[ISN] Security Experts Warn of Devastating Web Attack

InfoSec News isn at c4i.org
Tue Mar 21 04:13:31 EST 2006


Forwarded from: security curmudgeon <jericho at attrition.org>

: http://www.foxnews.com/story/0,2933,188102,00.html
: 
: Paul Wagenseil
: Fox News
: March 16, 2006
: 
: WASHINGTON - A powerful new twist on the most common kind of Internet 
: attack could overwhelm even the most popular and well-fortified Web 
: sites and disrupt e-mail traffic by enlisting the network infrastructure 
: servers that manage Internet traffic worldwide, security experts warn.
: 
: First detected as early as 2002, the assault, known as a distributed 
: reflected denial-of-service (DRDoS) attack, bombards targeted Web 
: servers with such massive amounts of spurious data that even flagship 
: technology companies would not be able to cope.

The following comments are courtesy of Dave Dittrich, reworded a bit
here with his permission:

There are some news stories starting to break in which VeriSign claims
to have "discovered" a "new DDoS" attack (two below, at least two more
on the way).

   http://software.silicon.com/security/0,39024655,39157301,00.htm
   http://www.theinquirer.net/?article=30361

If anyone wants to set the record straight on all of this, the first
public mention of these kinds of attacks was Vern Paxson in 2001.  
The first public mention of a distributed reflected DDoS attack
involving DNS was against futuresite.register.com in 2001.  The
Honeynet Project "Reverse Challenge" binary turned out to be a DDoS
agent, and it implemented several DNS related attacks *including* a
distributed reflected DNS attack.  That was in 2002.  Dittrich and his
co-authors mentioned reflection attacks (including the above) in their
book "Internet Denial of Service: Attack and Defense Mechanisms",
which was published just over a year ago. So if 5 years old is "new"..

Dittrich just updated his DDoS web page to include references to the
above information, as well as other references, history and more:

http://staff.washington.edu/dittrich/misc/ddos/





More information about the ISN mailing list