http://www.gulf-times.com/site/topics/article.asp?cu_no=2&item_no=42550&version=1&template_id=36&parent_id=16 Staff Reporter 29 June, 2005 THE threat posed by Distributed Denial-of-Service (DDoS) continues to worsen as society becomes increasingly dependent on the reliability of the Internet, cyber security experts Dr Sven Dietrich and David Mundie have said. "There has been a marked increase of extortion cases using DDoS during 2004-2005, with attackers threatening online businesses with a denial of service (DoS) if the payment they demand is not made," they said. Dr Dietrich and Mundie, senior technical staffers of the Carnegie Mellon Software Engineering Institute (SEI), are in Qatar to give presentations at technical workshops on cyber security. The workshops are being organised on behalf of Qatar Computer Emergency Response Team (Q-CERT) by the Supreme Council for Information and Communication Technology (ictQATAR) and SEI. Q-CERT, scheduled for launch in September with support from Carnegie Mellon University's CERT Co-ordination Centre, is envisaged as a national organisation to conduct and co-ordinate a comprehensive set of cyber security activities. The forum is meant to adequately protect Qatar's critical infrastructure as cyberspace becomes the nervous system of government, business and education operations. "DDoS is a serious problem that disrupts the availability of systems, causes them to become inaccessible, unreliable, or to crash entirely," Dr Dietrich and Mundie said, recalling that DoS had already become a problem in the early 90s. The goal of a DoS attack is to disrupt some legitimate activity, such as browsing web pages, listening to an online radio, transferring money from a bank account, or even docking ships communicating with a naval port, as explained in "Internet Denial of Service: Attack and Defence Mechanisms," which has Dr Dietrich as an author. This DoS effect is achieved by sending messages to the target that interfere with its operation, and make it hang, crash, reboot, or do useless work. One way to interfere with a legitimate operation is to exploit a vulnerability present on the target machine or inside the target application. The attacker sends a few messages crafted in a specific manner that take advantage of the vulnerability. Another way is to send a vast number of messages that consume some key resource at the target such as bandwidth, CPU time, or memory. The target application, machine, or network spends all of its critical resources on handling the attack traffic and cannot attend to its legitimate clients. When the first massive DoS attacks took place in 1999 against University of Minnesota, Dr Dietrich had observed and analysed it in his capacity as a senior security architect at the NASA Goddard Space Flight Centre. "The first massive attacks on public websites including Yahoo and E*Trade happened in 2000 and in the period from then to now sophistication of attack tools has increased and at present there is an increase of extortion cases using DDoS," the experts said. The severity of a DoS attack reaches its peak when, for example, an attacker gains control over 100,000 machines and engages them in generating messages at a target. At this stage the attack becomes a DDoS. CERT Training and Education is offering a variety of courses with special emphasis on DDoS and defences, incorporating research approaches and concepts such as host system hardening and network hardening. _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 30 2005 - 01:09:35 PDT