IP: Hacker Exposes Weakness of Net Construction -- LA Times

[Dave Farber <farber () central cis upenn edu>]

Hacker Exposes Weakness of Net Construction 


   Technology: The weeklong attack endangers a small New
York service provider. 


> From Associated Press


     NEW YORK--An unscrupulous computer hacker, taking
advantage of a weakness in the construction of the Internet,
has driven an Internet access company to its knees in an attack
computer security experts say is one of the longest ever seen. 
      The attack has prevented Public Access Networks Corp.,
the first company to provide Internet connections to New
York City residents, from connecting its customers to the
global data network for nearly a week. 
      Thousands of individuals and dozens of companies have
been affected, most of them in New York. The company,
known as Panix, is small and privately owned and may not
survive if the attack persists. 
     
      "It means 25 people could shortly be looking for work,"
said Alexis Rosen, president and co-owner of Panix. "We may
well survive this. We know the business a lot better than most."


      But the attack, and news accounts of it, have given greater
exposure to a problem in the Internet's structure that many
security experts and network design engineers are familiar with
but rarely discuss publicly. 
      The hacker is sending scores of requests for information
each second to computers at Panix. But the requests have fake
return addresses, which confuse the Panix computers. At the
rate the fake requests are coming, Panix is unable to handle
legitimate interactions with other computers. 
      Experts from Lucent Technologies Inc.'s Bell Labs and the
CERT Coordination Center, a Pittsburgh-based group that
responds to Internet security troubles, are helping Panix. 
      But Rosen said, "There's no help to be had. This a problem
fundamental to structure of the Internet." 
      The easiest solution would be for all other Internet access
companies to filter their outgoing traffic to make sure the data
has legitimate return addresses. But it could take months for
companies to agree to that and take the necessary technical
steps. 
      "Until all people start filtering their traffic to assure there are
no forgeries in the packets, this attack can continue unabated,"
Rosen said. 
      "We've been batting around possible defenses," said
William Cheswick, a Bell Labs scientist. But he said any kind
of computer system can be overloaded. 
      "It's an arms race," he said. "A lot of the easy solutions for
dealing with the attack are looking for idiosyncrasies in it and
separating the attack [data] packets from the other ones. That
game only goes on for so long before we can't tell them apart
again." 
      Typically, hacker attacks on corporate computers are
brief. The length of time that Panix has been under siege is
especially severe. It began Sept. 6, was interrupted Sunday
evening and restarted Monday.