Our Vulnerable Internet
In this Washington Post article, it is reported that Blue Security has surrendered to the spammers. However, what scares me is the collateral damage in this battle against spam:
According to information obtained by Security Fix, the reason is that the attackers were hellbent on taking down Blue Security’s site again, but had trouble because the company had signed up with Prolexic, which specializes in protecting Web sites from “distributed denial-of-service” (DDoS) attacks.
These massive assaults harness the power of thousands of hacked PCs to swamp sites with so much bogus traffic that they can no longer accommodate legitimate visitors. Prolexic built its business catering to the sites most frequently targeted by DDoS extortion attacks — chiefly, online gambling and betting houses. But the company also serves thousands of other businesses, including banks, insurance companies and online payment processors.
For the past nine hours, however, most of Prolexic’s customers have been knocked offline by an attack that flanked its defenses. Turns out the attackers decided not to attack Prolexic, but rather UltraDNS, its main provider of domain name system (DNS) services.
UltraDNS is the authoritative DNS provider for all Web sites ending in “.org” and “.uk,” and also markets its “DNS Shield” service designed to help sites defend against another, increasingly common type of DDoS — one that targets weaknesses inherent in the DNS system.
Should we be scared? These people were able to take down two vendors (UltraDNS and Prolexic) that specialize in anti-DDOS. Last June 2004, Akamai, another vendor touting anti-DDOS features, was also taken down. Is the Internet really that vulnerable? Are we safe?
Bots and zombies are the main tools for these attacks. The difficulty faced by providers is that there is no easy way of determining whether an attempt is valid or invalid. A lot of research has gone into this already. Maybe, we should step it up and make plans for fixing the weaknesses inherent in the present day Internet. A lot of these problems are not necessarily brought about by poor technology. In most cases, it is just about poor implementation (vulnerabilities and weakness brought about by poor administrators, poorly written software, poorly implemented solutions and the like). We, as Information security researchers, must make this our top priority. As more and more of the world’s infrastructure move to the Internet, it becomes more crucial that we find solutions to problems like this.
May 23rd, 2006 at 1:23 am
[…] In a previous blog, I discussed how vulnerable our Internet was to attacks and that there are really no hard and fast solutions to these problems. Plus the fact that there are a good number of times that when you report a vulnerability you get in trouble because your guilt is presumed. This and other reasons make it difficult to ensure that systems are in tip top shape (security-wise). What makes things worst are inherent weaknesses of the Internet that can be exploited such as the Domain Name System (DNS) and the use of Distributed Denial of Serivce (DDOS). These problems affect everybody and do not single out a paricular country or region as vulnerable. […]