DDoS attacks were wake-up call for IT managers
The timing was uncanny. While eight staffers from the Internet infrastructure
company GlobalCenter attended a conference on security issues, their largest client
fell prey to hackers. Servers supporting Yahoo! buckled under a siege of seemingly
innocent requests that flooded in at a gigabit per second.
Within two days similar attacks took place on eBay, the Web's most popular online
auctioneer, Microsoft's MSN.com, venerable etailer Amazon.com, newsmonger CNN, online
brokers E*TRADE and Datek, news organization ZDNet, and Internet superstore Buy.com on
the very day the superstore went public.
The coordinated attacks on popular Internet servers basically shut them down,
resulting in what's called distributed denial of service. This cyberfoolery is easy to
launch and within the power of many armchair hackers.
For IT managers, the threat is too real. While I have no doubt that
denial-of-service attacks, like viruses, will be contained, they open the door to IT's
next challenge: dealing with what I call the "ugh-known."
Unlike the Y2K computer threat, a network hack attack isn't predictable. Unprepared
IT shops are likely to suffer loses at the hands of playful or bored kids who get their
hands on port scanners and attack tools like Tribe Flood Network, trin00, or
In the recent outbreak of mischief making, clever but relatively simple techniques
were used to play havoc on servers. A hacker can assemble firepower without owing a
fleet of computers. With port-scanning software, a hacker can scan the Internet for
computers that don't have security patches and then insert stealth code without the
owner's knowledge. To fire off an attack, the prankster needs only to send a few
commands to the slave computers who then launch incessant requests to the victim
Most server gates had been left wide open. In some cases, the servers were running
without software that would have prevented the onslaught of requests. That technique
makes servers appear faster, but it runs the risk of letting them take in too many
requests at once.
The assaults have gained the attention not only of businesses on the Internet, but
also of the government and the vendors to those companies.
Attorney General Janet Reno cleared the way for the FBI to investigate the attacks
as a top priority. She pledged that the FBI would work with Internet security
Security and software vendors took positions in war rooms to study the facts and
thwart future attacks.
These attempts are admirable, but no one can prevent attacks from the ugh-known.
Powerful and productive tools will slip into the hands of armchair hackers who will
think of new ways to deploy them.
Hackers will figure out how to make self-replicating worms that can spread stealth
software quickly. The worms could be timed to change over time to make them harder to
find and eradicate. Triggers that launch rogue programs could be set to the size of the
attack army or a special date. Do those sound like science fiction? They're only a step
or two ahead of today's hackers.
Larry Horton, the director of Network Services Consulting at
href="http://www.belenosinc.com" target="new">Belenos says, "Internet servers need
to be designed better." Horton believes the faster pace of deployment has caused many
companies to put up servers without taking proper precautions or thinking through the
I agree. You can make servers run faster, but you shouldn't if you're opening the
doors to an assault. Balancing speed against vulnerability gives rise to a new
discipline -- risk assessment.
Systems administrators need to plan next-generation infrastructures for anyone
wanting to do business on the Internet. For IT managers, this is the time to act. Let's
go back to basics. Make sure the holes are plugged on your own fleet of computers, so
you don't become an unsuspecting accomplice to saboteurs.
On the server side, watch your traffic. Use software-monitoring products, such as
BMC Patrol, to alert you to the first sign of trouble. Have a contingency plan for
shutting down servers if it becomes a necessity.
Maintain a relationship with your vendors. During the most recent attack, BMC's
Patrol alerted Amazon's IT staffers that the monitored thresholds had been exceeded.
Amazon stayed in constant communication with BMC, enhancing the ability of Amazon's own
staff in dealing with the crisis.
IT is going to be a lot different from dealing with predictable problems. Dealing
with the ugh-known is just one of the new challenges.
I'll be back to talk about more.