Internet technology needs updating to prevent attacks
Hacker programs shut down servers,
San Francisco -- Researchers are trying to catch up to hackers who have discovered ways to attack the Internet by creating programs that can shut down servers, flood Usenet newsgroups with garbage messages, or delete postings.
The problem is that the Internet, created 27 years ago as a tool for universities to share information, was not designed for the use it is now experiencing by millions of people around the world, said Don Heath, president and CEO of the Internet Society.
A recent attack on Usenet newsgroups (see "Programs delete Usenet messages") in which more than 25,500 postings were deleted is only the latest in a string of attacks that illustrate the vulnerabilities of the global network. In that attack, "cancelbot" messages were created to automatically delete newsgroup postings.
Another form of newsgroup attack involves flooding a site with bogus messages, thus preventing users from posting legitimate messages, said Dave Kennedy, director of research at the National Computer Security Association in Carlisle, PA.
"With Usenet attacks, they're using the way Usenet works to distribute and cancel messages around world, by either flooding or canceling," he said. "You can attack a newsgroup by sending 1,500 messages that say nothing and that forces legitimate traffic off."
Although he said he is not sure of a way to stop cancelbot messages, Kennedy said having someone monitor a newsgroup can help solve the newsgroup flooding type of hack. Monitoring, which is used by some newsgroups today, allows someone to authenticate postings by confirming that the identified user sent them, as well as approve the postings, he said.
"The challenge is finding a volunteer to do all that or a way to pay them," he said. "There are 20,000 Usenet groups and probably fewer than 1,000 are moderated."
In another type of recent Internet attack, hackers crippled an Internet service provider, called Panix, by flooding its servers with phony requests for connections.
"The IETF [Internet Engineering Task Force] is working on solutions that will probably prevent attacks such as with Panix," Kennedy said. "They're looking at a new version of the Internet protocol that will prevent a SYN attack," or one related to the synchronization of packets between computers.
In a SYN attack, the attacking computer gives a fake address so that when it sends a request for connection to another computer, the second computer sends a message to the bogus address seeking confirmation but ends up waiting for a reply that never comes.
"You can send so many of those imitation send SYN packets that a computer has all its available connections waiting for bogus replies," Kennedy said. "It occupies all the different connections."
The technological solution would be to make it impossible or exponentially more difficult to fake the return address, he said.
"None of these different attacks is critically serious," he added. "Certainly, the individual computer user shouldn't lose sleep over these issues and ISPs shouldn't be overly concerned."
ISPs can monitor systems to quickly detect when their servers are
being attacked and then call for help, Kennedy said. Some systems will
even page the network operators at the ISPs when there is a problem.
--Elinor Mills, IDG News Service, San Francisco Bureau
If you have technical problems with this magazine, contact firstname.lastname@example.org