Big news this week has been, of course, the attacks on Yahoo, eBay, ZDNet, Buy.com, Amazon, CNN, Excite, E*Trade, and various other major sites on the net.
Remember, security fans, you heard it here first. We gave you a heads-up on November 15th about trinoo, with more details on the rest of the class on January 3rd.
Just as a recap, this is a modified denial of service (DoS) attack. At one point it was being called a "flood network" attack, because of the second program to employ the concept, but it is now more generally being referred to as a distributed denial of service (DDoS) attack.
A DoS attack generally does not attempt to crack security on the system. It tries to use up some resource, and thus deny that service to legitimate functions or users. For example, a massive spam, or mail bomb, attack might be a denial of service, because it ties up the network connection, and also uses up great amounts of disk space for the mail queue. No security is broken, and no data is corrupted, but the computer system cannot be used for its intended purpose.
Other types of DoS attacks might try to log on to the target computer, thus using up processing time as the host tries to validate the requests. The most sophisticated of these attacks send network control messages that request the host to contact some other machine to verify information. These requests must be honored, because they are part of the dynamic configuration process of the Internet, but the DoS attacks use fake addresses, and therefore the host computers make repeated attempts to connect to computers that don't exist.
A DDoS goes one step further. By sending out trojan programs, crackers try to gain at least partial control of a number of computers, which may number in the thousands. At the designated time, the master computer sends a very short command message to those computers running the trojan server or agent software. Thus one computer starts hundreds, thousands, or tens of thousands of computers all sending some kind of DoS attack to a given target. One computer sending DoS packets to a huge site like Yahoo is nothing more than a nuisance. But with hundreds participating, the effect is greatly magnified.
Very little detailed information has been provided about the attacks. The sites were all very large, commercial organizations, and these bodies do not readily participate in the type of information sharing that gave us such thorough research on Melissa within hours of its release. The FBI and the US Department of Justice are also involved, leading to lots of press conferences, but not much news. We do know that some of the "trojaned" sites that were used in the attack have been identified. We also have been told that there are indications that the attacks were directed from Germany.
Go To Page: 1 2
