February 23, 2000 - Smurf Attack!

Smurf Attack!

Analysis/Commentary
The Net still reels from concerted attacks against e-commerce Web sites during the week of February 6. The denial of service invasion began at Yahoo! on Tuesday, February 7, and proceeded to eBay, CNN, Amazon, Buy.com, ZDNet, E*Trade and Datek, and culminated on Thursday at Excite@Home.
Who was responsible? No one seems to know. How did they do it? AntiOnline.com's John Vranesovich suspects three to six malefactors who commandeered 75 to 100 computers. The denial of service attacks implement a technique identified as a simultaneous scan, using multiple remote computers called zombies.
In effect, the hackers tricked third-party computers into originating a flood of procedure calls ("Are you there?") to networks. This resembles the call-flooding techniques known to bring down telephone networks. The barrage may be compared to trying to accommodate a firehose of data through a straw.
When ordinary users tried to access Yahoo! on the afternoon of February 7, they couldn't bring it up. The routers at Yahoo! were simply glutted with trash data. Down time at Yahoo! and elsewhere added up to two or three hours on average.
Why bother to incapacitate e-commerce sites? The quip of Edmund Hillary, the conqueror of Everest, might apply: Why did he climb Everest? "Because it was there." Ergo, because they are there. Vranesovich feels the primary motive of the hackers might be exploit, the prestige among peers of Davids felling Goliaths.
There are ways, surely, of fending off the barrage of crippling pings. But the targeted servers require forewarning, an idea of when the attack will occur and what to do when it manifests itself. None of the e-commerce sites were able to re-route or filter the flood of distributed signals until hours after the attack began. The Net's spit-and-chewing-gum constitution left it vulnerable to stones flung by hoodlums.
The government currently suspects several colleges as hosts to the proxies that furnished ammunition for the attack, and e-commerce sites scramble for insurance and investigate defense tactics. These range from the "hacker profiler" that Vranesovich advocates, to cache software that might help relieve a flooded site through distributed copies of pages, graphics, ads, and so forth -- in short, duplicating and removing a website's objects to another network and router location.
Score one for the hacker underground. Feds zero.

February 23, 2000