Denial-of-Service Attacks Still a Threat

[InfoSec News <isn () c4i org>]

Forwarded from: bob <bob () globaldevelopment org>

http://www.computerworld.com/cwi/Printer_Friendly_Version/0,1212,NAV47_STO69924-,00.html

By Jaikumar Vijayan
Computer World
Apr. 08, 2002 

Denial-of-service (DOS) attacks continue to present a significant
security threat to corporations two years after a spate of incidents
brought down several high-profile sites, including those of Yahoo Inc.
and eBay Inc., users and analysts report.

Since then, several technologies have emerged that help users detect
and respond to DOS attacks far more quickly and effectively than
before. But the increasingly sophisticated attack methods and the
growing range of systems targeted in DOS attacks continue to pose a
challenge. "In that sense, the tools are always only trying to catch
up" with the threat, said Raj Raghavan, a vice president at SiegeWorks
Enterprise Security Solutions, a Pleasanton, Calif.-based integrator
of security technologies.

DOS attacks make computer systems inaccessible by flooding servers or
networks with useless traffic so that legitimate users can no longer
gain access to those resources. In distributed DOS (DDOS) attacks,
malicious hackers use hundreds and sometimes even thousands of
previously compromised computer systems to launch assaults against a
network or server.

During a three-week period in mid-2001, researchers from the
University of California, San Diego, detected approximately 12,800 DOS
attacks against more than 5,000 targets. Recent examples include
attacks against the World Economic Forum's Web site in February as
well as those that drove British Internet service provider CloudNine
Communications out of business earlier this year.

Increasing Menace

"The threat is a lot worse today than two years ago," said Harris
Miller, president of the Information Technology Association of America
(ITAA) in Arlington, Va. "There are lots of indications that since
Sept. 11, the number of DOS attacks have greatly increased."

The ITAA is acting as the coordinator of an industry body called the
IT Information Sharing and Analysis Center, which was created early
last year to share information and find ways of dealing with DOS and
other security threats.

Part of the problem with DOS attacks is the sheer number of ways in
which they can operate, said Pete Lindstrom, an analyst at Framingham,
Mass.-based Hurwitz Group Inc. A DOS attack can be launched to
overwhelm a target's Web site, CPU, memory, network bandwidth or
routers. It can also work by taking advantage of known flaws in
products, Lindstrom said.

Degradation-of-service attacks are another variation. Such assaults,
which are more difficult to detect than other DOS attacks, involve
short-lived bursts of spurious traffic directed at a target from
multiple sources and are aimed at slowing network performance.

"It would be a fairly straightforward issue to handle if such attacks
originated and terminated with the same network," said Jeff Ogden,
director of high-performance networks at Ann Arbor, Mich.-based
Internet service provider Merit Network Inc.

The problem arises because almost all DOS attacks involve multiple
networks and attack sources, many of which have spoofed IP addresses
to make detection even harder, according to Ogden.

So completely choking off the offending traffic requires network
administrators to call upstream service providers, alerting them to
the attack and having them shut down the traffic. That process has to
be repeated all the way back to every attack source.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.