Information Security News mailing list archives
Devastating DDoS Attacks Loom
From: InfoSec News <isn () C4I ORG>
Date: Thu, 28 Sep 2000 03:56:13 -0500
http://www.techweb.com/wire/story/TWB20000927S0003 (09/27/00, 11:19 a.m. ET) By Stuart Glascock, TechWeb News ATLANTA -- Computer security experts are taking a bite out of distributed denial of service (DDoS) attacks, but more devastating attacks are on the horizon. That was the message from a consortium of computer security executives who met during NetWorld+Interop Atlanta 2000. In addition, dozens of vendors exhibited products involving security and network forensics, many targeted at stopping, tracking, and tracing hackers. The industry group, known as the RFC2267 DDoS Working Group, was formed in response to a number of high-profile companies whose networks were bombarded with extremely high volumes of traffic. They say there is still no bulletproof answer to halting the attacks, but the group of security experts and DDoS victims are working toward a solution. "We don't have an effective solution," said Henry Teng, senior manager at KPMG LLP and chair of the group. "It takes law enforcement, users, and vendors sharing information to take on the challenge." Early DDoS techniques were built on easy to use tools but more advanced methods use covert communication channels that are harder to track, said Allen Wilson, director of X-Force countermeasures at Internet Security Systems Inc., Atlanta. He said he foresees a wave of new and more devastating attacks disguised as legitimate traffic. Staged attacks and periodically revolving zombies are another threat. "We don't know what's out there," Wilson said. Zombies are computers illicitly under the control of hackers, who can use them to attack the machines they are targeting for denial of service, for example with a flood of Ping requests. Network ICE Corp. chief technology officer Robert Graham agreed on the need for constant vigilance. "Every time we come up with a solution, hackers morph and come up with a different attack; so we are constantly adding new features," Graham said. In the highest-profile attacks, service was interrupted at the sites of Yahoo Inc. (stock: YHOO), eBay Inc. (stock: EBAY), Amazon.com Inc. (stock: AMZN), Buy.com Inc. (stock: BUYX), and others. Representatives of two of these companies agree that technologies that provide early warnings and cooperation to promote industrywide communications are a step toward fending off future outages. "At eBay, we've learned our efforts can be collaborated with law enforcement and the user community," said Alan Yousefi, senior product manager at eBay, San Jose, Calif. "One solution will not resolve it," said John Zent, risk management services manager at Yahoo, Santa Clara, Calif. "For us, we'll end up integrating [several vendors' products] ourselves. There's no single answer." A number of defensive products and strategies are evolving. Recourse Technologies Inc., Palo Alto, Calif., offers its Manhunt covert security infrastructure product. The company was formed in April 1999 to deal with DDoS and "track and trap hackers," said Frank Huerta, CEO. "Manhunt is built to take the cloud out of the Internet," Huerta said. Niksun Inc.'s NetDetector acts like a "surveillance system similar to cameras in banks," and "is not a lock but a camera for the network," said Parag Pruthi, president of the North Brunswick, N.J., company ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Devastating DDoS Attacks Loom InfoSec News (Sep 28)