ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Can you counter-attack hackers?

Network World Fusion

April 7, 2000
Web posted at: 10:17 a.m. EDT (1417 GMT)

(IDG) -- You are running a Web site. Making money perhaps, and visitors are seeing your message. Then, according to your perimeter intrusion-detection device, some online goofball or criminal hacker is beating on your door. What are you going to do?

In September 1998, the Pentagon reacted to a browser-based denial-of-service attack by the hactivists Electronic Disruption Theater by using offensive applets to shut down the attacking browsers. Clean. Quick. Effective. But the Pentagon lawyers went ballistic within minutes. The techies defending the Pentagon servers had broken too many laws to enumerate - including a military prime directive, "posse comitatus," which forbids the military from taking unilateral actions within the U.S. and against U.S. citizens.


In addition, the techies by their actions had committed several federal felonies for which hackers have gone to jail.

The simple truth is that it is illegal to disarm your online assailant. Doing so requires that you take some offensive action - send out hostile applets, return fire with your own denial-of-service tools or anything else that will shut down the attack. The net effect is that both the attacker and the victim (who is attacking back) are breaking the law.

At first glance, it doesn't make any sense: If you can disarm a knife-wielding mugger, why can't you disarm your electronic mugger? But in the physical world, you know who is mugging you. During the physical attack there is a person with a knife, and while you may not know his name or see his face, you are 100% sure that the knife you are taking away is in the hands of a bad guy.

In the networked world, though, you cannot be sure the guy (IP address) that seems to be attacking you is really the one attacking you. For example, many of the zombie-based, distributed denial-ofservice attacks that occurred in February were traced back to benign networks which were merely unwitting hosts to remote-triggered Trojans located on their servers.

  Diary of a hack attack
  How to prevent Web attacks
  A primer: Denial-of-service attacks
  The future of war is information
  Reviews & in-depth info at
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for network experts
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Hostile perimeter defense is a really tough problem, and right now the law protects the bad guys more than the good guys. I don't have a perfect solution to this conundrum, but a few thoughts do come to mind:

Let the industry design a set of hostile response tools that will stop an attack, but minimize harm just in case a zombie is in the middle. Then, legalize the use of these tools.

Legalize hostile responses, and zombie computers be damned if their security is so bad that their networks can be compromised. Build a hardened back-channel on the Internet which will provide fast routing so that trace-back and bad-guy ID is easier, faster, and with the cooperation of the ISP community, automatic.

Develop an Internet-based Caller ID system so that Web sites know who's there, what they're doing and can ignore all anonymous requests.

Do nothing: Let the bad guys continue to win.

So in the spirit of the networked community, I'm asking readers to help out: What do you think is a fair and efficient way of disarming online assailants to protect your net?

Be creative, let loose; write laws or design technology. And send me your ideas. Maybe together we can get something done.

Technology - Keeping hackers at bay
March 3, 2000
All-in-one security device
February 24, 2000
Clinton fights hackers, with a hacker
February 15, 2000
Banks warned of impending Web attacks days before they happened
February 15, 2000
FBI follows Internet chat room leads in hacker probe
February 15, 2000
Did your server help the cybervandals?
February 15, 2000
Web site attackers exploited Stanford computers
February 12, 2000
Consulting firm says its server was used to attack AOL
February 11, 2000
Lucent firewall loads up on load balancing
November 9, 1999

'Zombies' clogging networks
Cyber Patrol sues hackers
(The Industry Standard)
Anti-DoS efforts take hold at universities
Justice Dept. seeks expanded powers to track hackers
Web sites consider hacker insurance
(PC World)
A primer: Denial-of-service attacks
(PC World)
Hackers as hired guns
(Network World Fusion)
The future of war is information

Trinoo detection tools
Matrix IQ - Measures ISP performance
Distributed System Intruder Tools: Trinoo and Tribe Flood Network

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.