ad info

 
CNN.com  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


Web sites unite to fight denial-of-service war

Network World Fusion

(IDG) -- With February's massive distributed denial-of-service attacks still fresh in their minds, a group of companies operating some of the best-known Web sites on the planet will call on ISPs, Web hosters and each other to join forces to prevent future attacks.

Amazon.com, eBay, Charles Schwab and Yahoo will be among the firms uniting at NetWorld+Interop 2000 in Atlanta to lay out recommendations for blocking distributed denial-of-service attacks.

Although it is unclear how the group will attempt to enforce its suggestions, the companies' buying power could speak volumes.

As a start, sources say the e-commerce giants will call on Web-hosting providers and ISPs to put systems in place that will let them exchange information about attacks with each other and law enforcement agencies.

The group also will recommend that service providers install intrusion-detection software, firewalls and other tools so the process of detection, IP filtering and blocking can occur in a more automated way.

That's definitely not how the massive distributed denial-of-service attacks were handled during that fateful week last winter. The world then discovered just how vulnerable e-commerce can be to a marauder exploiting freeware to shoot IP floods at routers and Web servers. The February attacks, by all accounts, resulted in service providers such as UUNET and Exodus manually reviewing router logs and Web server records, frantically working to cut off the massive IP floods.

The culprit in that case was apparently a 15-year-old Canadian teenager with the hacker name "Mafiaboy," who was apprehended in April by Canadian police after he bragged on Internet newsgroups that he launched at least one of the attacks (the one is which CNN.com was disabled). He has since pled guilty and awaits trial, where, as a minor, he faces a possible sentence of two years in a youth detention center.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Network World Fusion home page
  Free Network World Fusion newsletters
  Security, the way it should be
  Web attackers run roughshod
  Reviews & in-depth info at IDG.net
  E-BusinessWorld
  TechInformer
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for network experts
  Search IDG.net in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

While no further massive distributed denial-of-service attack has felled these e-commerce giants since last winter, the ground-shaking event became a call to arms for Amazon.com, eBay and other victims.

In each case where the e-commerce sites were crippled by massive IP floods, the floods stopped after three to four hours. In retrospect, many now believe the actions taken by the ISPs and Web-hosting providers were of little value. It seems more probable that Mafiaboy simply turned off his remotely controlled massive IP attacks. He apparently triggered the attacks by manipulating compromised servers at universities and elsewhere which were infected with the distributed denial-of-service attack code.

After that devastating week of chaos and fear across the Internet, several of the victims quietly formed the Bay Area DDOS Working Group and started a private mailing list. The group worked with the Web-hosting providers, security product vendors and other network companies to fashion a better line of defense.

Check Point Software, Cisco, Lucent, IBM, SAIC and Network ICE, among others, got involved after the mailing list was started.

This week, several members of the loosely knit group are expected to endorse a technical approach to filtering traffic and coordinating information sharing.

While Schwab and eBay last week confirmed they will make an appearance to outline their Web defense plans, the companies declined to say much more.

"We have been working with federal authorities, user companies and vendors," an eBay spokesperson says. "If we work as an industry, we can be sure there's an industry solution to the problem."

Sources say the group is expected to point to Cisco's ingress/egress router filtering, defined in the Internet standard RFC 2267, as a way to use routers to defend against distributed denial-of-service attacks through rate limiters.

There have been a number of Internet Engineering Task Force security proposals, including one called ICMP Traceback Messages, or iTrace for short, that won't prevent distributed denial-of-service attacks, but would help trace distributed denial-of-service attacks to their source. However, such technology would need to be rolled out across the entire Internet backbone and all trace routers. That kind of change would take many months to complete.

The anti-distributed-denial-of-service group points out that security is a network management issue, and the right set of tools need to be in place to protect systems. The group will ask Web-hosting providers and ISPs to utilize intrusion-detection software to spot problems early.

Different intrusion-detection products can't share attack information directly with each other due to lack of interoperability across vendor boundaries. But these products can capture basic data that can be shared with service providers and law enforcement through e-mail or other means to trigger a security alert and start the processing of tracking the attacker through multiple networks.

William Yeack, an executive vice president at Exodus, declined to say much about this week's announcement, but did reveal that Exodus will start providing a service to do this kind of intrusion detection and tracking distributed denial-of-service attacks for a fee.

Some users say Exodus and other Web-hosting providers have a long way to go to impress them.

Ventro, the Mountain View, Calif., firm that operates half a dozen business-to-business exchanges, uses Exodus for Web hosting. "It's critical that Exodus and others be prepared for denial-of-service attacks, but in terms of security, bandwidth and availability, [they are] not there yet," says Pierre Samec, executive vice president and chief technology strategist at Ventro.




RELATED STORIES:
New denial-of-service attack tool uses chat programs
September 6, 2000
Denial-of-service threat gets engineering community's attention
July 25, 2000
Canadian juvenile charged in connection with February 'denial of service' attacks
April 18, 2000
Avoiding future denial-of-service attacks
February 23, 2000

August 10, 2000

RELATED IDG.net STORIES:
EBay, Amazon, Buy.com hit by attacks
(NW Fusion)
Web attackers run roughshod
(NW Fusion)
Panel testifies on cyber attacks
(IDG.net)
DoS attacks: A problem of the information age
(SunWorld)
Security, the way it should be
(Computerworld)
Popular firewall vulnerable to denial-of-service attacks
(Computerworld)
Update: Mafiaboy attacks could have been stopped
(Computerworld)
Users on guard against new denial-of-service tool
(Computerworld)

RELATED SITES:
Tools to test your network's vulnerabilities
Exodus
UUNET

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.