Return-Path: <sentto-279987-3811-1005224592-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 08 Nov 2001 05:04:08 -0800 (PST) Received: (qmail 16371 invoked by uid 510); 8 Nov 2001 13:02:10 -0000 Received: from n16.groups.yahoo.com (216.115.96.66) by 204.181.12.215 with SMTP; 8 Nov 2001 13:02:10 -0000 X-eGroups-Return: sentto-279987-3811-1005224592-fc=all.net@returns.groups.yahoo.com Received: from [10.1.4.56] by n16.groups.yahoo.com with NNFMP; 08 Nov 2001 13:02:55 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 8 Nov 2001 13:03:12 -0000 Received: (qmail 57633 invoked from network); 8 Nov 2001 13:03:12 -0000 Received: from unknown (216.115.97.171) by m12.grp.snv.yahoo.com with QMQP; 8 Nov 2001 13:03:12 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta3.grp.snv.yahoo.com with SMTP; 8 Nov 2001 13:03:09 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fA8D3Kp15470 for iwar@onelist.com; Thu, 8 Nov 2001 05:03:20 -0800 Message-Id: <200111081303.fA8D3Kp15470@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 8 Nov 2001 05:03:20 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:DoS.Attacks:.Easier.To.Launch,.Harder.to.Fight] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit DoS Attacks: Easier To Launch, Harder to Fight By Jay Lyman, NewsFactor Network, 11/7/2001 <a href="http://www.osopinion.com/perl/printer/14593/">http://www.osopinion.com/perl/printer/14593/> Experts are warning that crippling denial of service (DoS) attacks have become easier to launch, with automated tools and newer methods that tie up more computer and Internet resources than ever. And while security experts are producing counterattack tools and bolstering preparedness for the high-tech logjam offensives, there is concern that defenders may not be able to keep up as they have less time to react. Please note that this material is copyright protected. Therefore, it is illegal to display or reproduce this article for any commercial purpose, including use as marketing or public relations literature. To obtain legal reprints of this article, please call a sales representative at +1 (818) 528-1100 or visit <a href="http://www.newsfactor.com/reprints.shtml">http://www.newsfactor.com/reprints.shtml>. Last week, the Internet service of The New York Times was paralyzed for more than two hours after company computers "started receiving a huge amount of electronic transmissions that flooded the machinery that protects the paper from hacker attacks," according to an e-mail from a Times systems administrator. "A well-executed DoS attack just can't be defended against," SecurityFocus incident analyst Ryan Russell told NewsFactor Network. More Machines A recent report from the CERT Internet security center at Carnegie Mellon University indicated that denial of service attacks are getting easier to create and are having greater impact. "The bar is being raised on what level of resources can be used for a DoS attack," CERT team leader for artifact analysis Kevin Houle told NewsFactor. He said that while "garden variety" DoS attacks that use a single source to launch a flood of data packets continue to occur, a continuing trend is the use of several computers, known as "zombies," that are taken over by attackers. "Essentially, with a single point of attack, there is a finite amount of traffic that can be produced, whereas a collection of several thousand attack points can generate much higher amounts of traffic," Houle said. "It is an escalation in terms of impact, and it has been a steady progression." Perpetrator Protocol Houle, who co-authored the CERT report on DoS trends, said attackers also are using new technologies and methods to stifle Web sites and Internet traffic. "There is a move toward the use of legitimate protocols rather than the invention of new ones for attack modes," Houle said. "We've seen a trend toward the use of IRC-type (Internet Relay Chat) servers and networks as a central handler for DoS attacks." Houle said the trend is troubling, as it makes DoS attacks easier to produce with a larger impact on legitimate, mainstream networks and protocols. Common Victims CERT reported that while more random, "blind targeting" attacks still occur, there is also a trend toward "selective targeting" of Windows-based systems, networks and users. However, Houle said, a total DoS meltdown on the Web is unlikely because of the different software and systems in use. "The thing that really limits any complete saturation of the Internet is the diverse array of software out there on the Internet," he said. Time Running Out Perhaps the more troubling trend is the increased use of automated attack tools. Houle said DoS attackers are relying more on the automated tools, which lower the level of technical knowledge necessary to launch a successful attack. "There's a large collection of attack tools out there; when a vulnerability is discovered, it's relatively easy for attackers to build tool kits," he said, referring to recent virus outbreaks of the Code Red II and Nimda computer worms. "It's that high degree of automation that allowed them to propagate quickly." Houle said the time between the discovery of a security hole and exploitation continues to shrink. "It used to be several weeks or months, and now it's a matter of days," Houle said. "It's something we don't like to see, but the fact is that automation is something we do see." DoS Defense Houle encouraged Internet administrators and users to review the security of their routing and networking, adding that there are tools and discussions in the security community about countering DoS attack technology. Most DoS defense tools center on identifying an attack and alerting IT managers, but there are advances -- such as a "reverse firewall" that monitors outgoing traffic, as opposed to incoming -- to stem an attack before it starts. Still, most experts agree that DoS victims are in a reaction mode, and that the technology to automatically repel or thwart a denial of service attack is still years away. "Vendors continue to produce technology products that contain exploitable security vulnerabilities," the CERT report said. "Consumers continue to deploy technology products that contain security vulnerabilities, are misconfigured such that compromise is possible or are simply insecurely managed. "The end result is that there are still plenty of vulnerable systems on the Internet that can be used as launch points for DoS attacks," the report concluded. © Copyright 1999-2001 NewsFactor Network. All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without written permission. Please click here for legal restrictions and terms of use applicable to this site. Use of this site signifies your agreement to the terms of use. If you would like to reprint content from the NewsFactor Network, click here for pricing information. Privacy Policy. ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST