one-to-one attack, many computers target a single one -- as would be necessary with a target as large as eBay or Amazon.
Besides the obvious tactic of having many users simultaneously flood a target, certain publicly available programs can be used so that one user can perform a distributed DoS. The programs are placed on compromised systems -- computers that have been successfully entered by the attacker before. The attacker merely needs to run a "trigger" program that tells the planted programs to begin their assault on the target. That kind of attack is not only formidable, but very difficult to trace back to the original source.
The programs that execute distributed DoS attacks can be found on many hacker Web sites in the United States, Russia, and several nations in between. Common in the community, these programs are easy so that even an inexperienced tinkerer can use them.
Beyond the program, though, a hacker also needs to have a great number of compromised systems on which to place the satellite programs. According to Carnegie Mellon University's CERT coordination center, which monitors and advises system administrators on computer security, the systems used to execute DoS attacks "are often compromised via well-known vulnerabilities." The group urges administrators to update their systems with the latest patches and workarounds.
Also, many of these programs leave telltale signs that some say can be used to block the malicious traffic before it becomes a problem.
"These programs have known signatures and the servers should be able to filter out that traffic," according to Space Rogue, the editor of the Hacker News Network, a computer security site. "The servers could identify those IP addresses (of the systems making the attack), then put those filters in place. It should have been done before."
'Magnifying glass burning a bug'
Even filtering out the traffic can be futile if the attack is large enough, according to Paul Holbrook, Director of Internet Technologies for CNN. CNN.com was targeted late Tuesday.
"In our case, what caused us trouble was not that we weren't filtering it out. We were filtering it, but the problem was that the routers were so busy filtering that that in itself compromised us. The routers still have to process each packet. The cure was putting the filter on a bigger router outside of our site," Holbrook said.
The distributed nature of the attack made it especially difficult to ward off the flood of data, Holbrook said, likening the mass assault to "a magnifying glass burning a bug on a hot summer day."
As to general Internet security, Holbrook echoes the sentiments of many network gurus charged with protecting such a huge and diverse target.
"The unfortunate truth is that it's an impossibility to ever completely close everything. There are so many systems on the Internet that it's just too hard to close them all."
These incidents are yet another reminder of the holes in the Internet security network, which administrators are constantly rushing to protect. Now, they're rushing a bit faster.
"It sure gives you a bad picture of Internet security today when you have five major sites taken down in a span of 36 hours," Space Rogue said.
Technology - Cyber-attacks batter Web heavyweights
HNN - H a c k e r N e w s N e t w o r k
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.