COMPUTER security experts are attempting to work out how to stop the kind of
cyber attacks that shut down half a dozen major-league websites last week.
The 鈥渄enial of service鈥 (DoS) attacks against some of the biggest commercial
sites on the Web, including Yahoo, Amazon, CNN and eBay, flooded the targets
with huge amounts of useless traffic, slowing their computers to the point where
legitimate users couldn鈥檛 get through.
鈥淲e are committed in every way possible to tracking those who are
responsible,鈥 said US Attorney General Janet Reno, announcing an FBI
investigation. Strategies to stop future attacks range from standardising the
way Internet service providers track and report intrusions, to reconfiguring
Internet protocols to make it easier to trace attacks.
Advertisement
Last week鈥檚 DoS attacks involved hackers breaking into a number of
machines鈥攑erhaps dozens鈥攃onnected to the Internet, and secretly
installing a program in each. A few of those are 鈥渕aster programs鈥 that will
issue orders to the other 鈥渟lave programs鈥. Then, perhaps weeks or months later,
the attacker issues a command to the master programs, which in turn command
slaves to bombard the target websites with 鈥減ackets鈥 of data.
鈥淭he attacks are difficult to trace. They can go through several different
providers. And when you trace them back, they鈥檙e an innocent party,鈥 says Ira
Richer, executive director of the Internet Operators Group, an industry
association in Reston, Virginia.
But security experts have been aware of the threat for months. In November
1999, the Computer Emergency Response Team at Carnegie Mellon University in
Pittsburgh suggested that IT administrators plug holes to prevent their
computers being used to launch attacks. It reported that some hacking groups had
been planting 鈥渄istributed DoS鈥 launching programs since June 1999. So it wasn鈥檛
so much a case of 鈥渋f鈥 but 鈥渨hen鈥 these attacks would be launched.
But what can be done to prevent such attacks? The Internet Engineering Task
Force (IETF), which publishes standards for computers on the Net, has issued
guidelines that will allow automated intrusion detection systems to communicate
with one another. So when an attack is detected, the targets can share
information about what鈥檚 happening鈥攁nd act.
But as more home users who are unfamiliar with IT security get high-bandwidth
ADSL or cable modem connections, the number of computers which can be harnessed
for an attack will probably increase, says David O鈥橞rien, a security expert at
the University of California at Davis.
At a security meeting held at AT&T Labs in New Jersey last week, a new
way of tracking information across the Net was suggested, says AT&T
researcher Steve Bellovin. Every computer that routes packets of information on
the Net would insert an identification packet about once every 20 000 packets.
These would work like tracer bullets, allowing investigators to quickly
determine where an attack is coming from. Bellovin says researchers will propose
the idea to the IETF, and it could be in place in six months.
But Lawrence Lessig of Harvard Law School, warns that attempts to make
Internet traffic more traceable could compromise the anonymity and privacy of
law-abiding citizens. 鈥淚t鈥檚 got to be discussed as a trade-off,鈥 he says.