Today, the packet's path as it hops from router to router in an attempt to reach its final goal is not recorded. So his group will continue to work on the problem.Īnother IETF group is working on improving security by tracking the flow of data packets through the Net, that is, IP traceback. "Hopefully we can get to that stage," he said. While this filter format was only good for this particular case, Teng would like to come up with a format that everyone could use. IBM's Palmer, working with Teng, devised a filter that would mask sensitive information for a particular site while an attack was in progress. So the goal is a common data-sharing format. The stumbling block was the risk of divulging proprietary information while ISPs and site operators communicated about an on-going attack. But the working group found it impossible to devise a process that all ISPs could share collectively. The procedures were quite detailed, Teng said, but "were so manually intensive that they would be really hard to implement." Two of the ISPs, AboveNet Communications, San Jose, Calif., and Sprint Corp., Westwood, Kan., worked out their own procedures and shared them with their customers. Cisco Systems Inc., the San Francisco-based leader in router technology, recommended procedures for tracing the attack traffic back to its source. The group began by working with ISPs to set up procedures they all should follow in the event of an attack, so they could share information. While there are legitimate, non-malicious reasons for system scanning, the expert, who had special scan-detecting software, was able to ascertain that such was not the case this time. Palmer recalled a security-expert friend who installed broadband access one evening and awakened the next morning to find his system had been scanned six times by hackers, probably in preparation for installing drone software. Watson Research Center in Yorktown Heights, N.Y. Further, broadband lets hackers send out more packets in less time, so they eagerly search out such devices, according to both Curry and Charles Palmer, head of encryption and overall network security research at IBM Corp.'s Thomas J. "It's easier to sneak in because intrusion causes relatively less communication overhead than with dial-up it's less noticeable," he told IEEE Spectrum. Rapidly rising use of always-on digital subscriber line (DSL) and cable modems simplifies the task of recruiting drones, according to Sam Curry, security architect at Corp., Sunnyvale, Calif., a leading supplier of security software. But before it does, things may get worse. The attacks have rallied widespread support for countermeasures, so that the next few years may see significant changes in how the Internet works. To block the sites, one or more hackers sneaked into the computers of several unsuspecting users connected to the Net, and used these widely dispersed machines as drones to launch a barrage of false messages. The world was made rudely aware of the battle last February when public access to the sites of Amazon, eBay, Yahoo!, and other dot-coms was cut off by a new method of attack called distributed denial of service (DDoS).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |