Why Business Fears Distributed Attacks
For years, in the security industry, analysts have been spreading the
anxiety of massive distributed attacks against sites. They have described
to clients the possiblity of a similtaneous, parallel system attack pulled
off with military like precision. To many, it looks like that day has
actually arrived. During the recent attacks on the Pentagon, many people
in the media were eluding to everything from third-world military and
terrorist organizations to a single "script kiddie" playing with some new
toys. The real truth, however, is that all these things may be the case,
or none of them. In the Pentagon incident we have press releases, media
gossip and tons of hype but the one thing we don't have is the truth. Out
of the whole scenario, the only things we know for sure are that there
will be more fear and more attacks.
The problems demonstrated by the distributed attack scenario are many.
First, you have the basic concept of a large group of system crackers
attacking one system with many resources, an immense amount of bandwidth
and a cooperative mind. System administrators, and their corporate bosses,
already fear break-in's so a chance of a massive scale penetration is a
natural sleep thief for them. Secondly, many administrators feel that they
may be able to defend their systems against a lone attacker, but few
believe that they could defeat an entire legion of system attacks across a
broad band of hosts. Many feel that their current firewalls, intrusion
detection systems and logging tools will be less effective against
logically grouped attacks existing just under the delicate thereshold that
these systems monitor. In addition, you have the extended probability that
a high visibility attack may simply be the smokescreen or time-wasting
bait used to cover a more dangerous and thorough attack elsewhere on the
network. Lastly, and certainly not least, security adminsitrators are
alarmed at the growing availability and granularity of the underground
knowledgebase available on the Internet. New exploits are being
discovered, coded, quantified, explained and canonized on web sites around
the world at an alarming pace.
System administrators have begun to report an increase in advanced probes,
port scans and specific vulnerability tests from the Internet. New tools
available in the underground, and the increase of both raw computing power
and low level operating systems have made this situation even more
apparent. More and more underground users have made the switch to Linux
and other free Unix based OS derivatives creating a more technical and
programming savvy band of hackers. Or at least that is what many security
experts are claiming.
On the other hand these same new tools and bandwidth excesses make
deception by the underground even easier than a massive attack. Many of
the new tools are capable of using address spoofing, parallel scanning and
other technologies that make even a simple port scan appear to be a
"massive ditributed attack". Sites are being recorded and published that
offer access for attack pass-throughs and these are growing in number
everyday as new users expand home networks into Internet space via cable
modems and ADSL. And yes, the membersof the underground have taken notice.
The bottom line is that business and other organizations do indeed need to
fear massive distributed penetration attempts. These types of attacks are
certainly become more possible and perhaps even probable, though a paniced
reaction certainly needs to be avoided at all costs. As always, things may
not appear to be as they are. The key here is to read, study and become
familiar with the tools and protections available to you. And yes, a few
tests are probably in order...