Security Focus: White Papers: Denial of Service and Y2K

Security Focus: : White Papers: Denial of Service and Y2K

by Jerry Zepp, 11-09-1999

Interprise Security Group staff members spend much of their time researching current security issues and keeping abreast of current events in the computer underground. As with many security think-tanks and corporations, staff members often go undercover in Internet Relay Chat and other Internet forums, posing as "hackers" to learn the latest tactics and strategies used by the underground in their attacks on computer networks like yours.

There has been some talk in the press in the past couple of months about a large-scale, organized disruption of service by certain elements of the computer underground correlated with the New Year, to increase the confusion that may be caused by Y2K issues. Interprise Security Group staff members have seen first hand the coordination that is going on in the underground community to maximize the impact of Y2K.

It is our estimation that this massive coordination of thousands of hackers world-wide launching denial of service attacks all at the same time could have a large impact on the world�s computer networks. Although there are no absolutes in the computer industry, we consider it a wise move to do what we can to inform our partners of this issue, and offer services to help mitigate our partner�s vulnerability to the possibility of being the victim of a denial of service attack.

Although some denial of service attacks cannot be mitigated, the vast majority can. There are two main types of denial of service attacks, Bandwidth Attacks, and System Attacks.

Bandwidth Attacks by and large do not rely on specific vulnerabilities on the networks themselves, but target the bandwidth available to the network. If enough traffic is generated to consume all of the available bandwidth on any given network, then that network is no longer capable of communicating with other networks. If the attacker has more bandwidth available to him or her to launch one of these attacks than the target of the attack has, there is no way to stop this sort of attack in the short term. There are steps you can take, however, to keep your network�s bandwidth from being used by an attacker to help in a denial of service attack against someone else.

System Attacks, on the other hand, rely on specific vulnerabilities in the operating systems and system services on the machines themselves to render the systems unavailable to legitimate traffic. These vulnerabilities can be identified and mitigated before an attack occurs. It has been estimated that up to 90 percent of all systems attached to the Internet today are vulnerable to at least one remote denial of service attack. This kind of percentage is exactly what computer criminals are relying on to make the New Year�s Eve attack as effective as possible.

As part of our Internet Presence Vulnerability Assessment, ISG evaluates all operating systems and system services on your network for just such vulnerabilities. We will make you aware of all such vulnerabilities, both denial of service and remote compromise, and inform you of what needs to be done to mitigate those vulnerabilities before someone tries to exploit them.

We have found that, on average, it takes our clients about two to three weeks to address the vulnerabilities that we uncover in our testing. Due to holiday time before New Years, we suggest that interested partners acquire our report on or before the first of December.

For More Information Contact:
Interprise Security Group
7314 Carriage Creek Road, Woodstock, GA 30189
Tel: +1 (770) 517-2685
FAX: +1 (770) 517-2685
Internet: [email protected]