ad info

 
CNN.com  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


Network World Fusion

Is a new Internet architecture needed?

February 25, 2000
Web posted at: 8:25 a.m. EST (1325 GMT)

(IDG) -- I got a call from a reporter the other day. He wanted to talk about the denial-of-service attacks on prominent Internet sites, including Yahoo, CNN and eBay. It is true that the Internet architecture's openness makes the kinds of attacks that we saw a couple of weeks ago easier to launch while, at the same time, making it harder to track down the perpetrators. But it is that same openness that created the economic engine that the Internet has become. He did have some idea what was going on (not always the case when I get such a call), but he seemed to want me to say that the architecture of the Internet needed to be changed to deal with such attacks. I declined to do so.

 RESOURCES
 
  QUICKVOTE
Do you believe the parties responsible for last week's attacks will be caught?

Yes
No
View Results
 
  ALSO
Tracking Web site attacker requires persistence, technology and luck

Windows PCs become tools for DoS attacks
 

We need to be very careful not to overreact to the extent of killing the features that have made the Internet successful.

There were two different types of attacks that were used in the recent incidents - SYN flooding and smurf attacks. I wrote about smurf attacks almost two years ago and SYN attacks have been known about for quite a while. Attackers using these techniques depend on forging the source addresses of the packets they send in order to hide their tracks.

RFC 2267 describes how network managers can help protect the Internet from people or corrupted computers at their sites by ensuring that packets leaving the sites do not have forged source addresses. This RFC was published two years ago as an Informational RFC and has just been approved for republication as a Best Current Practices (BCP) RFC, a category that the IETF uses to label documents describing the best thinking on how to perform some function.

Filtering, as described in RFC 2267, is not a cure-all because not everyone does it, and it does not stop the attack itself. But it can make tracking easier. There are well-known ways that sites can protect themselves from the effects of SYN attacks and other ways to filter out some of the effects of smurf attacks. But we are now seeing calls for more drastic actions.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  The need for online identities
  All-in-one security device
  New hacking tools released to attack sites
  IDG.net's network operating systems page

At first glance one of the most attractive methods would be to require that all Internet traffic include authentication information so the sites would know to whom they are talking. The technology exists to do this. But this cure would be far worse than the disease because the same authentication would mean a perfect record could be kept of the activities of all Internet users - not a pleasant prospect for anyone who is remotely concerned with individual privacy.

Let's try to figure out how to address the problems raised by the attackers without requiring each of us to undress for governments and big business.

Bradner is a consultant with Harvard University's University Information Systems.




RELATED STORIES:
Net crime does pay for cops
February 24, 2000
Avoiding future denial-of-service attacks
February 23, 2000
FBI investigation swamped with tips, continue to seek Midwest 'Coolio'
February 16, 2000
The coming privacy divide
February 24, 2000
Internet2 team seeks speedy apps
February 24, 2000
Insufficient computer security threatens doing business online
February 23, 2000
Rebuffed Internet extortionist posts stolen credit card data
January 10, 2000
A visit to Stanford's Internet2 GigaPoP
November 3, 1999

RELATED IDG.net STORIES:
I2: The Internet for humans
(Sunworld)
The need for online identities
(Infoworld)
New national e-architecture in the works
(FCW)
All-in-one security device
(Network World Fusion)
New hacking tools released to attack sites
(IDG.net)
Avoiding future denial-of-service attacks
(Network World Fusion)
How to guard your online privacy
(PC World)
How to prevent Web attacks
(The Industry Standard)

RELATED SITES:
RFC 2267
Internet Security Systems
Q&A about the DOS attacks
Defining strategies to protect against TCP SYN attacks

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.