December 11, 2000, 10:05 AM — Not long after the first service breakdown at popular Website Yahoo! last week, the
security community reached a consensus that the assault was a denial of service (DoS)
attack. This thesis remained intact as additional sites came under siege.
When the week of attacks came to an end, it was clear that assaults of this scale
had not been seen before. Experts suggest that the ecommerce landscape will be changed
by this event and that IT's relationships with outsourcers, particularly ISPs, will
change as well.
The style of the attacks is not new, longtime industry hands note. DoS attacks,
sometimes listed under the banner of smurfing, have been common for some time
often targeting ISPs. These transmissions initiate bogus echo requests, but the major
Internet router makers have spent the last few years educating their users on how to
defend themselves against such challenges.
Also common are spoofing incidents, in which requests create half-open TCP
connections in attempts to deny service. Elements of smurfing and spoofing were
uncovered in the attacks on Yahoo! and others, according to the Computer Emergency
Response Team (CERT) center at Carnegie Mellon University.
The goal of denial of service attacks is not to hack a database, for example, but to
block other users from accessing a site. Individual attackers overwhelm a site with
data that is hard for the Web host to resolve. More recently, distributed denial-of-
service (DDoS) assaults have come into style among the community of programmer vandals
that lurk about the Internet. Here, numerous machines are used, and the effect is like
a flood on the banks of a levee.
Most onerous: the attackers make use of unsuspecting Internet nodes to enable their
attacks. This requires traditional hacking skill. Haphazardly configured Web servers
are discovered and infiltrated via the Internet, and nefarious code -- use the now use
the term DDoS tools to describe this code -- is inserted on those machines.
The machines are invoked en masse when an attack coordinator chooses to pounce upon a
popular Website, restricting access.
"The way the distributed denial of service attacks work is that perpetrators will
scan the Internet -- they have automated tools that identify an exposure. They crack a
system, plant their tool on it, and configure it so that it is listening for
instructions later on," said Mark Mellis, a consultant with SystemExperts of Sudbury,
Mass., a firm specializing in electronic commerce security.
"They are looking for [intermediary agent machines] that have poor system
administration practices -- people who, for example, don't apply the latest vendor
patches and who are running services that are inappropriate to present to the
Internet," said Mellis, who was at one of the sites hit in the attacks.