http://www.newsfactor.com/perl/story/19831.html [What the article doesn't mention is that Aleph was formally known as Aum Shinriko, an organization well known for its sarin gas attack on the Toyko subway that killed 12 and and injured thousands. - WK] By James Maguire NewsFactor Network November 4, 2002 As a new safety precaution, the organizations that operate the Internet's root servers will add more servers to each system. This will make each location less vulnerable to DDoS attacks. In a recent report on terrorism, the CIA stated, "Cyberwarfare attacks against our critical infrastructure systems will become an increasingly viable option for terrorists." According to the report, various terrorist groups, including al-Qaeda and Hizballah, are becoming more adept at using the Internet and computer technologies, and the FBI is monitoring an increasing number of cyber threats. The report singled out a group called Aleph as the terrorist entity that places the highest level of importance on developing cyber skills. "This group identifies itself as a cyber cult and derives millions of dollars a year from computer retailing," it stated. This Is Only a Test? In the recent large-scale attack on the Internet, called "the worst ever" by many experts, several of the Net's root servers were temporarily crippled. But while those attacks had network administrators scrambling -- and involved law enforcement officials at the highest level -- overall Net traffic was barely affected. Some network engineers scoff at the suggestion that this was a highly coordinated attack designed to bring down the Internet. The attacks were most likely the result of "script kiddies (hackers) having a good time," Peter Salus, chief knowledge officer of Matrix NetSystems, told NewsFactor. Yet Bob Alberti, president of network security company Sanction and co-author of the Internet Gopher Protocol, said one aspect of the attack was particularly troubling: its hour-long duration. "The one hour suggests that this attack was more organized than otherwise might be," he told NewsFactor. "That's not someone launching an attack and seeing what happens, that's someone launching a one-hour test and saying, 'We'll refine our methods.'" Furthermore, Alberti added, "It's 100 percent likely the Internet will be severely affected by a future hacking attack." Defensive Measures Alberti said he feels strongly that there are too few root-level domain servers. The entire global Internet is supported by only 13 such servers, making it unnecessarily vulnerable. "It's called a distributed system, so it ought to be distributed," he noted, pointing out that the number of root servers has remained unchanged throughout the Internet's exponential growth years. "Clearly, this is not the optimal number." In Alberti's view, the Internet's chief governing body, ICANN (The Internet Corporation for Assigned Names and Numbers), is not adequately addressing security issues, and its lack of effective leadership will have serious consequences for Net security. He claims ICANN has not prepared the Net for more sophisticated attacks because it has not instituted adequate redundancy and safeguards. At this point, he said, "a coordinated attack could restrict access to all 13 top-level domain servers for a day, bringing portions of the global Internet to a grinding halt." ICANN's Efforts ICANN, in response to the recent attacks, is soliciting recommendations from its Security and Stability Advisory Committee. Experts expect the committee will recommend that ISPs work to prevent use of packets with forged IP (Internet Protocol) addresses. A deluge of such forged packets is used to instigate distributed denial-of-service (DDoS) attacks like the one launched against the root servers last week. Most ISPs are already equipped with technology to prevent forwarding of forged IP packets, yet until the recent attack, they had no compelling reason to use it. As an additional safety precaution, the organizations that operate the root servers will add more servers to each system. Each of the 13 root servers is already composed of multiple servers, but adding additional servers will make each location less vulnerable to DDoS attacks. Also, according to analysts, government security officials are considering instituting new regulations that would require federal agencies to purchase Internet service only from ISPs that have DDoS safeguards incorporated into their networks. But these steps are only the beginning of what is bound to be a long and concerted effort. As Alberti said, "We're going to have another one of these events. Something will take place which will force people to wake up and smell the coffee." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Nov 05 2002 - 06:49:09 PST