In the
WIRED.COM article "New Breed of Attack Zombies Lurk", Michelle Delio describes how
Asta Networks has successfully identified the surfacing of new
DoS (or
denial-of-service) attack tools. One type of attack makes use of "
pulsing zombies", unprotected remote networks controlled by
hackers to launch a deluge of short-burst flood attacks, rendering systems temporarily inactive and denying their services. "The new DoS", another such attack form, degrades its target's services (instead of completely denying them) by occupying it with a considerable increase in network traffic. With the careful monitoring of
Internet2, Asta technicians have learned more about the nature of DoS attacks and have developed techniques to observe, detect, and prepare unsuspecting networks of this sort of online onslaught.
In light of the amount of damage DoS attacks have caused (Delio quotes the Yankee Group in her article by indicating an estimated $1.2 billion in revenue lost in 2000), the efforts made by Asta Networks should be applauded. Not only have they succeeded in isolating new strains of DoS attacks by careful observation of the Internet2 Abilene backbone, they are also researching the methods by which these attacks are being made. Analyzing the attack programs themselves may offer considerable insight to the development of security countermeasures but the foresight involved in the staving off the problem before it transpires is what will be the most effective in the end. Scrapping together a retributive solution after each incidence only sets one up for another such retributive occurrence further down the road. Keeping two steps ahead of the opponent is what will win.
As Sun Tzu wrote in The Art of War, "Know thy enemy", Asta Networks is not simply dissecting the technology employed by these hackers but is also subjecting the psychology behind its implementation to scrutiny as well. Delio points out that these technicians have noticed "crackers are increasingly making an effort to tune up and refine their zombies before launching their primary attacks". They have recognized patterns in which "zombie masters" would stage smaller scale DoS attacks in preparation for the larger scale attack the following day. This inference of behavior can only be made through meticulous monitoring of the nature of the attacks. The researchers are not looking merely at what attacks are being made but how they are made and when. Instead of looking to the technology implemented for the answers, the technicians are also delving into the mind of the perpetrators to find them.
Kenneth Vander, TechServ CIO, said, "As more intelligence and sophistication is added to DoS zombies, the more challenging it will be to detect, locate and counter the attacks." Asta Networks is meeting this challenge by looking beyond the tools being used and watching how exactly the craftsman works.