[ISN] DoS Attack Storms Weather Channel's Routers

From: William Knowles (wkat_private)
Date: Mon May 28 2001 - 04:16:09 PDT

  • Next message: InfoSec News: "[ISN] Islands in the Clickstream. The Shadow of the Dog. May 27, 2001"

    By Rutrell Yasin
    A denial-of-service attack Wednesday disrupted the operations of
    Weather.com, the official site of the Weather Channel.
    The attack, which caused the first outage in the site's six-year
    history, started at 11:00 am (EST), limiting access to the site and
    slowing performance for nearly seven hours.
    Although access to the site was blocked, important weather information
    was not compromised, Weather.com officials said. The site was back up
    by 6 Pm (EST).
    Hackers overloaded the company's routers and those of its Web hosting
    company, Exodus Communications Inc. (stock: EXDS), with bogus traffic,
    said Dan Agronow, Weather.com's director of site operations.
    To counter the attack, weather.com moved to another dedicated router
    in Exodus's facility and installed filtering software to protect
    switches and servers, as well as intrusion detection software to
    record all ongoing activity, Agronow said. Plus, the company is
    working with Exodus to deploy additional sniffer technology to monitor
    network traffic.
    "There's a possibility the attack was a diversionary tactic to break
    into [the company's] servers," Agronow noted. As a result system
    administrator are checking the logs of the company's 140 servers for
    suspicious activity, he added.
    Fortunately, Wednesday was a relatively mild weather day across the
    nationwith only 33 incidents of severe weather reported. However, on
    Tuesday severe weather reports totaled more than 100, with several
    possible tornadoes.
    "Site traffic is highly variable, depending on the weather. Traffic
    can quadruple in the course of an hour," said Debora Wilson, president
    and CEO of Weather.com.
    The site can sustain that spike, she added. The disruption of service
    is being taken very seriously since so many people depend on the site
    for information that affects their activities, families and
    properties, she added.
    The company is working with the necessary laws enforcement agencies to
    investigate the attack, she said.
    The attack comes on the heels of a DoS attack on Tuesday that
    disrupted the operations of the Computer Emergency and Responses Team
    (CERT) Coordination Center, the organization responsible for warning
    Internet users about security threats.
    The FBI's National Infrastructure Protection Center recently issued an
    advisory warning corporations and government agencies about an upswing
    in denial of service activity.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Tue May 29 2001 - 01:41:13 PDT