Home :: About InfoWorld :: Advertise :: Subscribe :: Contact Us :: Awards :: Events
InfoWorld HomeNewsTest CenterOpinionsTechIndex
 
 
COLUMN

 
 
E-Business Secrets
 

 
Could your site survive a denial-of-service attack?
WebTeaser:Assaults are overwhelming DALnet
 

 
By  Brian Livingston February 05, 2003  
 
 

Your e-business may not have become the victim of a DDoS (distributed denial-of-service) attack yet. But it may only be a matter of time -- and, at present, you may not have an effective way to protect yourself.

   ADVERTISEMENT
  
 

Malicious hackers are winning the DDoS war, thanks to weak security on personal computers and increasingly powerful script-kiddie tools.

The latest casualty is DALnet, one of the largest Internet Relay Chat (IRC) networks ever created. After months of DDoS attacks, DALnet was completely overloaded on Jan. 9, making its service unavailable to literally millions of users worldwide.

IRC actually predates the World Wide Web, having been invented in Finland in 1988. DALnet, which was formed in 1994, helped make IRC popular by introducing features to make it more usable and reliable.

In a DDoS onslaught, a hacker scans the Internet for computers with a security weakness, and then causes a small, Trojan horse program to install itself on those machines. These compromised systems form a "botnet," or robotic network, that the hacker can direct to flood a victim's server with so much meaningless traffic that it can no longer respond to legitimate visitors.

Because IRC is a free service and DALnet relies upon donated hosting, the recent months' attacks by thousands of bots have forced it off several ISPs, who must ensure adequate responsiveness to their paying users. But even a large business with experienced staff will have difficulty defending against a serious DDoS assault.

One source, who asked not be named, says DALnet is being victimized by a single teenager, who believes (rightly or wrongly) that the IRC service reported him to authorities in connection with an earlier hacking incident.

The teen, according to this source, was investigated at one time by police but was released for lack of evidence. The attacks against DALnet then began in earnest, using a network of thousands of unsecured, broadband-connected Windows 2000 and XP computers that have been silently infected by bots.

These Microsoft operating systems, especially Windows XP, allow unrestricted use of Raw Sockets, an Internet technology that permits users to completely disguise the origin of the attacks. Most Windows XP users would never employ this capability, but novices often misconfigure their systems, leaving them open to Trojan horses.

Once DALnet has been completely silenced, there's no reason why its attacker -- and numerous others -- can't turn against any Web site that earns their wrath. There is no way, at present, to stem the flow from such a DDoS attack and recover normal service to an e-business' regular customers.

As an industry, the Web desperately needs new methods to identify the source of DDoS incidents and divert the malicious traffic. As those defensive technologies are developed, I'll bring you the details in this space. Meanwhile, see DALnet's description of the botnet problem at: http://zine.dal.net http://bri.li/4e7e

- - - - - - - - - - - - - - - - - - - - - - - - - - -

E-BUSINESS TECHNOLOGY REVIEW: HANDS OFF THAT CELL

The ability to hold a conversation on your cell phone -- without holding anything in your hand or getting tangled up in wires -- is finally becoming an affordable reality.

One of the best examples is the Jabra FreeSpeak, a tiny device that fits over your ear and allows you to conduct calls while your actual cell phone is as many as 30 feet away in a purse or briefcase. The earpiece communicates using the Bluetooth standard but doesn't require a special phone. Any handset that comes with the standard 2.5mm jack can accommodate Jabra's add-on. See: http://www.jandr.com http://bri.li/758e

- - - - - - - - - - - - - - - - - - - - - - - - - - -

E-BUSINESS BOOK REVIEW: KILLER WEB DESIGN TIPS

Can we ever know enough tricks about HTML and the way to design (or not design) Web pages? Answering a loud "no" to that question are Joseph Lowery and Angela Buraglia, the co-authors of "Macromedia Dreamweaver MX Killer Tips."

This book isn't just of interest to Dreamweaver users. From power style sheets to browser compatibility tips, you're likely to find more than a few things within these pages that you'll wish you'd known a lot sooner. See: http://www.amazon.com http://bri.li/0735713022

