The denial-of-service aftermath
by Ann Harrison
(IDG) -- Attorney General Janet Reno announced earlier this week that the FBI has launched an investigation into the source of the denial-of-service attacks. Reno said the U.S. Department of Justice still doesn't know who instigated the attacks, where they originated, how many computers were involved or the motives of the perpetrators.
But they were effective. "We experienced 1GB/sec., and we can handle 100M bit/sec. on a typical strong day operating at 30% capacity. During the attack, we had eight to 10 times regular capacity, and no one can sustain that," said Greg Hawkins, CEO of Buy.com Inc. in Aliso Viejo, Calif.
Hawkins said the attack, which came from multiple locations, overwhelmed the site's monitoring software, which scans for unusual traffic loads and blocks invasions from one IP address.
U.S. Department of Commerce Secretary William M. Daley warned that sites remain vulnerable. "There is no surefire defense," said Daley, who appealed to the computer industry to improve security monitoring and intrusion response to detect malicious code before it can do damage.
"It points to vulnerabilities that need to be addressed in the new world we are going to," said Daley. "The private sector has a greater stake in making sure there are protections than we do."
The online assaults began Monday on Santa Clara, Calif.-based Yahoo Inc.'s Yahoo.com, which was blasted with packet traffic at 1GB/sec. -- more than some Web sites receive in a year. The site was down for three hours. On Tuesday, San Jose-based eBay Inc., Seattle-based Amazon.com Inc., Buy.com and Atlanta-based CNN.com were hit with the same type of attack. Palo Alto, Calif.-based ETrade Group Inc. and ZDNet Group in San Francisco were the victims on Wednesday.
In addition, Excite@Home suffered a brief denial-of-service attack this week, according to a company spokeswoman. The attack began around 7 p.m. PST and lasted less than an hour.
The Department of Defense is also investigating this week's hack attacks. Navy Rear Admiral Craig Quigley said all elements of the DOD have been ordered to examine their computers worldwide to ensure they weren't used as hosts for the denial-of-service attacks.
"But so far, we have not seen anything. We certainly continue to watch," Quigley said during a DOD briefing.
Despite Daley's insistence that the attacks came without warning, the incidents followed a pattern of well-documented, distributed denial-of-service attacks. In each case, sites have been targeted with a high volume of packets using falsified Internet addresses, which made the source of the attack hard to trace. Distributed denial-of-service attacks embed malicious code in weakly defended computers to create entire networks of master machines and subnetworks of slave machines.
Many of the attacks have targeted large Internet service providers and the hosts of the high-profile sites. Gary Grossman, director of security research and development at Santa Clara, Calif.-based Exodus Communications Inc., said this isn't the first denial-of-service attack directed toward his customers. Buy.com is an Exodus client.
"We host 40% of the major sites on the Internet, and so statistically, we are going to see a good fraction of those," said Grossman. "It's not infrequent. It just means that we have to do more sophisticated analysis and have a wider range of addresses that we filter for."
But David Remnitz, CEO of Ifsec LLC, a New York-based information security firm, noted that this strategy only works up to a point. If the attackers shut off the original master hosts that are used in the attacks and assign false IP addresses to another set of attack hosts, the problem will continue. "I am basically chasing my tail if I put in filtering to identify the spoofed addresses but not (to) identify the culprit," said Remnitz.
Remnitz said government and private-sector cyberwarfare experts have known about distributed denial-of-service attack tools for almost a year (see "CERT warns of networked denial of service attacks," link below). "We had 12 to 14 months for the tools to get out there and (be) built up," said Remnitz. "There could be a very large number of attacking hosts waiting to launch instructions."
According to a White House spokesman, a meeting will be held Tuesday with high-tech executives to discuss Internet security on the heels of recent hack attacks. White House Chief of Staff John Podesta will chair the meeting, and Attorney General Janet Reno is expected to attend.
Consulting firm says its server was used to attack AOL
RELATED IDG.net STORIES:
CERT warns of networked denial-of-service attacks
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.