http://www.newsfactor.com/perl/story/14989.html By Tim McDonald NewsFactor Network November 28, 2001 A targeted attack that shut down a network router would not bring the entire Internet to a halt -- it would be more like a massive rush-hour traffic jam. The bad news is that denial-of-service (DoS) attacks are becoming more numerous on the Internet. Not only are DoS attacks more frequent, they are more potent with the potential to do much greater harm than they've done to date. The good news? Right now, according to experts, there isn't any. DoS attacks overwhelm computers, Web sites and servers with floods of bogus data, and hackers are increasingly aiming them at routers, according to a recent report by the federally funded Computer Emergency Response Team (CERT). Routers are the vital Internet components, either special-purpose computers or software packages, that connect two or more networks or parts of networks. "Essentially routers have trust relationships with each other, and are the means by which networks interconnect with each other," Kevin Houle, one of the authors of a CERT white paper on the subject, told NewsFactor Network. "If I can take advantage of that trust relationship to inject bogus routes in the routing tables, there's a potential for denial-of-service between two or more networks. They can be separated from each other." Massive Traffic Jam Routers do not have monitoring technology -- they spend their time looking at the destination addresses of the data packets passing through them and determining which route to send them on. Routers are the keys to larger networks, and if they are isolated, considerable disruption could occur on the Internet. "Traditionally, you think of DoS as 'packet flooding,' sending enough traffic down a pipe to fill up that pipe," Houle said. "In the case of a router-based DoS attack, what we're talking about is the route tables for a router being altered." A targeted attack that shut down a network router would not bring the entire Internet to a halt -- it would be more like a massive rush-hour traffic jam on an interstate highway that once flowed smoothly. 'Autonomous Network Worms' The CERT research also found that multiple-source attacks are occurring more often and are increasingly aimed at multiple targets. "Autonomous network worms" are becoming more popular among the more sophisticated, malicious users, whereas once they simply inserted code manually via a Trojan Horse into the targeted computer. "In the case of the automatic model, the attack code is self-contained," Houle said. "In previous worms like ramen, the attack code was in an external site. The compromised computer had to go back to the attacking host to retrieve a copy of the attack code, install it and then execute it. The autonomous model is much more efficient. It doesn't have to take as many steps to initiate another attack." Also, users cannot employ the traditional packet filters to disable a particular site to stop propagation. DoS Will Always Be With Us Another disturbing aspect of DoS attacks is that security technology can only do so much to detect them and protect networks from them. And the problem will never be completely eradicated. "The problem of denial-of-service is fundamentally ingrained in the way that the Internet is built," Houle said. "The Internet is comprised of limited, consumable resources. Thus, it's possible to consume those resources. That's not likely to change any time in the near future." The very nature of the Internet that makes it global in reach and so wildly popular -- its very openness and interconnectedness -- is what makes DoS attacks so dangerous. "Security on the Internet is interdependent," Houle said. "In other words, I can spend an enormous amount of resources defending my systems on the Internet from intrusion, but my exposure to DoS is based on the security posture of the rest of the global Internet. Any number of systems on the rest of the Internet can be used to launch a DoS attack against me and consume the limited resources that I have." Quick To Exploit The CERT team also found a significant decrease in the time window from when a vulnerability is uncovered to the time when it is widely exploited. "What we're saying is DoS technology is advancing more in terms of management and control deployment technologies," Houle said. "The full DoS attack itself hasn't changed much -- it's just become more potent." There are more than 57,000 computer viruses today, according to antivirus software developer McAfee, and more than a hundred new viruses are created every day. CERT, a part of Carnegie Mellon University, said the number of incidents reported to the center has more than tripled since 1999. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 05:32:54 PST