DoS Attack Storms Weather Channel's Routers

[William Knowles <wk () c4i org>]

http://www.techweb.com/wire/story/TWB20010524S0010

05/24/01
By Rutrell Yasin
InternetWeek 

A denial-of-service attack Wednesday disrupted the operations of
Weather.com, the official site of the Weather Channel.

The attack, which caused the first outage in the site's six-year
history, started at 11:00 am (EST), limiting access to the site and
slowing performance for nearly seven hours.

Although access to the site was blocked, important weather information
was not compromised, Weather.com officials said. The site was back up
by 6 Pm (EST).

Hackers overloaded the company's routers and those of its Web hosting
company, Exodus Communications Inc. (stock: EXDS), with bogus traffic,
said Dan Agronow, Weather.com's director of site operations.

To counter the attack, weather.com moved to another dedicated router
in Exodus's facility and installed filtering software to protect
switches and servers, as well as intrusion detection software to
record all ongoing activity, Agronow said. Plus, the company is
working with Exodus to deploy additional sniffer technology to monitor
network traffic.

"There's a possibility the attack was a diversionary tactic to break
into [the company's] servers," Agronow noted. As a result system
administrator are checking the logs of the company's 140 servers for
suspicious activity, he added.

Fortunately, Wednesday was a relatively mild weather day across the
nationwith only 33 incidents of severe weather reported. However, on
Tuesday severe weather reports totaled more than 100, with several
possible tornadoes.

"Site traffic is highly variable, depending on the weather. Traffic
can quadruple in the course of an hour," said Debora Wilson, president
and CEO of Weather.com.

The site can sustain that spike, she added. The disruption of service
is being taken very seriously since so many people depend on the site
for information that affects their activities, families and
properties, she added.

The company is working with the necessary laws enforcement agencies to
investigate the attack, she said.

The attack comes on the heels of a DoS attack on Tuesday that
disrupted the operations of the Computer Emergency and Responses Team
(CERT) Coordination Center, the organization responsible for warning
Internet users about security threats.

The FBI's National Infrastructure Protection Center recently issued an
advisory warning corporations and government agencies about an upswing
in denial of service activity.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*


ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.