E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by Bennett Gold LLP, Chartered Accountants

Effective December 31, 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering articles from the period 1999 to 2012.


Source: InternetNews.com

Posted on August 14, 2000

      This week marks the six-month anniversary of February's denial of service attacks that paralyzed several high-profile Internet sites.

      While many system administrators have since beefed up their defenses to prevent such packet floods, a new survey reveals there are still tens of thousands of networks wide open.

      In the latest Internet scan by Project Gargimel, more than 100,000 machines were found to be exploitable as hosts for Smurf attacks. In such denial of service attacks, an attacker pings or sends packets to a vulnerable amplifier site, with a spoofed or bogus return address. If the server is misconfigured to answer the requests, it can become an unwitting complicitor in a DoS attack on a third-party site.

      According to its survey completed Aug. 8, Project Gargimel found 125,102 networks which allow these Open IP Directed Broadcasts. Among them are machines operated by companies including PSINet and Southwestern Bell Internet, as well as the State of South Carolina and Arizona State University.

      Atop the list of potential Smurf amplifiers is one operated by Aller, a Norway-based publisher of consumer magazines. According to the survey, the Aller network is set up to reply with 10,545 responses to any ping request.

      "Should they have enough bandwidth, if you send them a 1-kilobyte stream, you would get 10.545 megabytes back. That's what makes Smurfs so dangerous -- the multiplication factor," said Craig Huegen, an independent security consultant and the author of a respected white paper on Smurf attacks.

      Huegen, who is not affiliated with Project Gargimel, said the number of vulnerable networks has increased since an earlier survey prior to the major denial of service attacks last spring. However, the number of networks like Aller's which return hundreds or thousands of packets has decreased.

      One reason for this positive trend, according to Huegen, is that knowledge about defending against Smurf attacks is spreading among system administrators. Another is new policies by router makers such as Cisco which have begun setting the default configuration of their software to prevent Smurf attacks. Still, the sheer number of networks on the latest survey shows the industry still has work to do.

      "If you haven't updated your software or you don't know about the problem, your network could go down some day because some kid is redirecting traffic at a victim. I still have people tell me, after I've alerted them to the problem, `I wondered why my network was slowing down,'" said Huegen.

      Near the top of the list of Gargimel's most-vulnerable networks is one operated by the Utah Education Network, an electronic consortium of public schools, universities, and television stations in that state.

      Troy Jessup, system security administrator for UEN, said he was not surprised to learn that one of its machines was a prime launching pad for Smurf attacks.

      "We'll definitely look into it. We strive to keep our infrastructure up to date and secure, but once it's in the hands of a local high school for instance, there's only so much we can do, because we're just the Internet service provider for them," said Jessup.

      While education may be the best defense against Smurf attacks, shaming system administrators into closing vulnerable networks may backfire, according to Huegen. "I worry that publishing a list of sites mainly benefits the bad guys," he said. Brian Gemberling, the author of Project Gargimel, was not available for comment Friday. A note at his site says he will remove networks from the list once they notify him that they've fixed their security problems.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold Chartered Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.