Site icon IT World Canada

Is DoS taken seriously enough?

There I was, July 20, in the business centre of a hotel in downtown Paris when my personal denial-of-service nightmare began. I was downloading the 423 e-mail messages that had accumulated during two days of travel and it was taking what seemed like forever.

I assumed the hotel just had a bad connection and so I watched as the mail dribbled in and the better part of an hour vanished. Just as I was receiving the last message, wham! My laptop died.

Without warning and for no discernible reason, the machine stopped dead. Despite my best efforts, which included changing batteries, looking for loose connections and telling the machine I would find an axe and give it a reprogramming it would never forget, it remained obstinately a digital stiff – an ex-laptop.

I returned to my room with a feeling of emptiness that can only be appreciated by other computer addicts who have been parted from their ‘puters with no alternative in sight. In my case, this deficiency was to last another six days!

Anyway, I switched on CNN to find that my denial of service (caused, I suspected, by angering the gods of laptop computing) was nothing compared with the denials of service in progress in the wider world.

It turned out a train fire in a Baltimore tunnel July 20 let loose large quantities of noxious chemicals and created a major service problem for vast areas on the Internet. It seems the tunnel was a primary route for fibre-optic cables used by many big ISPs. The accident destroyed the cabling and slowed communications on the ‘net. The problem was widespread enough that the slow connectivity in Paris was probably due to that same accident (I was retrieving my mail from a computer on the U.S. West Coast).

I find it interesting that the U.S. telephone companies have major circuits in one physical location. It creates a situation analogous to configuring the U.S. highways so a car accident on the New Jersey Turnpike causes gridlock in Los Angeles.

Now, wouldn’t you think that the government would be concerned about such a situation? Here’s a national service critical to the economy and it can be taken out without much effort (I suspect one lunatic with a chain saw could have the same effect).

Such a situation makes you wonder if the government is taking the idea of info-terrorism seriously.

Anyway, as if the train tunnel problem wasn’t enough, another denial of service – this one caused by human maliciousness – was also causing widespread problems. It seems some jolly hackers decided to pick on the White House and mounted a distributed denial-of-service attack. This involved a significant number of machines and, combined with the train tunnel problem, created even worse Internet traffic woes.

If you haven’t looked into denial-of-service attacks, check out Gibson Research Corp.’s Web site (www.grc.com). There you will find a fascinating and detailed account of how Steve Gibson dealt with a distributed denial-of-service attack mounted by three 13-year-olds who heard Gibson had insulted them. Their attack basically took grc.com off the Internet for days until their ISP added filtering to their routers.

Just imagine the cost of this attack: days of Gibson’s time, days of the ISP’s time, lost service, lost revenue – it all adds up fast. Now think of what the distributed denial-of-service attack on the White House must have cost!

What are we going to do about these infrastructure problems? We have a highly vulnerable physical fabric, which supports nationally strategic services and transports costly information, combined with a protocol suite that is itself highly vulnerable to attack. The longer we leave this problem unsolved, the harder it will be to implement a fix in the future.

Gibbs is a contributing editor at Network World (US). He is at nwcolumn@gibbs.com.

Exit mobile version