re: Smurf Attacks hit Seattle ISPs
You press on it over here, and it pops out over there.
It would be interesting to know if anyone here was affected by these events.
Anyone?
====
Internet attack slows Web to a crawl
Assault on Oz.net affects entire area
Tuesday, January 18, 2000
By DAN RICHMAN
SEATTLE POST-INTELLIGENCER REPORTER
The Internet slowed to a crawl, or even stopped, for
thousands of Seattle computer users over the weekend
after a series of attacks against one local Internet
service provider bogged down Web traffic in as much
as 70 percent of the region.
A number of similar attacks apparently occurred
throughout the nation.
Although only Oz.net, an ISP serving 7,000
subscribers, is known to have been targeted in the
so-called smurf attack in Seattle, the assault affected
many, perhaps even most, of the Internet users in the
Seattle area, said experts.
"It was one of the worst attacks I've seen," said Jared
Reimer, Oz.net's lead network administrator.
Michael Smith, manager of network operations for
Semaphore Corp., said the attack caused "the worst
stall I've ever seen" in that company's own high-speed
network. Every ISP, Web hosting company, application
service provider and phone company that buys service
from Semaphore, a Seattle reseller of high-speed
bandwidth, experienced "seriously degraded network
quality," Smith said.
Eventually, so did mega-bandwidth provider UUNet,
which serves about 70 percent of the Internet users in
this market, including Semaphore.
By way of analogy, UUNet is an interstate highway,
Semaphore a state road and Oz.net an arterial street.
The attack on Oz.net most likely came through
Semaphore and UUNet, backing up traffic to flood
them and everyone using their services, Reimer
speculated.
In smurf attacks, also called denial-of-service attacks,
hackers flood one or more servers with thousands or
even millions of unnecessary messages. The effect,
Reimer said, is "like sending a trillion postcards to a
single post office box, then expecting to find your mail in
there."
"Everyone's traffic was trying to compete with this junk
traffic," Reimer said.
In addition, all the corporate or academic networks the
smurf attacker used in the assault -- as many as 2,000
nationwide, estimated Smith -- would have suffered
near-total shutdown. Smurf attackers harness the
power of unprotected networks to multiply their junk
messages a thousandfold or more.
The Seattle attacks began Friday night and occurred
intermittently for three hours, Smith said. They
continued from 10 a.m. to 2 p.m. Saturday, then
ceased. But the residue junk could not be eliminated
completely or instantly, so effects were felt long after
that. Even yesterday morning, congestion persisted.
Some local users tried for so long to log onto Web sites
that they were "timed out," or disconnected.
Smith said Internet access throughout the entire nation
took a beating.
"My guess is that someone released a new piece of
code this weekend," he said. "We'll know better about
it in a week, when they start bragging about it."
The Seattle attack was most likely launched by a single
person whose identity is known to Oz.net, Reimer said.
"I suspect it was launched by one individual against
another individual who has an account with us," Reimer
said.
Reimer and Smith said they believe the FBI has become
involved in the case. But an FBI spokeswoman in
Seattle, who would not give her name, said she had
heard nothing of the incident. Semaphore is leading an
investigation into the incident, Smith said.
Smith said 15 people worked eight to 10 hours in
response to the attacks, but he could not put a dollar
value on losses his company suffered.
Reimer estimated Oz.net's damages -- in customer
service credits and overtime paid for technical support
-- were in the tens of thousands of dollars.
Little can be done by targets to ward off smurf attacks.
But it is believed that such attacks will diminish in
number as network administrators make the simple
change in configuration required to prevent them.
And new routers -- the hardware that keeps networks
flowing freely -- are resistant to smurf attacks, Reimer
said.
In a separate incident yesterday, hackers vandalized
one of the federal government's most popular Internet
sites and prevented visitors from searching for new
legislation being considered by Congress.
The hackers altered the "Thomas" Web site of the
Library of Congress, named after Thomas Jefferson and
a favorite among journalists and researchers who need
immediate information about bills under consideration
on Capitol Hill.
The vandals, claiming to be "four hackers from a little
country in Europe," changed the site to read: "U.S.
Congress Web site -- defeated!" The moniker they
used, "Lamers Team," is not particularly prominent
among the computer underground.
Yesterday's attack was the most serious against a
government World Wide Web site since the start of the
year.
It was similar in audacity to attacks last year against
Web sites for the FBI, Senate, U.S. Army and White
House.
This report includes information from The Associated
Press. P-I reporter Dan Richman can be reached at
206-448-8032 or danrichman@seattle-pi.com
|
