Click Here
ad info




  SPECIAL DEAL:

$10 off and Free Delivery for YOUR ORDER. Minimum purchase $20.
Limited time only!
 

Drug Emporium
CNN.com
 MAIN PAGE
 WORLD
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
* TECHNOLOGY
   computing
   personal technology
 SPACE
 HEALTH
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 ARTS & STYLE
 NATURE
 IN-DEPTH
 ANALYSIS
 myCNN

 Headline News brief
 news quiz
 daily almanac

  MULTIMEDIA:
 video
 video archive
 audio
 multimedia showcase
 more services

  E-MAIL:
Subscribe to one of our news e-mail lists.
Enter your address:
Or:
Get a free e-mail account

 DISCUSSION:
 message boards
 chat
 feedback

  CNN WEB SITES:
CNN Websites
 AsiaNow
 En Español
 Em Português
 Svenska
 Norge
 Danmark
 Italian

 FASTER ACCESS:
 europe
 japan

 TIME INC. SITES:
 CNN NETWORKS:
Networks image
 more networks
 transcripts

 SITE INFO:
 help
 contents
 search
 ad info
 jobs

 WEB SERVICES:



 
 






COMPUTING

Hackers - Insurgency on the Internet
Main Page | Bracing for Cyberwar | Hacking Primer | Scenes from the 'Hacker Underground' | Hacking: Two Viewpoints | Timeline | Gallery | News Archive | Discussion | Related Sites

eToys attacks show need for strong Web defenses

December 21, 1999
Web posted at: 11:33 a.m. EST (1633 GMT)

by Ellen Messmer

From...
Network World Fusion
Image

(IDG) -- Network-based attacks against eToys last week and the emergence of a particularly destructive method for launching such raids are fresh reminders of the need for e-commerce sites to keep their defenses sharp.

Online retailer eToys has taken legal steps to prevent a Swiss art group from using the domain name etoy.com. Last week, that move prompted an Internet activist group to launch what are known as denial-of-service attacks on the toy seller's Web site with the intent of bringing it down.

Denial-of-service attacks involve the flooding of a Web site with bogus requests that wind up blocking legitimate ones. Denial-of-service attacks can be launched using any of dozens of programs available in hacker chat forums and on the Web, including new tools that enable attackers to bombard Web sites with traffic generated by thousands of machines.

Hackers
 
  • Bracing for Cyberwar
  • Hacking Primer
  • Hacking: Two Views
  • Timeline
  • Gallery
  • Discussion
  • TIME: Counterhacking 101
  • Related Sites

  •  

    Activist group RTMark attempted to justify its attack on eToys' Web site by citing the eToys vs. etoy case as the victory of corporate greed over art and freedom of expression. Declaring a war of revenge against eToys, RTMark sought to rally the public to use a denial-of-service tool called FloodNet to saturate the eToys.com site with network ping floods.

    RTMark also engaged the help of the Electronic Disturbance Theater - a hacker group claiming to attack sites only on behalf of social causes - to help cripple eToys or deface its Web pages.

    "We're going to make an example of them," claimed Ray Thomas, a San Francisco-based accountant and RTMark's spokesman, describing how the group wants to "destroy" eToys. The group's Web site made available information, such as eToys' IP address, that would give attackers helpful ammunition to shoot eToys down.

    Over at eToys, which has kept a great network-availability record during the holiday season, the e-commerce site showed only slight signs of problems. It slipped from 100% availability to 98% once the RTMark call for attack came, according to Internet online measurement service, Service Metrics.

    Ken Ross, a spokesman for eToys, says the online toy store considers the technical defenses it is using against the protest group's sabotage to be "proprietary."

    Security professionals have a number of recommendations for coping with such attacks, which are identified by strange names such as SYN Floods, LAND attack, Ping bomb, Ping O'Death, Fraggle, Smurf and WinNuke.

    Security experts and e-commerce industry watchers believe denial-of-service attacks happen more often than they are reported. Most companies prefer not to acknowledge such attacks, often begging not to be identified in stories.

    According to Paul Proctor, chief technology officer of CyberSafe's Centrax division, there are three categories of denial-of-service attacks.

    One method involves flooding the line with ping traffic, or any "garbage to keep the router busy," Proctor says.

    MORE COMPUTING INTELLIGENCE
    IDG.net   IDG.net home page
      Domain name bullying
      eToys vs. Toys R Us
      The war for Drugs.com
      IDG.net's network operating systems page
      Reviews & in-depth info at IDG.net
      E-BusinessWorld
      Year 2000 World
      Questions about computers? Let IDG.net's editors help you
      Subscribe to IDG.net's free daily newsletter for network experts
      Search IDG.net in 12 languages
      News Radio
      * Fusion audio primers
      * Computerworld Minute

    Using another method, an attacker can send malformed packets that give routers, firewalls or switches a kind of network indigestion.

