| |
 |
DoS attacks: No remedy in sight
|
Denial-of-service attacks are becoming more common and, in many cases, more serious, security experts said.
An unknown attacker recently hit the Computer Emergency Response Team (CERT) Co-ordination Centre, an important agency for passing information on the latest vulnerabilities in computer systems among security experts.
The denial-of-service attack flooded the centre's Web site with data requests and made the site almost impossible to access for more than 24 hours.
"While there are other agencies out there providing similar services to CERT, what if it had been a more sensitive system or one we had more dependence on?" said Stefan Savage, a professor of computer science at the University of California, San Diego, and co-founder of security company Asta Networks.
For Stefan and other security experts, the CERT attack underscore the Net's lack of preparedness for handling what could become a catastrophe.
Thousands of attacks happen each week. Savage co-authored a paper published last week that found that at least 4,000 denial-of-service attacks happen each week.
The potential damage from such attacks rises as increasingly critical services are being put online, Savage said.
"If you disrupt e-business enough, then you do some lasting damage to people's trust in that part of our economy," he said. "There are systems that would have more far-reaching impact. The trading networks for one. Anything that would allow you to disrupt other infrastructure: power grids or medical databases, for example."
The largest problem with denial-of-service attacks is that, for the most part, they can't be traced.
In a typical attack, an online vandal will use a computer to send millions of access requests to a Web server, overloading the target computer. Each request will have a randomly chosen return address, leaving the victim unsure where the actual attack is coming from.
The attacks--which can also take the form of specially formatted data that can crash servers--are almost impossible to stop, unless the victim has enough clout to convince their Internet provider to help track the source.
Just ask Steve Gibson, an independent security consultant known for his free Shields Up service for testing a PC's security across the Web. Since early May, Gibson has been the target of frequent denial-of-service attacks.
In a long posting on GRC.com, Gibson described a month of attacks on his site by an allegedly 13-year-old "script kiddie", a term used by security experts for young online vandals.
"I hope it is becoming clear to everyone reading this," he wrote in the posting, "that we can not have a stable Internet economy while 13-year-old children are free to deny arbitrary Internet services with impunity."
Gibson blames a lack of initiative on the part of Internet service providers for many of the problems.
"For three years now, it has been known that we should filter packets on the way out of the network to make sure their addresses are valid," he said. "One of the things that could happen is that major backbone providers should make it a requirement that invalid packets are filtered out."
Companies such as Savage's Asta Networks, and competitors Arbor Networks and Mazu Networks, are attempting to automate the response to such attacks. But such a technique would still require the co-operation of the major Internet service providers to be truly effective.
Until Internet service providers start to police people who send data with improper sourcing, denial-of-service attacks will continue, Gibson said.
Until then? "I'm going to have a long lunch," he said. "There's nothing I can do. Check GRC.com every day or two and maybe we will come back."
(SD-Agencies)
|
|
|
|
