Net Security Conference: Denial Of Service Wars Heat Up
The arms race between hackers and security personnel continues unabated as each side
constantly strives to top the capabilities of the other - especially when it comes to denial
of service (DoS) attacks.
That is the message from the
"anti-hacking" symposium at The Internet
Security Conference (TISC), which takes
place this week at the Century Plaza Hotel.
The symposium featured Dr. Stefan
Savage, a professor at the University of
California, San Diego and chief scientist at
Asta Networks in Seattle, Wash.; and Dr.
Bill Hancock, chief security officer for
Exodus Communications.
The two speakers gave different views of
the same problem - every company and
individual with an Internet connection is
vulnerable to DoS attacks.
Savage is part of a group of scientists at
UCSD that recently published a study of
worldwide DoS activity. The study found that more than 4,000 DoS attacks take place
every week. These assaults aim at a variety of targets, from e-commerce sites like
Yahoo, Ebay and E-trade; high-profile companies such as Microsoft; and even individual
home computers.
"For years, the traditional answer to the question, 'how big a problem is DoS?' was, 'it is
hard to say,'" Savage told the audience. "The UCSD study was the first measurement of
global DoS attacks."
The procedure for launching these harmful attacks is painfully easy, Savage said.
In the first step, an attacker infiltrates a series of computers that are attached to the
Internet and turns the machines into "zombies," or computers that can be controlled
remotely by the hacker. When ready to launch an assault, the attacker sends commands
to an interim computer known as a "handler," which in turn sends commands to the
zombies.
On the hacker's command, the zombies attack the target, and the victim suffers a variety
of problems. For a corporation, this can include loss of its server, computer and memory
resources, as well as dropped connections with legitimate Internet traffic. Savage said
these attacks often result in considerable loss of time and money.
How easy is it for a hacker to launch an assault that could shut a major company down?
"It takes no education to do this," said Savage. "It is all ones and zeroes. Once one of
these programs is written, a complete moron can type a series of numbers into a
command line and get the effect."
Savage said that while the process is simple, the result is frightening.
"Right now, a hacker can shut down any site. One hacker can get 10,000 zombie
machines together and point them like a gun at a company. No site can stand up to
that," he said.
Hancock gave the audience a simple yet vivid analogy for the DoS problem.
"Let's say you run into your bathroom and find out that your two-year old has plugged up
the toilet with a plastic truck and a roll of toilet paper. That is a denial of service," he
said. "You have something that you want to do quickly, but now you cannot do it."
Hancock offered the perspective from the Internet service provider's (ISP) side. He said
many ISPs are caught in the middle when an attack is being carried out against one of its
customers.
"ISPs share equipment, which means you cannot filter a DoS attack at a backbone router.
It is easier to let an attack go through and bounce one customer offline than to try to
filter it and affect 80 customers," he said.
DoS attacks are a big problem, but some hope lies on the horizon, Hancock said. The
security industry is developing specific tools to handle attacks on routers or switches,
and legislation is moving forward that will criminalize the activity.
"If we make stronger laws and send some people to jail, a lot of this nonsense will stop. It
is a criminal activity, it is not a joke," he said.
Savage agreed that solutions are on the way for the present situation, but said they are
no guarantee of a smooth future.
"Hackers are not about to lie down. As you add defenses, they will compensate. If you
raise the bar, they will try to jump over it," said Savage.
The Internet Security Conference is at http://www.tisc2001.com
