DDoS Attacks Still Pose Threat to Internet

Started by Metgod, November 05, 2003, 02:02:59 PM

Previous topic - Next topic
Ok, another article with interesting points but there are parts of it points that are missing and thus void out the real point, i.e., they aren't as serious as they claim, although maybe still serious. Sensationalism is the media's friend afterall..

main thing: Internet could survive to those who know it well. sure it could be hard but IPs can always be used instead of hostnames/domainnames..

I'm interested in what everyone else thinks about what is said here.. if anyone else has any thoughts that is...


http://www.washingtonpost.com/wp-dyn/articles/A61714-2003Nov4.html

By David McGuire
washingtonpost.com Staff Writer
Tuesday, November 4, 2003; 8:49 AM

On October 21, 2002, people around the world cruised through
cyberspace the way they do every day -- bidding on auctions, booking
airline reservations, sending e-mail -- all the while unaware that
someone was working overtime to try to bring the Internet to its
knees.

Around 5 p.m. Eastern time, operators of the Internet's root servers,
the computers that provide the roadmap for all online traffic, saw an
unnaturally large spike in the amount of incoming data. It was a
"distributed denial-of-service attack," a concentrated attempt to
throw so much information at the servers that they would shut down.

Seven of the 13 servers went down completely, and two were badly
crippled. In the course of the next frenzied hours, their operators
tried to repel the attack as Internet users typed and clicked away
with little idea that anything was wrong. In the end, the Internet
held firm but nearly everyone who fought off the attack agreed that it
came closer than ever before to sustaining major damage.

A little more than a year later, experts have been working to improve
the Internet's defenses but they say a better coordinated attack could
do even worse damage. The weapons are cheap and simple and plenty of
people know how to use them, leaving the Internet's caretakers looking
for new ways to win a lopsided electronic arms race with online
criminals.

"The people who did it last time were chicken-boners," said Paul
Vixie, president of the non-profit Internet Software Consortium, which
operates one of the root servers. "I'm sure that there are still
serious, well funded cyberwarfare people who would look at what we've
done and say 'yeah, there's a way that we could nail that'."

DDoS (pronounced "DEE-Doss") attacks are one of the simplest ways to
cause online havoc but one of the most difficult to defend against.
Hackers snare "zombie" computers -- usually unprotected home or
business PCs -- and force them to send bundles of data to their
targets to try to make them crash.

If a DDoS attack took down all of the root servers -- something
experts said is unlikely -- Internet communications would slowly
cease. Because most computers store the information they get from the
root servers, it would take about three days to feel the full effect
of the attack.

The code that lets hackers into zombie computers spreads through worms
and viruses that roam the Internet looking for vulnerable PCs. Getting
that process started requires almost no investment on the part of the
attacker.

"Those things are in the hands of any angry teenager with a $300 Linux
machine," Vixie said.

Computer experts have found that the best way to fend off an attack is
considerably more expensive -- buy lots of extra bandwidth to handle
all the data coming their way.

Mountain View, Calif.-based Internet security company VeriSign Inc.,
has spent tens of millions of dollars to secure the two root servers
it supervises, but Ken Silva, VeriSign's vice president of networks
and information security, said the company worries that other
operators don't have the money or resources to follow VeriSign's lead.

Silva said that the servers should be in the hands of entities that
can afford to operate them securely. In October 2002, "when it was all
said and done and you looked at who survived ... it was the people who
made the investment," he said. "It is scary that at the root of the
Internet a significant number of these root servers are quite frankly
just run as a hobby. You don't get paid for running a root server."

Other root server operators include the University of Maryland, the
U.S. Army Research Lab and NASA's Ames Research Center.

The idea that other server operators aren't up to the task has earned
a chilly reception from other members of the Internet community.

Vint Cerf, chairman of the Internet Corporation for Assigned Names and
Numbers (ICANN), said that the current model is faring well.

"It is an arms race, but so far we've kept up," Cerf said. "Here it is
in 2003 -- 20 years into the release of the 'Net -- and you look at
how far we've come since 1983, you have to have some appreciation for
the robustness of the system."

ICANN supervises the Internet's addressing system.

Karl Auerbach, an Internet software engineer and former ICANN
director, said that the server operators have performed admirably.

"All the work that's really been done has been done by the root server
operators themselves. [VeriSign Chief Executive] Stratton Sclavos has
been belittling the fact that the operators aren't professional. Well,
they've been doing a very professional job."

That work -- along with greater coordination among operators -- has
made the Internet safer, said Steve Crocker, who runs ICANN's Security
and Stability Advisory Committee. "I think it's unlikely that you'd
have a long sustained attack that wasn't dealt with," he said.

One of the ways sever operators have made the Internet less vulnerable
to attack is by decentralizing their operations.

The Internet Software Consortium runs the "F" root server in 12 cities
instead of one. Splitting up the server's location, an idea known as
"anycasting," helps foil DDoS attacks that try to slam a single target
with a flood of data, Vixie said.

With anycasting, a DDOS attack targeted at "F" will get shunted off to
several different computers around the world, lessening its impact.

It's a simple way to deflect a destructive problem, Vixie said, but
most root server operators were reticent to try it until the October
2002 attack made them realize the stakes of maintaining the status
quo.

"An attack of a certain volume can be launched this year by someone
with only half as much intelligence and skill as was necessary last
year," he said.

Silva said that VeriSign also runs the "J" server this way --
splitting its functions between several locations in the United States
and the Netherlands. Nevertheless, he said, not enough root server
operators are using the technique.

And the server operators are almost sure to get tested again as worms
continue seeding computers with instructions to launch DDoS attacks.

"There's a trend in attack tools. First, attacks are invented, then
they're automated, and when they're automated, any moron with a
computer can do them," said Bruce Schneier, co-founder of Counterpane
Internet Security Inc., and author of Beyond Fear: Thinking Sensibly
About Security in an Uncertain World.

Auerbach, the former ICANN director, said that's not good news for the
people charged with keeping the Internet running.

"There's a lot of people out there who seem to have nothing better to
do than take down the infrastructure we have ... Sooner or later it's
going to happen [again] and it's going to happen with a degree of
virulence and professionalism that makes prior attacks look wimpy,"
Auerbach said.




"My Terminal is my Soul"

SMF spam blocked by CleanTalk