Do Computers Dream of DCA Attacks?

Week of March 16, 2000

Does your computer sleep peacefully at night? Or is it having nightmares while you do? Or are you the one having nightmares while your computer goes on, completely unaffected? It's hard to know what the truth is right now, and there are any number of truth vendors out there, trying to sell you their story. For all you know, they're trying to make a buck off it at the same time.

But what are the dangers? The pranksters or the media who want to turn them into cultural heroes? Are there real threats afoot, or is the media just making the most of it again? Who has vested interests in what's going on? And what is really going on?

It's not easy to figure all that out. The only sure thing is that the temperature is rising. The net has become a war zone - or at least its netizens are starting to see it as one.

CERT has been warning for some time, but suddenly the other week it hit - a massive DDoS (DCA) attack against some of the most powerful sites on the web: Yahoo, eBay, CNN, et al. And when the FBI announced its full scale investigation, their site was hit too. American President Bill Clinton called for an emergency summit, with Mudge as guest of honor. The ramifications of what happened cannot be underestimated.

On the other end of the scale, the cable modem is introducing net surfers to new threats relatively unknown in the world of the dial up connection: once identities are established and configuration weaknesses known, unwitting users become easy prey for all kinds of crippling attacks. The dial up modem made this difficult; the cable modem makes it more fun than a turkey shoot.

Regardless of the 14yo pranksters out there, the interest in reliable defense mechanisms has grown at an alarming rate. The WebAttack archive has recently added a dedicated security URL which deals with these matters alone. The web is drowning in information and pseudo information about what can be done to protect one's computer. It's hard to know where to turn. Therefore a number of general rules and links to help get you where you need to go.

• If you're on a cable modem, you're a target. The whole process starts by a prankster probing your machine; if your machine responds, the prank software will make note of this so the prankster can come back later and have fun bringing your computer down. As long as your connection is static, i.e. your IP constant, the information the prankster gets on the initial probe will be valid - and you can count on the prankster coming back again.

• Most pseudo security software will actually increase the chances of being attacked. Rather than wait in silence for signs of intruders, these pre-fab rip off applications broadcast your presence and make it all the easier for the pranksters to single out your machine for further probing. Rather than running to Usenet and picking the first download URL you find there, you should wait.

• Make sure you have all the facts before you do anything. And don't ever do anything if you don't understand all the facts. There are a number of measures you can take immediately to protect your computer without adding any software at all, but you must be aware of what you are doing before you do it.

• Read up on the subject. If you haven't been there yet, check out the Shields UP! pages at http://grc.com. Run your computer through the online tests to get a preliminary assessment of your situation. And then take time to read through the wealth of information until you feel you really understand what's going on and are prepared to take action on your own.

• If there's anything you can do at this point to improve the security of your machine without adding any software, by all means do it. Systems running 9x are going to be much more vulnerable, and for a number of reasons. Trust the tests at Shields UP! - if they say your system is safe, then don't do anything. If they say you're a target, then get to work.

• Visit the excellent PC Help site at http://pc-help.org. PC Help has a wealth of information available too.

• Don't forget Rob Rosenberger's http://kumite.com either - most of the hysteria over new threats is just that - hysteria - and little more. If anyone is qualified to know what's really going on, it's Rob.

• Do not go investing in any protection software until you've really done your homework. As the above sites point out, most of the tools available today (and usually at exorbitant prices too) are pure rip offs and actually make matters worse. Akin to leaving your front door open and unlocked in the hopes of catching a burglar.

• There are excellent free tools out there - these sites can point you in the right direction. Take their advice and give it a whirl.

• Check back with radsoft.net from time to time. New developments in the destruction industry might make it necessary to take further measures, or install new protective software. Rumors of new threats might be unfounded, and reading up before reacting might save you a lot of time and worry.