Phlogiston Blue Blue book review - Joel Spolsky: User Interface Design for Programmers

Going into Denial

In April Edinburgh UK based ISP edNET was brought to its knees by a Distributed Denial of Service (DDoS) attack. It effectively took the ISP off the air for twelve hours. Sadly, this is not an isolated affair - DDoS attacks, which flood the victim's network with spurious traffic, are becoming more common.

The first DDoS attacks were very high profile, taking out such luminaries as eBay. Inevitably, after a short while, DDoS attacks became 'old' news, and tend not to make the headlines any longer. DDoS attacks are very difficult for the victim to cope with because they come from a wide variety of sources simultaneously, rather than just one computer.

What happens is that the attacker gains control of a large number of computers scattered around the Internet and uses them to launch simultaneous attacks against the victim. Control of the computers used to launch the attacks is usually achieved via a known security vulnerability in their operating system. Part of the problem is that computer's owner often has no idea that his or her computer is being used as part of a DDoS attack, and even if they are told this is happening, they lack the skill and knowledge to do anything about it.

The original DDoS attacks were launched by hijacking severs on the net, but that isn't so easy these days because they high volume of traffic immediately shows up on the traffic monitors. In addition vulnerabilities to powerful servers are usually patched pretty rapidly.

However, the growth of consumer broadband links to the Internet, coupled with the power and lack of security of entry level computers has created opportunities to hijack a new category of computers for use in DDoS attacks. Added to this is the fact that broadband connected computers are often left on and connected all the time, so that the attacker doesn't even have to wait for them to come onto the net.

Finally, there is a growing sophistication amongst the writers of DDoS software. They are now producing programs capable of compromising the programmable routers at the heart of the Internet message passing system and using those in DDoS attack.

So, is there no hope of halting this type of attack? Well, yes there is. The problem is that it lies in the hands of the already cash-strapped ISPs. They need to set up facilities to reject all data and control packets originating in their network that don't carry addresses belonging to their networks. This would reduce the problem by several orders of magnitude, eventually making it a form of attack not worth pursuing. The problem is, of course, that the solution takes time, equipment and, of course, money.

But, eventually, they will have to do it. The only question is how bad will it have to get before they are forced to take action. Not much worse, I hope, but I'm not holding my breath.

Alan Lenton
14 April 2002

Read other articles about computers and society

Back to the Phlogiston Blue top page

If you have any questions or comments about the articles on my web site, click here to send me email.