Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Security /

Lessons from distributed denial-of-service

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By M. E. Kabay
Network World Security Newsletter, 02/21/00

As most readers know, the distributed denial-of-service attacks of recent weeks involve the unauthorized installation of special client software on hundreds, or perhaps thousands, of poorly secured computer systems linked to the Internet. These so-called "slave" programs sit passively on the damaged systems, waiting for encrypted commands from a "master" program. The slaves are ready to bombard a selected target at a particular time with a flood of unwanted traffic. The volume is high enough to cause serious slowdowns in server response to user requests; in some cases the servers crash.

Some reports have claimed that overall response time on the Internet worsened by as much as a quarter during the attacks (one news story quoted a figure of 27%, ridiculously precise for such an estimate). Some analysts watching the stock markets estimated that paper losses supposedly caused by investor reactions to the attacks exceeded a billion dollars as share prices fell 2%.

Security experts have been warning for years that the 'Net is vulnerable to denial-of-service attacks. Donn Parker warned of automated computer crime in his 1998 book, "Fighting Computer Crime: A New Framework for Protecting Information"; he also published a couple of articles about automated computer crime in the September and October 1999 issues of Information Security Magazine.

Is there anything we can do about these attacks?

The most important message right now is that everybody on the 'Net has a social responsibility, as well as a professional obligation, to patch all known vulnerabilities so that criminals cannot exploit weakly secured systems to attack strongly secured systems. In addition, my colleague Robert Gezelter, a Flushing, N.Y. Internet expert, points out that at least some of the attacks may involve headers with spoofed originator addresses. He argues strongly that no site should ever allow packets with forged headers to escape their perimeter.

Soon, we need to impose more demanding volume testing on all systems as a normal part of quality assurance. Another improvement in current network systems would be to integrate some of the artificial-intelligence routines that have been applied in modern intrusion-detection systems, to recognize bogus traffic and block it before the spurious requests and data can bog down critical servers.

In the longer run, we may have to agree on methods for strong authentication of Internet traffic. I hope to see a day when packets on the Internet will be digitally identified; those systems refusing to use digital signatures will be classified as low-priority traffic. Using a system of cryptographically-sound packet checksums, including packet sequence numbers, we can establish a trustworthy session with trustworthy partners. Anyone not playing by the rules would be relegated to a low-priority bin and would have much more trouble trying to deliver a denial-of-service attack.

In some ways, such a system would resemble what we already do with paper mail. We recognize and often discard unsolicited commercial mail without even having to open it. Our tolerance for junk mail declines when we become busier. We are instituting an informal triage, based on a natural evaluation of our own processing power. Similarly, with adequate identification and authentication of Internet packets, routers could decide which packets deserved immediate attention and which ones would have to wait for attention.

Finally, these attacks remind us that we are still not integrating cyberspace into our moral universe. We really do have to get out into the wider community and explain to young people just what happens to the human beings trying to run and use systems when there are hacks and denial-of-service attacks. Too many kids have grown up with the idea that hacking is about as serious as playing video games. For many such players, trying to break the rules in video games is part of the fun; it's not surprising, then, that breaking the rules in the real world of today's e-commerce seems like fun and games.

RELATED LINKS

Check out the new "Computer Security Handbook, 4th Edition" edited by Seymour Bosworth and Michel E. Kabay; Wiley (New York), ISBN 0-4714-1258-9. Available now at your technical bookstore or visit Amazon.

M. E. Kabay, Ph.D., CISSP is Associate Professor of Information Assurance in the Department of Computer Information Systems at Norwich University in Northfield, Vt. Mich can be reached by e-mail by clicking here. He invites inquiries about his information security and operations management courses and consulting services. Visit his Web site for papers and course materials on information technology, security and management.

Asleep at the security wheel?
Network World, 02/16/00.

Few downloaded FBI tool to detect e-commerce attacks
Network World, 02/15/00.

Web attackers run roughshod
Network World, 02/14/00.

Real denial-of-service hack victims weren't Web sites
Network World, 02/14/00.

Beware the denial-of-service sharks
Network World, 02/14/00.

Proactive e-security
Network World, 02/11/00.

Archive of Network World on Security newsletters

Network World Security Alert will keep you up to date on the latest security holes and patches, with daily updates from key vendors, security organizations and Network World reporters. See the latest dispatches from the security here.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.