| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 | ||||
 |
|
|||
 | ||||
|
|
|
||
|
||||||||||||||||||||||||||||||||||||||
 NEWSCERT/CC: Internet infrastructure targeted for DoS attacks By Sam Costello October 24, 2001 11:29 am PT D0S (DENIAL OF service) attacks are still a major threat to the Internet and are becoming more serious as attackers are increasingly creating automated attack tools and focusing on network infrastructure such as routers, according to a new paper released this week by the U.S. government-funded Computer Emergency Response Team/Coordination Center (CERT/CC).
DoS attacks are constantly evolving and becoming more automated, self-propagating, and faster to deploy than ever before, according to paper authors Kevin Houle and George Weaver, both CERT/CC employees. A number of the most recent and high-profile worms, such as Code Red and Nimda, underscore this point, they wrote. These developments have led to a "steady increase in the ability for intruders to easily deploy large DDoS attack networks," they wrote. Beyond automation and self-propagation, DoS attacks are increasingly focusing on routers -- hardware devices that help determine where traffic is sent on the Internet, according to the paper. Routers can be taken over as a result of poor configuration or administration, they wrote. Router attacks are "of extreme concern" due to "the potential of routers being used for DoS attacks based on direct attacks against the routing protocols that interconnect the networks comprising the Internet," they wrote. Such an attack could potentially severely affect the travel of traffic on the Internet. "We believe this to be an eminent and real threat with a potentially high impact," Houle and Weaver wrote. Attackers are drawn to routers, according to Houle and Weaver, "because they are generally more a part of the network infrastructure than computer systems and thus may be 'safer' in the face of attacks from rival intruders." Other developments in the evolution of DoS attacks are the various means used to control them, the authors wrote. IRC (Internet Relay Chat) networks are now being seeded with bots, or automated tools, to control DoS attacks, replacing the manual systems that were once used for attacks, they said. The use of IRC networks poses a particular challenge to those who would fight off DoS attacks, as these networks are public venues and can't necessarily be taken offline easily, Houle and Weaver wrote. The authors also found that DoS attacks are increasingly being targeted against end-users of the Windows operating system. End-users have only rarely, if at all, been targets for DoS attacks in the past. Attackers are trying to exploit security holes in Windows, based on the perception that Windows users are generally less technologically savvy than other users, they wrote. The authors did allow that there is "enough truth to the perception to provide a potential reason for the effectiveness of intruders specifically targeting Windows end-users." To combat these attacks, they suggested that users employ personal firewalls. DoS and DDoS attacks are going to continue and going to evolve further, Houle and Weaver wrote. Although the purpose of their paper is more to highlight and discuss the issue rather than solve it, the authors "encourage Internet sites to carefully consider the trends ... discussed [in the paper] and evaluate how security policies, procedures, and technologies may need to change in order to address the current trends in DoS attack technology." Sam Costello is a Boston-based correspondent for the IDG News Service, an InfoWorld affiliate.  RELATED SUBJECTS  SecurityBusiness NewsSPONSORED WHITE PAPERS 
SPONSORED LINKS
|
||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
