Internet infrastructure targeted for attacks

Denial of Service attacks are still a major threat to the Internet and are becoming more serious as attackers are increasingly creating automated attack tools and focusing on network infrastructure such as routers, according to a new paper released this week by the U.S. government-funded Computer Emergency Response Team/Coordination Center (CERT/CC).

Denial of Service (DoS) attacks are those in which an attacker floods a target computer with false requests for information, overloading that system and keeping it from responding to legitimate requests for service. Distributed Denial of Service (DDoS) attacks perform the same actions, but do so using multiple computers worldwide to flood the target system.

DoS attacks are constantly evolving and are more automated, self-propagating and faster to deploy than ever before, according to paper authors Kevin Houle and George Weaver, both CERT/CC employees. A number of the most recent and high-profile worms, such as Code Red and Nimda, underscore this point, they wrote. These developments have led to a “steady increase in the ability for intruders to easily deploy large DDoS attack networks,” they wrote

Beyond automation and self-propagation, DoS attacks are increasingly focusing on routers – hardware devices that help determine where traffic is sent on the Internet, according to the paper. Routers can be taken over as a result of poor configuration or administration, they wrote.

Router attacks are “of extreme concern” due to “the potential of routers being used for DoS attacks based on direct attacks against the routing protocols that interconnect the networks comprising the Internet,” they wrote. Such an attack could potentially severely affect the travel of traffic on the Internet.

“We believe this to be an eminent and real threat with a potentially high impact,” Houle and Weaver wrote.

Attackers are drawn to routers, according to Houle and Weaver, “because they are generally more a part of the network infrastructure than computer systems and thus may be ‘safer’ in the face of attacks from rival intruders.”

Another new development in the evolution of DoS attacks are the means used to control them, the authors wrote. IRC (Internet Relay Chat) networks are now being seeded with “bots,” or automated tools, to control DoS attacks, replacing the manual systems that were once used for attacks, they said. The use of IRC networks poses a particular challenge to those who would fight off DoS attacks, as these networks are public venues and can’t necessarily be taken offline easily, Houle and Weaver wrote.

The authors also found that DoS attacks are increasingly being targeted against end users of the Windows operating system. End users have only rarely, if at all, been targets for DoS attacks in the past. Attackers are trying to exploit security holes in Windows, based on the perception that Windows users are generally less technologically savvy than other users, they wrote.

The authors did allow that there is “enough truth to the perception to provide a potential reason for the effectiveness of intruders specifically targeting Windows end-users.” To combat these attacks, they suggested that users employ personal firewalls.

DoS and DDoS attacks are going to continue and going to evolve further, Houle and Weaver wrote. Though the purpose of their paper, they write, is more to highlight and discuss the issue, rather than solve it, they do “encourage Internet sites to carefully consider the trends … discussed (in the paper) and evaluate how security policies, procedures and technologies may need to change in order to address the current trends in DoS attack technology.”

CERT, in Pittsburgh, is at