possible dns attacks

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

Posted on Yahoo News Today: " Wednesday February 9 12:22 PM ET

NEW YORK (Reuters) - Online brokers E+Trade Group Inc. (NasdaqNM:EGRP - news) and Datek Online Holdings Corp. on Wednesday became the latest apparent victims of computer hackers who have wreaked havoc across the Internet this week.

E+Trade, the No. 2 U.S. online broker, and Datek, the fourth-largest, said that some of their customers were unable to log on to their respective sites after the routers the brokers used were overwhelmed by traffic. It was the third day in a row that computer hackers appeared to have caused trouble on the Internet after attacking some of the most popular sites such as Yahoo! and Buy.com Inc. (NasdaqNM:BUYX - news) earlier this week. Wednesday February 9 12:22 PM ET Two More Brokers Apparent Victims of Hackers NEW YORK (Reuters) - Online brokers E+Trade Group Inc. (NasdaqNM:EGRP - news) and Datek Online Holdings Corp. on Wednesday became the latest apparent victims of computer hackers who have wreaked havoc across the Internet this week.

E+Trade, the No. 2 U.S. online broker, and Datek, the fourth-largest, said that some of their customers were unable to log on to their respective sites after the routers the brokers used were overwhelmed by traffic.

It was the third day in a row that computer hackers appeared to have caused trouble on the Internet after attacking some of the most popular sites such as Yahoo! and Buy.com Inc. (NasdaqNM:BUYX - news) earlier this week.

``Access to the site was essentially clogged up,'' E+Trade spokesman Patrick DiChiro told Reuters, adding that less than 20 percent of the customers were unable to log on. E+Trade said its site had problems for more than an hour beginning at about 8 a.m. EST while Datek's problems lasted from 9:30 a.m. to 10:05 a.m. EST.

``It seems to be related to the 'denial of service' attack,'' Chief Technological Officer Peter Stern told Reuters, referring to the attacks on Yahoo! on Monday. ``I don't know if they were hackers, but I find it highly unlikely that someone just pulled the plug (on one of the routers).''

Routers direct traffic over telecommunications networks.

E+Trade and Datek said most of their customers had not had trouble logging on and those who did were rerouted.

``The site was never down, our site security was never compromised (and) customer accounts were never compromised,'' said E+Trade's DiChiro. Meanwhile, Charles Schwab & Co. Inc. (NYSE:SCH - news), the No. 1 U.S. online broker, and Ameritrade Holding Corp. (NasdaqNM:AMTD - news) said they had not any trouble so far.

Officials at TD Waterhouse Group Inc. (NYSE:TWE - news), which apparently uses the same troubled router as Datek, could not be reached for comment. "

Sorry, folks, can't get the hotlink in.

Mike

-- mike in houston (mmorris67@hotmail.com), February 09, 2000

Answers

---u-h-h-h-, is anyone really sure that these "router" problems are really suffering malicious attacks? wasn't it reported here and elsewhere that those cisco routers had some serious y2k probs? could this be the reason, and now it's finally starting to manifest itself in these ways? Only asking, because of that stupid Y2K 90 day "you get to lie legally" free ride law that was passed. Besides that, have zero idea. Like has been stated, hakkers usually claim credit, like "this site hakked by 'tHe acNe LibErAtIoN fRont To fReE kEviN'" or some such nonsense.

-- zog (zzoggy@yahoo.com), February 09, 2000.

Two Brokers Apparent Victims of Hackers

-- Dee (t1colt556@aol.com), February 09, 2000.

zog-

If you would be so kind, I've lost the thread title that the Cisco information was on. Do you (or anyone) still have it?

This poor ?dying? forum is still so prolific, that it takes forever to search the many threads. I forgot to cut and paste it.

Thanks in advance.

-- Michael (mikeymac@uswest.net), February 09, 2000.


--Michael, that thread was like a month ago. what I remember is that Cisco (it was reported) had "patches" on their website, as in emergency, right before and after rollover. I don't bookmark individual threads, I'd go nutz! and ok, before any trolls grab it, "it's a short drive"!hahahah!

-- zog (zzoggy@yahoo.com), February 09, 2000.

LOL zog- Some would say that I've already been around that block a couple of times. Thanks for the reply anyway. This came via linkage by way of the flight 261 story and the motor used in the control of the stabilizer, I think. Guess it's time to take my Zinc. (;^}`

-- Michael (mikeymac@uswest.net), February 09, 2000.


