ISPs under hacker attacks

Question: I’ve heard Internet Service Providers have experienced some sort of virus-like attack that slowed down service. Do you know anything about this? –Max

Answer: Smaller ISPs have been hit quite hard by attacks called “denial of service” attacks, also called “SYN floods” or simply abbreviated “DNS”. How they work is that a hacker targets a server with a piece of software that keeps the server busy with data requests that can’t be resolved. As a result, regular users get shut out.

I asked Jeremy Schmuland at CompuSmart whether he’d heard about the nuisance attacks. He explained the problem has arrived in Edmonton. “We are unfortunate enough to have just been the recipient of a rather nasty attack,” he said of the company’s Internet division.

He explained that this form of digital vandalism has been around for several years but, until recently, hasn’t happened much. “The bad news,” said Schmuland, “is that, after someone began viciously attacking a service provider in New York, called Panix, two web magazines posted the batch file and the flood attacks have started everywhere.” The attack that hit CompuSmart did not appear to originatefrom Edmonton, he added.

These attacks are very difficult to trace because the batch files appear to randomly strike from imaginary sites. A server administrator has to back-track through each server that the attack passed through. If the attack originated in California, for example, hundreds of servers may have handled the data routing.

“Getting them all to cooperate in an investigation would be impossible,” said Schmuland. The attacks will probably continue against small ISPs until the fad dies out again in the hacker community. “There are many firewalls” — hardware and software that keep out unwanted visitors — “available to help stop a SYN flood attack, but their costs rule out all but the largest of ISPs,” concludes Schmuland.