Denial-of-service
attacks—the kind that paralyzed Yahoo, eBay, Amazon.com,
Buy.com, ZDNet, and many others in February—are not new. But
two characteristics make those incidents different: the
magnitude of the damage (estimated by some to exceed $1.2
billion) and the technology.
The basic
mechanism for a denial-of-service attack on a Web site is
simple: The attacker hits a site so frequently that legitimate
surfers can't get in. In distributed attacks the hackers take
over a large number of computers connected to the Internet and
force those computers to pound the site simultaneously. The
subverted computers, called "zombies," respond to a
single command from the attacker, who conveniently hides in
anonymity while the zombies do the dirty work.
The sites that
are most vulnerable to denial-of-service attacks are the ones
you've already heard about: Yahoo, eBay, Amazon.com, and so on.
But systems and networks that belong to many lesser-known
companies, schools, and individuals make excellent zombies. The
bad guys look for computers that are permanently connected to
the Internet and not protected by firewalls.
To safeguard your
firm's site, install a firewall, keep it updated, and use the
firewall feature that lets you maintain a time-stamped log of
everyone who accesses your systems.
The log is proof
for you and authorities if anyone breaks into your network. You
should also scan for zombie programs: You'll find Sun Solaris
and Linux scanners on the FBI's National Infrastructure
Protection Center site (www.nipc.gov/trinoo.htm);
a Windows version is available from Trend Micro (www.antivirus.com/vinfo/security/sa022200.htm#user).
The Computer
Emergency Response Team (www.cert.org)
at Carnegie Mellon University's Software Engineering Institute
provides an excellent resource for staying on top of computer
attacks as they happen. If your site is under a
denial-of-service attack, or you believe that one of your
computers is being used as a zombie in such an attack, contact
CERT immediately.
Stop Net
Vandals in Their Tracks
Unfortunately for your business, it doesn't take much
skill to launch a denial-of-service e-mail attack. There
are two types: ping-pong auto responders and cascading
confirmation receipts. In the first one, the offender
sends an e-mail message to an autoresponder (for
example, the one you use on your Web site to acknowledge
customer feedback) and lists an autoresponder as the
return address. In the case of one company that got hit
this way, thousands of bogus messages piled up on its
server. If this happens to you, shut down your
autoresponder long enough to clear out the backlog of
messages.
In the second type of attack, the hacker sends a message
to a huge list of recipients and requests that
confirmation receipts be sent to everyone. That can add
up to lots of extra e-mail traffic. If you use Microsoft
Exchange or Outlook, protect yourself with Grinning
Shark Software Watch Your Back ($12; www.grinningshark.com). |