    Attackers also can scare off Web visitors by making them think something is wrong or dangerous about the site.

    The discovery earlier this month of a new, more dangerous kind of denial-of-service tool on the 'Net has security pros sounding the alarm.

    The new type of tool, which includes variations called Tribal Flood Network and Trin00, enables attackers to invade Web sites with bogus messages sent from many machines simultaneously. Until now, denial-of-service tools have limited attackers to launching a single ping flood, which wasn't usually enough to fill up the T-1 or T-3 bandwidth typically available at an e-commerce site, says Chris Klaus, chief technology officer at Internet Security Systems.

    But Unix-based Tribal Flood Network and Trin00 overcome that barrier by allowing a single user, by means of the appropriate client software, to launch a coordinated attack on a target from thousands of compromised machines in which the necessary server software has been installed.

    "I call these compromised machines 'zombies' because of the intended use of them in denial-of-service attacks," Claus says. Attackers can remotely install Tribal Flood Network and Trin00 on unsuspecting hosts by exploiting buffer-overflow vulnerabilities or one of a handful of other vulnerabilities.

    Claus says thousands of these ping-launching zombie machines have already been identified, many in university and government networks that are unprotected by firewalls.

    This new type of ping flooding capability means that a single attacker at his desktop could masquerade as a huge group sending out disabling pings.

    What if your site gets hit by a distributed denial-of-service attack? According to a recent CERT Coordination Center advisory, the target of an attack may not be able to rely on Internet connectivity for communications. CERT suggests that firms have alternatives to the Internet for data communications.

    CERT also recommends that if you discover one of these distributed attack tools installed on your servers, realize that it might provide information useful in locating or disabling other parts of the distributed attack network. "We encourage you to identify and contact other sites involved," CERT says.


    RELATED STORIES:
    Known vulnerabilities are No. 1 hack exploit
    December 17, 1999
    DVD-hack concerns delay audio products
    December 2, 1999
    Activist defends DVD hack
    November 8, 1999
    Cyberattacks against DOD up 300 percent this year
    November 5, 1999
    DVD encryption hacked
    November 5, 1999
    Hacking contest spotlights many ways to attack Web sites
    November 3, 1999

    RELATED IDG.net STORIES:
    Domain name bullying
    (The Industry Standard)
    An eToy(s) story
    (PC World)
    eToys vs. Toys R Us
    (CIO)
    NFL sues site for cybersquatting
    (The Industry Standard)
    The war for Drugs.com
    (The Industry Standard)
    Senate approves anti-cybersquatting bill
    (IDG.net)
    Who's the master of your domain?
    (PC World)
    Year 2000 World
    (IDG.net)
    Note: Pages will open in a new browser window
    External sites are not endorsed by CNN Interactive.

    RELATED SITES:
    RTMark - An online "sit-in" against eToys.
    The First Amendment Project: SLAPP - Strategic Lawsuits Against Public Participation
    Note: Pages will open in a new browser window
    External sites are not endorsed by CNN Interactive.
     LATEST HEADLINES:

    WORLD:
    Venezuela dries out, calls for medical help after disaster
    Teen murder suspect who fled Canada says he's innocent
    Patriarch: Israelis will not escort pope in Jerusalem
    Russia could take Chechen capital in a day, general says
    US:
    FAA tightens airport security in response to terrorism concerns
    Chase in space: Discovery closes in on Hubble
    Vermont's gay marriage issue headed for lawmakers' fine-tuning
    Clinton announces much tougher pollution rules on cars, sport utilities
    SCI TECH:
    eToys attacks show need for strong Web defenses
    Discovery prepares for Hubble rendezvous
    High-tech guerrillas say they are Y2K compliant
    Tiny human-borne monitoring device sparks privacy fears
    ENTERTAINMENT:
    The Foo Fighters really have nothing left to lose
    Review: Setting 'Bicentennial Man' up for a fall
    NBC reverses position on 'SNL' Hanukkah sketch
    French director who helped bring on New Wave cinema dies

    Launch CNN's Desktop Ticker and get the latest news, delivered right on your desktop!

    Today on CNN
    SEARCH CNN.com
    Enter keyword(s)   go    help

    Back to the top   © 1999 Cable News Network. All Rights Reserved.
    Terms under which this service is provided to you.
    Read our privacy guidelines.