Internet hit by denial-of-service worm

Internet hit by denial-of-service worm

 “A large scale denial of service (DOS) attack hit the Internet Saturday, causing varying degrees of trouble to computer users and server operators around the world, according to security experts.

The problems began at around 5:30 a.m. GMT (12:30 EST), and initial reports suggest the cause was a worm that exploits a vulnerability in Microsoft Corp.’s SQL Server.”

A DOS attack is a deliberate attempt to tie up a computer with so many spurious requests to do something that it has no time to do anything else, thus slowing the system to a crawl.

These attacks are frequently launched by hackers using other computers as waystations. They crack into a system, leave files there which they can trigger remotely or which may trigger on a certain date, which launches the DOS attack on another site. And a DOS attack can come from dozens of computers at once.

Sometimes they can use password sniffers to grab a password sent in plaintext, then log on that account and through various tricks get command of the system. This recently happened at a site I use, a site managed by stone cold pros I hasten to add. They no longer allow plaintext passwords, and had to reinstall everything from scratch because the entire system had been comprised.

I used to think the security measures this site took were paranoid. I no longer think that.

From a site that was hit by this worm,

“One thing I’ll say about this worm is that on a two-processor machine, its impact is enough to saturate a T1 .

A little technical info, for those looking for it: the worm, once it infects a server, generates a slew of pseudo-random IP addresses, and then sends packets to those addresses. The packets are UDP, originating from port 1384 and destined for port 1434. On the MetaFilter machine — a dual Athlon 1900 machine with on-board 100 Mb/s networking — the worm generated an average of 2,815 packets a second, or roughly 170,000 packets a minute”

Trnslation for non-propellerheads: The website went down. 

Weblogs were instrumental in propogating news about how to stop the worm. The collaborative blog Slashdot had info on the worm and the fix very soon after the worm hit. And other blogs picked this up and spread it fast. 

A picture is worth a thousand words. A chart showing global packet loss on the Net, note the huge spike.

Lest you think attacks like these only effect geeks:

“Bank of America Corp., one of the nation’s largest banks, acknowledged that many customers could not withdraw money from its 13,000 ATM machines because of technical problems caused by the attack.”

So, who is behind these attacks? Underground groups of hacker / cracker types, probably. Why? Because it’s there and because they can. So it behooves us all to not leave doors open.