Leading users, security vendors, and Internet Service Providers (ISPs) have decided to pool their resources to help ward off unwanted Distributed Denial of Service (DDoS) attacks. At the Networld & Interop conference, they announced the DDoS Working Group, which plans to improve communications among Web hosting companies and ISPs and to outline standards so different intrusion systems can share information. The group’s immediate goal is to help companies respond to DDoS attacks more effectively. In the longer term, it hopes to help companies put the pieces in place to prevent these attacks.
| "The consortium has three objectives: to improve information exchange among companies, to implement policies and procedures to reduce downtime from attacks, and to develop standards for network- monitoring tools." |
The consortium was formed in response to the high profile attacks against leading Web sites that occurred in February 2000. During a DDoS attack, a hacker bombards a site with excessively large volumes of traffic that knock it offline. In February, Yahoo Inc. was down for more than two hours and similar problems occurred at Amazon.com Inc., Buy.com Inc., eBay Inc., ETrade Inc., Excite@home Inc., and ZDnet Inc.
A 15-year-old Canadian boy is believed to have created the problems. He was apprehended in April 2000 after bragging about his exploits in a hacker newsgroup, has pleaded guilty, and is now awaiting sentencing.
Since then, sporadic attacks have plagued commercial and government Web sites worldwide. Currently, Web hosting firms and ISPs have limited recourse when such problems arise, because they cannot easily identify where attacks are coming from and shut down the transmissions creating the problems. In February, these companies were able to get their customers’ sites back up only after the hacker stopped his attack.
The DDoS Working Group would like to change that. The group includes users directly affected by these intrusions, such as eBay and Yahoo; security vendors like Check Point Software Inc., Network ICE Inc., and Recourse Technologies, Inc.; ISPs such as America Online Inc.; and law enforcement agencies like the Federal Bureau of Investigation.
| CrossLinks |
To get a weekly update on the networking world and EarthWeb’s networking content, sign up for the CrossNodes Networking Industry Update newsletter. Each issue includes a new article that tells you the latest about the industry, and also provides descriptions and links to all the new Networking & Communications content posted during the last week. |
DDos Working Group Goals
The consortium has three objectives. We would like to improve the information exchange among different companies, some of whom may be competitors, says Henry Teng, CISSP, Senior Manager, KPMG International LLC, of New York. Such exchanges could help companies in the early detection of DDoS attacks.
Second, the group wants to implement policies and procedures to reduce the downtime from these attacks. Our goal is to have any outages last for minutes rather than hours, says Teng.
Last, the consortium would like to develop standards so various network-monitoring tools can thwart these attacks. The DDoS Working Group is building on the Internet Engineering Task Force’s Request for Comments 2267 specification, which provides router-filtering functions that help defend Web sites. While it represents a good starting point, that specification falls short of customer requirements. Since each network monitoring tool relies on a proprietary protocol to collect information, it is difficult consolidate management data and determine the source of a DDoS attack, notes Robert Graham, chief technology officer at Network Ice, a San Mateo, Calif., security software supplier. Standard interfaces are needed to solve that problem.
Although the group has made progress since its formation, more work has to be done. DDoS represents a complex, difficult problem, concludes KPMG’s Twang. We do not have a complete solution yet, but are moving toward one. //
Paul Korzeniowski is a freelance writer in Sudbury, Mass., and specializes in application integration issues. His electronic mail address is paulkorzen@aol.com.
