Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] PCWorld über die DOS-Attacken auf das IDNS



Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------

http://www.pcworld.com/resource/printable/article/0,aid,106616,00.asp

FBI Finds Source of Internet Attacks
 
Last month's denial of service attacks against Internet's core servers 
have been traced to computers in U.S. and Korea.
Paul Roberts, IDG News Service
Monday, November 04, 2002

The distributed denial of service attacks against 13 of the Internet's 
core servers has been traced to computers in the U.S. and Korea, 
according to statements made by U.S. Federal Bureau of Investigation 
director Robert Mueller.

The FBI director, who made the statements while speaking at a conference 
in Falls Church, Virginia, would not elaborate on what information his 
agency has obtained, saying that the investigation was ongoing.

"I can't give you a brief on where the investigation has led us," 
Mueller said, according to a transcript of his comments provided by the FBI.

Under Attack

The attack, which began on October 21 
<http://www.pcworld.com/news/article/0,aid,106239,00.asp>, flooded all 
13 of the root servers of the Internet Domain Name System, a network of 
computer servers that communicate by matching up Internet domains used 
by people with numeric equivalents used by computers.

All 13 of the root servers were flooded with Internet traffic 
<http://www.pcworld.com/news/article/0,aid,106266,00.asp> using ICMP 
(Internet Control Message Protocol) at more than 10 times the normal 
rate of traffic, said Brian O'Shaughnessy, a spokesperson at VeriSign 
after the DDOS attack happened. VeriSign manages the "A" and "J" root 
servers.

Roughly two thirds of those servers were temporarily disabled or 
severely hampered in serving legitimate user requests by the attack, 
according to O'Shaugnessy and others. However, four or five of the 13 
servers remained online throughout the attack and the majority of 
Internet users did not experience any interruption in service.

Broadband Access

South Korea, along with the U.S. is a frequent source of cyberattacks 
because of the large number of computer users in that country and the 
widespread availability of broadband Internet access such as a DSL or 
cable modems.

Unlike machines that connect to the Internet using dial-up modems, 
machines with broadband connections maintain a constant, high-capacity 
connection to the Internet when they are turned on. As a result, 
attackers, viruses, and e-mail worms can compromise these computers 
often without the knowledge of the computer's owner. Those machines then 
act as "zombies" in a distributed denial of service attack, controlled 
remotely by the attacker and used to send a steady stream of information 
packets to the targeted Web site or server.

Allan Paller of the nonprofit SANS Institute said Friday that 
investigators may be able to use billing logs from the Internet service 
providers involved to trace the attacks back to their source.

Seeking the Source

However, Paller noted that lists of machines that are known to have been 
compromised by hackers or worms such as Code Red and Nimda 
<http://www.pcworld.com/news/article/0,aid,104957,00.asp> are frequently 
traded on the Internet. Investigations into the source of the October 21 
attack will likely lead back to those compromised machines in the U.S., 
Korea and elsewhere.

 From there, the job of identifying the actual perpetrators gets more 
difficult.

The fact that computers in Korea took part in the attack does not mean 
that the attackers were Korean, Paller said. Attackers frequently 
compromise and control such machines from afar using one or more 
intermediate machines to cover their tracks.

Mueller did not say whether any progress had been made in locating the 
actual perpetrators behind the attack and an FBI spokesperson would not 
comment on whether the agency is close to identifying the individuals 
responsible for the DNS attacks.






---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.