News

Nothing But Net/Mark McFadden: DoS Attacks: What Have We Learned?

After two weeks of impassioned reporting and analysis, what do we really know about the denial of service (DoS) attacks on some of the Web’s most popular destinations, and what does it mean for the rest of us?

First, the attacks came as a big surprise to many, including those in government, the media, and perhaps in your own organization. But it should have been no surprise. Next, the attack itself reached almost mythic proportions: "The End Of The Internet As We Know It," and similar bunk. But in fact, the tools used in the attack are simple and well understood.

The attackers use intermediate nodes, or "slaves," to do their bidding. By hiding behind spoofed IP addresses -- somewhat like putting a fake return address on a post card -- the attackers disguise themselves and their intermediate, slave nodes. A single attacker can use thousands of slave nodes as a network-based parallel processing system to amplify the attack.

This time the exposure that made the systems vulnerable to becoming "slave" nodes in the first place are well known weaknesses in Unix applications. Mom and dad’s computer attached to the cable TV, or sister Susie’s Windows 98 machine attached to the DSL circuit at school are unlikely to be part of the problem -- at least this time.

Still, getting smug about Windows machines not being the source of the attacks is foolish. Next time there might be a trinoo or TFN2K for Windows 2000.

How should we respond? Any response must be tempered with the realization that security is the least liked task, second only to backups. Until there is a crisis, will your organization act on even the simplest suggestions?

An easy suggestion is to have organizations configure their routers so packets with inappropriate or spoofed addresses never leave their networks -- called egress filtering. It’s also easy to demand of ISPs that they filter all packets that have spoofed packets from being passed along -- called ingress filtering.

One proposal in front of the Internet Engineering Task Force is to outfit routers with a mechanism that occasionally sends as much information as it knows about the immediate previous hop of that packet along with the packet itself. In the event of a packet flood associated with a DoS attack, there would be enough of the packets to get a reasonably complete set of traceback packets, thereby simplifying the process of finding the attacking node.

It’s an idea worth considering.

In the meantime you and your company can take immediate action. ISPs and network providers have been victims of DoS attacks long before the assaults that battered Yahoo!, Etrade, and CNN. ISPs can help you set up egress filtering on your own network so you can’t inadvertently be the source of an attack. In addition, demand that your ISP do ingress filtering to ensure that inappropriate packets that manage to get inserted in the network can go no farther.

Filtering may not be the mechanism for ending DoS attacks but, until better traceback technology is in place, it’s one way to make sure we don’t become unwitting accomplices in these abuses.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Gears

    Top 10 Microsoft Tips and Analyses of 2018

    Here are the year's most popular explainers and how-to columns -- along with some plain, old "Why did Microsoft do that?" musings thrown in.

  • Sign

    2018 Microsoft Predictions Revisited

    From guessing the fate of Windows 10 S to predicting Microsoft's next big move with Linux, Brien's predictions from a year ago were on the mark more than they weren't.

  • Microsoft Recaps Delivery Optimization Bandwidth Controls for Organizations

    Microsoft expects organizations using its Delivery Optimization peer-to-peer update scheme will optimally see 60 percent to 70 percent improvements in terms of network bandwidth use.

  • Getting a Handle on Hyper-V Virtual NICs

    Hyper-V usually makes it easy to configure virtual network adapters within VMs. That is, until you need to create a VM containing multiple virtual NICs.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.