New Denial of Service Attacks Worry Security Industry
There is a new kind of denial-of-service (DoS) attack hitting the Internet these days, and it has the internet security industry very worried.
The unusually powerful attacks strike at the basic structure of the Net, exploiting the computers that manage online traffic and using them to overwhelm Web sites. The effects are similar to more traditional DoS attacks, but the newer technique by hackers is far more potent because it launches using fewer hacked computers and the ensuing attack is easily amplified to be far more overwhelming.
The new form of attacks emerged at the end of December 2005 and accelerated in January before settling down about mid-February, said VeriSign Chief Security Officer Ken Silva.
He said some 1,500 separate Internet domains have been attacked using the new method. Comparing the attacks to those in October 2002 when nine of the 13 computer "root" servers used to manage all Internet traffic were the object of a massive attack, Silva said that the new attacks were "significantly larger than what we saw in 2002, by an order of magnitude."
DNS Servers “Made to do the Attacking”
Before this new threat emerged, DoS attacks relied on a network of computers that were used to swamp servers with a deluge of seemingly legitimate network traffic. When successful, these attacks caused the victim's server to crash as it frantically tried to respond to the overwhelming number of requests. Recent DoS attacks have been used to disrupt the sites of large corporations and extort money from Web site owners.
The latest series of DoS attacks use a set of compromised computers that send out a torrent or queries; however, the difference is that those queries are sent to the domain name system (DNS) servers with a forged return address that ends up directing responses to the intended victim's servers.
Instead of the bots causing havoc, it is the DNS servers themselves that end up attacking the targeted Web sites. The DNS servers are performing their normal function as the directory service for the Internet and ensuring that requests for data are routed to the correct site. The resulting attacks, according to Silva, are therefore stronger and more difficult to stop.
Sites Swamped with Apparently Valid Traffic
Because the returned results contain significantly more information, often up to seventy three times more, than the original request, the victim's network receives thousands of fraudulent messages that amount to gigabytes of information, thus making it far more powerful than a standard DoS attack.
Although it is possible to prevent or stop DoS attacks by blocking the Internet addresses from which the attacks originate, it is not a simple process to block these new DNS attacks, said Frost & Sullivan analyst Rob Ayoub. For the most part, he said, all a business can do is carefully monitor its traffic, have benchmarks in place, check out any spikes, and limit traffic or block specific requests if it needs to.
"These are very difficult to defend against because of the unique method of attack," he said. "Attacking the basic infrastructure we all rely upon is what has made the attacks more effective." However, Ayoub suggested, companies responsible for the DNS servers can reconfigure them to circumvent some of the issues that give rise to the new breed of attack.
"This solution is done manually and is very time-consuming," Ayoub pointed out. "DNS servers are something people don't want to mess with because they control whether people can get to sites on the internet."
A DNS Server in lay terms takes your request to visit (eg) complianceandprivacy.com, and points it at the IP address where that site resides. It's pretty much like an automated, interactive phone book. Without them the internet would be a set of unmemorable numbers, not memorable (or otherwise!) domain names.
Internet users and business owners will see more of these types of attacks, Ayoub predicted, due to the relative ease with which they can be executed. But Ayoub did point out that the attacks might end up having a positive effect on the Internet by forcing engineers to go back and look at some of the basic elements of the Net. The recent spate of attacks, said Ayoub, highlight the fact that the Internet was not designed with security in mind.
Internet Was Never Designed for Security
"We rely on the Internet for so many things and it really wasn't designed for security," Ayoub said. "We will have to get people smarter than us together to change things, and, unfortunately, that probably won't happen until there are more attacks and things get much worse."
Discuss This Article