ICSA.net puts DDoS-readiness on testing block

Corporations that reconfigured their routers in the wake of February’s distributed denial-of-service (DDoS) attacks against Yahoo, Ebay and other Web sites now have an opportunity to test the success of their new filters.

The Alliance for Internet Security, in cooperation with founding member ICSA.net, has released a free downloadable tool, NetLitmus (available at www.icsa.net/html/communities/ddos/alliance/index.shtml), that will measure whether a company’s egress filters, which prevent spoofed packets of information from leaving its network, are working.

“It doesn’t cost anything,” ICSA.net representative Cynthia Ingle said of both NetLitmus and membership in the alliance. However, companies are required to sign a pledge agreeing to abide by security measures that will prevent DDoS attacks in the future.

The 1,349-member alliance was formed in February following the DDoS attacks that toppled seven sites in the first week of that month. The e-commerce sites were unable to handle the tidal wave of information sent to them by more than a hundred “zombie” servers, which had been compromised by hackers planting flood programs months earlier.

The hacker tools, which aren’t viruses as they aren’t self-replicating, operate by sending out tens of thousands of packets of information under fake IP addresses through a network server, making it almost impossible for sites to quickly decipher where the attack is coming from. The February attacks were launched mainly from unprotected university servers.

The alliance has taken the position that companies must take some responsibility to ensure spoofed packets do not exit from their own servers by placing egress filters on the servers’ border routers.

“It’s like the telephone system,” described Paul Robertson, a senior developer of NetLitmus for ICSA.net. “When you pick up the phone to dial a number, your phone has a specific telephone number, and that’s associated with a certain circuit, and that’s associated with a certain port configuration on the local phone switch in your neighbourhood.

“You don’t get to pick where your call is coming from. When you dial somebody’s number, you can’t plug in and say, ‘I’m going to make this call come from [Jean Chr