Just a thought. But could this be a TROJAN horse or other virus type put into these ites during the remediation of their systems in prep. for y2k? I know there was alot of warning about the possiblity of even terrorists planting thiese types into systems while they were pposedly `fixing` it for y2k. anyone?

-- mutter (murmur@ya.com), February 09, 2000.

My son - a computer nut - says he thinks the downtimes which Yahoo.com and others are having are caused by hacker/kids who are having competitions to see who can get in first. Don't know if this sounds feasible.

-- Laurane (familyties@rttinc.com), February 09, 2000.

Mike -

If by DNS, you mean "Domain Name Services", I don't think a "denial of service" attack has much to do with that. Did you mean "DoS", which is occasionally used when referring to these attacks?

I've always thought "Ping of Death" had a certain ring to it, but then you have to explain "ping" and then a bit about TCP and it just gets too compliacted...

-- DeeEmBee (macbeth1@pacbell.net), February 09, 2000.


Zog,

No, I think it's real. DoS attacks are technically EASY to implement. A couple of fast PCs on a fat wire could effectively shut down any of these sites for a short time. The tricky part is staying ahead of the site administrators. Once they see lots of traffic from an attacking IP address they'll block it so the hacker has to move to a different IP address to continue the attack.

From what I heard on the news the hackers are adressing this by using security breaches in the systems of third parties to launch their attacks. That is, they hack into Company A, and use it's computers to attack. Once the IP address of Company A is blocked they move onto Company B, and so on.

This servers two purposes; it allows them to sustain the attack and also effectively blocks any attempts to find out who the attackers really are. To make matters worse many of the attacks seem to be coming from the computers of companies located overseas. The hackers themselves, of course, could be anywhere...

-TECH32-

-- TECH32 (TECH32@NOMAIL.COM), February 09, 2000.


--thanks, tech 32, this thing has ben a tossup so far in my mind, but now I'm leaning towards the hack attack. next question, why no claims, and would they purposefully go to an offshore puter if there really was no way to trace after the initial port jacking? Well, another, seems like they could make several jumps before the attack as well.

oh ya, always thought the "ping 0 death" was a funny name, too.

-- zog (zzoggy@yahoo.com), February 09, 2000.



I remember that old Cisco thread too, it was in the form of a memo...

But anyway this url over at Cisco will tell you more than you ever wanted to learn about denial of service attacks, spoofing, routing, and more.

http://www.cisco.com/warp/public/707/advisory.html

-- mommacarestx (nospam@thanks.com), February 09, 2000.


zog,

--thanks, tech 32, this thing has ben a tossup so far in my mind, but now I'm leaning towards the hack attack. next question, why no claims, and would they purposefully go to an offshore puter if there really was no way to trace after the initial port jacking? Well, another, seems like they could make several jumps before the attack as well.

Why no claims? Because the only people they have to impress are other members of the hacker community. You can bet THEY know who's doing this. Why go overseas? Their infrastructure/security procedures tend to be weaker than in the US. Then there are the thorny legal issues of trying to coordinate efforts with foriegn law enforcement agencies and companies to try and trace back the hacks.

You know, it's entirely possible that the program they used to do the attacking was placed on the companies computers weeks ago and only launched when someone made a single connectection to 'turn it on'. It's also possible that they had the program running all the time in the background, having it periodically check some OTHER web site to see if it should turn itself on and where it should attack. Heck, these guys could be at a local McDonalds giggling over chocolate shakes while the folks at the site under attack are tearing their hair out. Suffice it to say there are lots and lots of ways for them to cover their tracks.

I know it's hard to believe but stuff like this is a breeze to write if you have any type of real web programming experience (we're not talking HTML here). DoS attacks are especially easy since you don't need any interaction with the target site. It's like someone having a whole bunch of really fast auto-dialers and using them to call your phone non-stop. All they have to do is dial, hang-up, and dial again over and over and over. No one would ever be able to get through to you.

There is no question that in coming years these attacks are going to increase in both frequency and intensity. We'd better get used it folks...

-TECH32-

-- TECH32 (TECH32@NOMAIL.COM), February 09, 2000.


Moderation questions? read the FAQ