Misconfigured routers blamed for Internet attacks

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread
Misconfigured routers blamed for spate of Internet attacks By Bob Sullivan MSNBC

Feb. 9  Security experts are still trying to learn whos been attacking Web sites this week and exactly what the vandals are doing. But theories are starting to emerge around an old-fashioned denial of service attack combined with a set of new software tools that make massive coordinated service denials possible. And MSNBC has learned that misconfigured computer routers lie at the center of the problem.

DENIAL OF SERVICE attacks are when a Web site is overwhelmed with so many requests that legitimate users get the cyber equivalent of a busy signal.

According to Joel de la Garza, security expert at Kroll OGara ISP, at the heart of the attack are third-party computer networks used as staging areas for attacks on big-name Web sites.

Common among these third-party networks are misconfigured routers, the boxes that act like air traffic controllers on a network. They have been targeted because they allow whats called broadcast pings  meaning the router can send a note to every machine on the network and insist on receiving reply. In most routers the service is turned off precisely because it could create large volumes of unnecessary traffic.

The real problem occurs when the computers on the third-party network are tricked  not only into replying to the host router  but also into replying to the real victims router. In one of the attacks, de la Garza said, broadcast pings were sent from 50 large networks right at the victims router, quickly toppling the Web site.

Key to the scheme is the ability to trigger such router activity remotely and simultaneously. To do that, the vandals apparently are using a new software designed to cause exactly this kind of mischief.

Late last year, the FBIs National Infrastructure Protection Center issued warnings about a new set of dangerous software tools which made their way around the Internet that enabled such simultaneous attacks. What was worse, the software tools  named Trin00, Tribal Flood Network, and more recently, Stacheldraht  had already been found lurking on computers around the Internet.

The new breed of tools coming out present the greatest threat to the Internet to date, de la Garza said. Everyone doing business on the Internet is vulnerable to this kind of attack.

http://www.msnbc.com/news/368039.asp?cp1=1

-- Martin Thompson (mthom1927@aol.com), February 09, 2000

Moderation questions? read the FAQ