Security News > 2002 > April > Denial-of-Service Attacks Still a Threat

Forwarded from: bob http://www.computerworld.com/cwi/Printer_Friendly_Version/0,1212,NAV47_STO69924-,00.html By Jaikumar Vijayan Computer World Apr. 08, 2002 Denial-of-service (DOS) attacks continue to present a significant security threat to corporations two years after a spate of incidents brought down several high-profile sites, including those of Yahoo Inc. and eBay Inc., users and analysts report. Since then, several technologies have emerged that help users detect and respond to DOS attacks far more quickly and effectively than before. But the increasingly sophisticated attack methods and the growing range of systems targeted in DOS attacks continue to pose a challenge. "In that sense, the tools are always only trying to catch up" with the threat, said Raj Raghavan, a vice president at SiegeWorks Enterprise Security Solutions, a Pleasanton, Calif.-based integrator of security technologies. DOS attacks make computer systems inaccessible by flooding servers or networks with useless traffic so that legitimate users can no longer gain access to those resources. In distributed DOS (DDOS) attacks, malicious hackers use hundreds and sometimes even thousands of previously compromised computer systems to launch assaults against a network or server. During a three-week period in mid-2001, researchers from the University of California, San Diego, detected approximately 12,800 DOS attacks against more than 5,000 targets. Recent examples include attacks against the World Economic Forum's Web site in February as well as those that drove British Internet service provider CloudNine Communications out of business earlier this year. Increasing Menace "The threat is a lot worse today than two years ago," said Harris Miller, president of the Information Technology Association of America (ITAA) in Arlington, Va. "There are lots of indications that since Sept. 11, the number of DOS attacks have greatly increased." The ITAA is acting as the coordinator of an industry body called the IT Information Sharing and Analysis Center, which was created early last year to share information and find ways of dealing with DOS and other security threats. Part of the problem with DOS attacks is the sheer number of ways in which they can operate, said Pete Lindstrom, an analyst at Framingham, Mass.-based Hurwitz Group Inc. A DOS attack can be launched to overwhelm a target's Web site, CPU, memory, network bandwidth or routers. It can also work by taking advantage of known flaws in products, Lindstrom said. Degradation-of-service attacks are another variation. Such assaults, which are more difficult to detect than other DOS attacks, involve short-lived bursts of spurious traffic directed at a target from multiple sources and are aimed at slowing network performance. "It would be a fairly straightforward issue to handle if such attacks originated and terminated with the same network," said Jeff Ogden, director of high-performance networks at Ann Arbor, Mich.-based Internet service provider Merit Network Inc. The problem arises because almost all DOS attacks involve multiple networks and attack sources, many of which have spoofed IP addresses to make detection even harder, according to Ogden. So completely choking off the offending traffic requires network administrators to call upstream service providers, alerting them to the attack and having them shut down the traffic. That process has to be repeated all the way back to every attack source. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.

News URL

http://www.computerworld.com/cwi/Printer_Friendly_Version/0,1212,NAV47_STO69924-,00.html