Denial of Service Attacks Expected

There is a high probability that the U.S. critical computer infrastructure, such as the Web site of the U.S. Department of Defense, is being targeted for Distributed Denial of Service attacks by cyberprotestors, according to a warning issued Friday by the National Infrastructure Protection Center (NIPC). The center is the U.S. Federal Bureau of Investigation's cybersecurity arm.

Denial of Service (DoS) attacks are those in which a target computer system is flooded with false requests for information to the point that it is unable to respond to legitimate requests, denying them service. Distributed Denial of Service (DDoS) attacks, the more damaging relative of DoS attacks, are those that use multiple computers worldwide to launch their attacks and are harder to combat. DdoS attacks knocked high-profile sites such as Amazon.com, Yahoo.com, and EBay.com offline over the course of a week in February 2000.

Online protests, both pro- and anti-United States, have been frequent since September 11, but have largely been limited to Web site defacements, the NIPC said. Although the DDoS activity that has gone on so far has been minimal, and mostly limited to attacks between protest groups, protestors have indicated that U.S. infrastructure will be a target, the NIPC warning said. But businesses and organizations unrelated to the September 11 attacks also could be targets, the NIPC said.

The NIPC cautioned organizations to "take a defensive posture and remain vigilant." The center also referred systems administrators to a list of best security practices offered by the government-funded security research body CERT/CC.

Conflicting Forecast

There may be no cause for alarm, however, as one company that tracks DoS and DDoS activity, SecurityFocus, hasn't seen much evidence that such an attack is imminent. SecurityFocus uses a product it sells called ARIS Predictor to monitor corporate networks in more than 138 countries to determine and predict attack trends and patterns. Though SecurityFocus had detected a 3 percent rise in the rate of communication between master computers that would control DDoS attacks and the systems used to launch the attacks, this is not a significant increase, said Arthur Wong, CEO of SecurityFocus. The master computers are ostensibly operated by hackers and would use systems called zombies to launch the attacks.

"At this point, we haven't seen any increase that is significant," Wong said. The increase that the company has seen "doesn't indicate that there's an attack imminent," he added.

The cyberprotest groups mentioned by the NIPC have been active, but their activities have so far been small scale, Wong said. In fact, "since September, there hasn't been a lot of significant [attack] traffic," he said. This may signal that "people are beginning to be more reluctant to launch frivolous attacks," he said, although at the same time he cautioned that this means that "when you do get attacks, they're going to be more serious."

Notwithstanding SecurityFocus' data, attacks could be pending, Wong said. Even if they're not, however, organizations ought to heed the NIPC's advice and take steps to better secure their systems, Wong said.