SoVerNet fends off would-be hackers

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

[Fair Use: For Education and Research Purpose Only]

SoVerNet fends off would-be hackers

February 27, 2000 By ED BARNA

BELLOWS FALLS - So far, hackers haven't brought down SoVerNet, one of Vermont's largest independent Internet service providers, but it hasn't been for lack of trying.

According to Erik Leo, co-owner and chief technical officer of the company, "'Denial of service' has become a buzzword" in the Internet industry. It refers to the way regular customers can have their service blocked by an overload of calls from another Internet service provider's server computers, he said.

Sometimes these overloads can be accidental, but more often they are malicious, Leo said - like recent, highly publicized assaults on Yahoo!, E-trade, and other prominent Internet businesses. There would be many more such overloads if companies like SoVerNet did not have software in place that signals such activity, and on-duty employees who can take action to block a potential denial of service, he said.

Last Sunday, for instance, an America Online "point of presence" (one or more server computers) in the Washington, D.C., area began a series of e-mail transfers that tied up SoVerNet computers temporarily, Leo said. He compared the problem with what would happen to a telephone company if people called and then put the calls on hold, then made other calls and put them on hold, then more and more, until the system's capacity was used up.

No actual message content was coming from the America Online computers, but the e-mail-related traffic was soaring, Leo said. Once SoVerNet identified the source of the problem, it shut down that link and contacted America Online.

AOL made changes to remove the unwanted messages from both systems. About 24 hours after the first incident, SoVerNet opened its servers and "we were again inundated from that same channel," Leo said.

SoVerNet and America Online then made changes, at both ends of the connection, intended to slow the rate of calling to SoVerNet's computers. This appeared to resolve the problem, and allowed SoVerNet to resume normal service to that part of America Online's operations. Other e-mail connections were not affected.

As of 5 p.m. on Friday, everything was back to normal, Leo said. "We still don't know if that problem in particular was malicious or accidental," he said.

Nothing is known about the source of the messages, because America Online, like other Internet service providers, is very concerned about protecting the privacy of its customers, Leo said. "The provider that is being a target (of such denial of service overloads) is generally in a more difficult position," he said.

"The (industry-wide) ethic is to be conservative in what you send and liberal in what you accept," Leo said.

To try to prevent misuse of its system, SoVerNet uses some software controls to screen incoming messages, Leo said. For instance, by requiring all messages to have a source address and a recipient address, attempts to deliver huge amounts of anonymous e-mail can be blocked, he said.

Denial of service attacks are "something that has happened to us on a limited basis," Leo said. Two days ago, for instance, there was "a huge stream of a particular type of traffic at certain (SoVerNet) addresses."

"That one we are pretty sure was malicious," he said. It was promptly identified and dealt with.

There are also cases in which an individual e-mail account gets flooded with unwanted messages, and SoVerNet is called upon to flush them out. "We do this sort of service pretty routinely," Leo said.

"It's truly a service business," he added. "You have to do what people need."

http://rutlandherald.nybor.com/News/Story/4443.html

-- Martin Thompson (mthom1927@aol.com), February 27, 2000


Moderation questions? read the FAQ