Devastating DDoS Attacks Loom

[InfoSec News <isn () C4I ORG>]

http://www.techweb.com/wire/story/TWB20000927S0003

(09/27/00, 11:19 a.m. ET) By Stuart Glascock, TechWeb News

ATLANTA -- Computer security experts are taking a bite out of
distributed denial of service (DDoS) attacks, but more devastating
attacks are on the horizon.

That was the message from a consortium of computer security executives
who met during NetWorld+Interop Atlanta 2000. In addition, dozens of
vendors exhibited products involving security and network forensics,
many targeted at stopping, tracking, and tracing hackers.

The industry group, known as the RFC2267 DDoS Working Group, was
formed in response to a number of high-profile companies whose
networks were bombarded with extremely high volumes of traffic. They
say there is still no bulletproof answer to halting the attacks, but
the group of security experts and DDoS victims are working toward a
solution.

"We don't have an effective solution," said Henry Teng, senior manager
at KPMG LLP and chair of the group. "It takes law enforcement, users,
and vendors sharing information to take on the challenge."

Early DDoS techniques were built on easy to use tools but more
advanced methods use covert communication channels that are harder to
track, said Allen Wilson, director of X-Force countermeasures at
Internet Security Systems Inc., Atlanta. He said he foresees a wave of
new and more devastating attacks disguised as legitimate traffic.
Staged attacks and periodically revolving zombies are another threat.

"We don't know what's out there," Wilson said.

Zombies are computers illicitly under the control of hackers, who can
use them to attack the machines they are targeting for denial of
service, for example with a flood of Ping requests.

Network ICE Corp. chief technology officer Robert Graham agreed on the
need for constant vigilance.

"Every time we come up with a solution, hackers morph and come up with
a different attack; so we are constantly adding new features," Graham
said.

In the highest-profile attacks, service was interrupted at the sites
of Yahoo Inc. (stock: YHOO), eBay Inc. (stock: EBAY), Amazon.com Inc.
(stock: AMZN), Buy.com Inc. (stock: BUYX), and others. Representatives
of two of these companies agree that technologies that provide early
warnings and cooperation to promote industrywide communications are a
step toward fending off future outages.

"At eBay, we've learned our efforts can be collaborated with law
enforcement and the user community," said Alan Yousefi, senior product
manager at eBay, San Jose, Calif.

"One solution will not resolve it," said John Zent, risk management
services manager at Yahoo, Santa Clara, Calif. "For us, we'll end up
integrating [several vendors' products] ourselves. There's no single
answer."

A number of defensive products and strategies are evolving.

Recourse Technologies Inc., Palo Alto, Calif., offers its Manhunt
covert security infrastructure product. The company was formed in
April 1999 to deal with DDoS and "track and trap hackers," said Frank
Huerta, CEO.

"Manhunt is built to take the cloud out of the Internet," Huerta said.

Niksun Inc.'s NetDetector acts like a "surveillance system similar to
cameras in banks," and "is not a lock but a camera for the network,"
said Parag Pruthi, president of the North Brunswick, N.J., company

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".