- - - - - - - - - - - - - - - - - - - - - - - - - - -

LIVINGSTON'S TOP 10 NEWS PICKS O' THE WEEK

1. Online ads are becoming smarter and getting far more click-throughs: http://news.bbc.co.uk http://bri.li/446

2. SQL Slammer worm hit 90 percent of affected systems within 10 minutes: http://www.news.com http://bri.li/82e

3. How the Total Information Awareness project affects e-businesses: http://www.motherjones.com http://bri.li/c16

4. Music executive says the industry must "embrace file-sharing or die": http://www.salon.com http://bri.li/ffe

5. Site shows, minute-by-minute, what files people are downloading: http://www.accessatlanta.com http://bri.li/13e6

6. Those DVDs you're buying may wear out after two or three playings: http://www.smh.com.au http://bri.li/17ce

7. Solution is on the way for seamless 2.5G/3G/Wi-Fi roaming: http://www.internetnews.com http://bri.li/1bb6

8. Use JavaScript to enhance your own dynamic menu structure: http://www.webmasterbase.com http://bri.li/1f9e

9. HTML tips: Code to detect 10 different versions of browsers: http://www.webreference.com http://bri.li/2386

10. It's not looking good for humans in computer vs. man chess tourney: http://news.excite.com http://bri.li/276e

- - - - - - - - - - - - - - - - - - - - - - - - - - -

WACKY WEB WEEK: WHAT MOVIE SHALL WE SEE NEXT WEEKEND?

If you're the kind of geek who grew up reading comic books (and, hey, who didn't?), you'll love the way what I'd call "cinema of the super-powered" is breathlessly covered at SuperheroHype.com.

The site -- which makes money selling merchandise, posters, and so forth -- currently links to clips for upcoming features such as The Hulk, which is due this summer, and Daredevil, opening on Feb. 14 (how romantic). The hype is almost as much fun as the movies. See: http://www.superherohype.com http://bri.li/c3ae

- - - - - - - - - - - - - - - - - - - - - - - - - - -

E-BUSINESS SECRETS: Our mission is to bring you such useful and thought-provoking information about the Web that you actually look forward to reading your e-mail.

ABOUT THE AUTHOR: E-Business Secrets is written by InfoWorld contributing editor Brian Livingston: http://SecretsPro.com

Research director is Vickie Stevens. Brian has published 10 books, including:

Windows Me Secrets: http://www.amazon.com http://bri.li/0764534939

Windows 2000 Secrets: http://www.amazon.com http://bri.li/0764534130

You'll receive a gift certificate good for a book, CD, or DVD of your choice if you're the first to send Brian a Top Story or Wacky Web Week he prints. mailto:Brian@SecretsPro.com




 
Brian Livingston is publisher of BriansBuzz.com. Send tips to him at brian@briansbuzz.com.

  More Brian Livingston columns
  Join a discussion on Brian Livingston's columns

 
 
LATEST APPLICATION DEVELOPMENT WHITE PAPERS
PeopleSoft - Optimize every IT investment with PeopleSoft ESA
PeopleSoft Enterprise Service Automation IT Management Solution allows you to achieve complete visibility over your IT investments and keep them aligned with your overall corporate objectives. Read a white paper on PeopleSoft ESA and learn how you can bring discipline to IT.

Compuware VANTAGE - Preview the latest application management solution
Delivering superior application service just got easier with VantageOne*, and we can explain how with a sneak peek into this unique offering. VantageOne combines Vantage, Compuware's premier performance management technology, with on-site services from Compuware IT professionals in one affordable package.

Verity Ultraseek - FREE CASE STUDY on The Johns Hopkins Institutions
- Nearly a thousand internal and external websites - Hundreds of different file formats - An extended education and healthcare system with a world-renowned university, hospitals and research centers Read the FREE case study on The Johns Hopkins Institutions and find out how Verity Ultraseek brought all this together.



SPONSORED LINKS
enKoo - Web access your PC & servers. Scalable & failover appliance.
Xerox - Free Download. InfoWorld Special Report on Color Workgroup Printers
Toshiba - Click her for chance to win a Toshiba(R) portable DVD player!
Cisco - Register Now: Annual Cisco User Conference
SAP - Get operational control now. Click here for free METAgroup ERP summary
INFOWORLD MARKETPLACE


Backing Up Open and In Use Files Free White Paper - "How can you ensure system backups are accurate and complete? Find out how with Preventing Data Loss During Backups Due to Open Files, a free White Paper for industry experts."
Win $25,000 for your Windows Mobile application - Submit your best applications for Windows Mobile-based Pocket PCs and Smartphones. Four (4) grand prize winners receive US $25,000 and application distribution and 20 finalists receive featured promot...
Complementary Web Seminar From RSA Security - Join RSA Security Inc for a FREE Web Seminar: Can You Afford a Loophole in Trust? Register Today!
Download Sun Java(TM) Studio Creator Early Access - After much anticipation, the first public release of this exciting developer tool is available NOW! Download the Java Studio Creator Early Access release and find out what all the buzz is about!
DevTrack - Market leading defect tracking from TechExcel - DevTrack is a powerful, affordable and easy to use solution for project and defect tracking. It comprehensively tracks and manages all product defects, change requests, and other development issues.





 
 HOME  NEWS  TEST CENTER  OPINIONS  TECHINDEX   About InfoWorld :: Advertise :: Subscribe :: Contact Us :: Awards :: Events 

Copyright © 2004, Reprints, Permissions, Licensing