Europe South Asia Asia Pacific Americas Middle East Africa BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: Sci/Tech
Front Page 
World 
UK 
UK Politics 
Business 
Sci/Tech 
Health 
Education 
Sport 
Entertainment 
Talking Point 
In Depth 
Audio/Video 


The BBC's Nick Bryant
"Internet vandals have been responsible for a rash of attacks"
 real 28k

Friday, 11 February, 2000, 18:22 GMT
Security answers to cyber attack




By BBC News Online's Kevin Anderson in Washington

The open nature of the internet makes it almost impossible to completely stop the kind of attacks seen this week against high profile websites including Yahoo, eBay and CNN, according to security experts.

Using software readily available on the internet, attackers have directed huge amounts of data at a website from several sites across the network - a so-called denial-of-service attack.

The junk data overwhelms the communications lines into the site and the site's servers, rendering the site inaccessible.

Once the attack has begun "there is nothing you can do to stop it completely", said Elias Levy, chief technology officer with SecurityFocus.com and moderator of BUGTRAQ - a widely read security mailing list.

The overwhelming amount of traffic floods the network and makes it difficult to trace the source of the attack.

Mitigation

These particular attacks were made even more difficult to combat because the perpetrators did not use one specific tool or method, according to Jed Pickel, technical coordinator with the Computer Emergency Response Team (CERT) Co-ordination Centre.


Security experts recommend old-fashioned precautions
While little can be done to completely prevent the attacks, website hosting services, internet service providers and backbone service providers can take steps to mitigate the effect of these attacks.

And future fundamental changes in the internet will make these types of cyber sabotage easier to stop and much easier to trace.

Softening the blow

Global Centre, the website hosting branch of telecommunications provider Global Crossing, hosts Yahoo. The company uses Asynchronous Transfer Mode (ATM) switches to handle its traffic.

ATM is a networking technology that uses multiple channels to allocate bandwidth, meaning that the flood of data coming in from a denial-of-service attack could be isolated from their network as a whole.

"While the Yahoo bandwidth was maxed out, there was some degradation of service for their network, but it didn't bring the whole network down," he said.

The technology is also becoming available to use routers, hardware that routes traffic on the Internet, to filter certain types of data, Mr Levy said.

There are several types of data packets on the Internet, and at least one type of a attack, uses a specific kind of data packet. With these filters enabled on the routers, only a certain amount of bandwidth is allocated for these types of packets.

Bugs in system

The major problem with denial of service attacks is that the perpetrators are using weaknesses in the design of the internet protocols, the underlying rules that govern traffic on the network.

The current version of internet protocols, the rules governing communications on the network, uses routing solely based on destination, said Javad Boroumand, the associate programme director for advanced networking infrastructure at the National Science Foundation.

This is like sending a letter in the post with no return address. It is very hard to track.

Data packets on the internet travel in "hops" as they pass from router to router to their destination.

To trace the packets back to their source would require tracing the route the data took, hop by hop, across the network, which is a very time-consuming process, Mr Levy said.

The next version of the internet protocols, IP version six, has features that allow network administrators to look at source addresses, Mr Boroumand said. But the transition to the new protocols is expected to be an expensive, slow and lengthy process.

"We expect it to be a 10 to 15-year transition when it does begin, and year zero hasn't happened yet," he added.

Old-fashioned security

Security experts agree that the best way to combat these attacks is simply with better security practices.

In the recent attacks, the perpetrators were able to surreptitiously insert denial-of-service programmes on computers across the internet.

With a simple and hard to trace command, the attackers were able to launch their flood of data against unsuspecting websites from a variety of locations.

Some administrators might think that their machines are not important enough to be hacked, but Mr Boroumand added: "The less visible you are, the better it is for them to use your machine to launch an attack."

Search BBC News Online

Advanced search options
Launch console
BBC RADIO NEWS
BBC ONE TV NEWS
WORLD NEWS SUMMARY
PROGRAMMES GUIDE

See also:
10 Feb 00 |  Business
US combats cyber attacks
10 Feb 00 |  Business
Beating the hacker attack
10 Feb 00 |  Business
US pledges net safety measures
10 Feb 00 |  Business
How the web was wounded
10 Feb 00 |  Business
Press questions web security
08 Feb 00 |  Sci/Tech
Yahoo attack exposes web weakness
08 Feb 00 |  Sci/Tech
Yahoo brought to standstill
11 Jun 99 |  The Company File
Online auction site crashes

Internet links:

The BBC is not responsible for the content of external internet sites
Links to other Sci/Tech stories are at the foot of the page.


E-mail this story to a friend

Links to more Sci/Tech stories