February 05, 2001, 2:41 PM — A year after distributed denial-of-service attacks blasted the likes of Yahoo Inc., eBay Inc. and E-Trade Group Inc., no one has found an easy way to defend against a flood of unwanted IP packets.
In fact, everyone's still pretty much in the dark -- literally, in one case -- when it comes to finding a silver bullet.
A recent meeting of the DDoS Working Group, a forum organized last year to plot network defenses, was conducted solely by the light of laptops after KPMG International's Silicon Valley office was visited by one of California's rolling blackouts. In the ghostly glow could be discerned John Zent, manager of risk management for Yahoo, and Allen Yousefi, information security officer at eBay, along with representatives from security vendors eager to woo these top e-commerce firms.
The talk was no brighter than the lighting. According to several attendees, Yahoo and eBay are more than just dismayed by the slow pace of finding technical defenses to denial-of-service attacks and the even more nefarious distributed denial-of-service attacks, which let an individual launch IP attack streams from hundreds, or even thousands, of compromised computers.
Web site operators are frustrated by the apparent inability of ISPs and Web-hosting providers to quickly filter out denial-of-service attack traffic when it pours into their routers and servers. Whether a low-grade nuisance or the kind of multibarreled assault that upended Microsoft's sites for three days recently, this "bad" traffic is eating up bandwidth and at times blocking legitimate traffic to the most prominent e-commerce sites.
"People are getting a little radical about it," said one attendee. For companies such as Yahoo and eBay, "it's a service-level agreement [SLA] issue with the ISPs and collocation providers." He predicted this year will see lawyers battling over whether distributed denial-of-service traffic should have to be filtered out to satisfy SLAs.
Despite the gloom, there are many efforts under way to cope with all manner of denial-ofservice threats . . . and rays of hope are visible:
- Service and software providers have united to share information and forge common defenses.
- Promising security start-ups focusing on the problem are attracting big-name backers.
- Law enforcement groups -- working with the network industry and its customers -- are nailing the bad guys.
The DDoS Working Group is doing what it can to spur cooperation among ISPs. The group plans to publish recommendations for automated distributed denial-of-service defenses by the end of March.
"There are political issues and technical issues," says Tom Clare, a product manager for Check Point Software Technologies Ltd. and DDoS Working Group member.