DoS attacks overwhelm computers, Web sites and servers with floods of bogus data , and hackers are increasingly aiming them at routers, according to a recent report by the federally funded Computer Emergency Response Team (CERT). Routers are the vital Internet components, either special-purpose computers or software packages, that connect two or more networks or parts of networks.

"Essentially routers have trust relationships with each other, and are the means by which networks interconnect with each other," Kevin Houle, one of the authors of a CERT white paper on the subject, told NewsFactor Network.

"If I can take advantage of that trust relationship to inject bogus routes in the routing tables, there's a potential for denial-of-service between two or more networks. They can be separated from each other."

Massive Traffic Jam

Routers do not have monitoring technology -- they spend their time looking at the destination addresses of the data packets passing through them and determining which route to send them on. Routers are the keys to larger networks, and if they are isolated, considerable disruption could occur on the Internet.

"Traditionally, you think of DoS as 'packet flooding,' sending enough traffic down a pipe to fill up that pipe," Houle said. "In the case of a router-based DoS attack, what we're talking about is the route tables for a router being altered."

A targeted attack that shut down a network router would not bring the entire Internet to a halt -- it would be more like a massive rush-hour traffic jam on an interstate highway that once flowed smoothly.

'Autonomous Network Worms'

The CERT research also found that multiple-source attacks are occurring more often and are increasingly aimed at multiple targets.

"Autonomous network worms" are becoming more popular among the more sophisticated, malicious users, whereas once they simply inserted code manually via a Trojan Horse into the targeted computer.

"In the case of the automatic model, the attack code is self-contained," Houle said. "In previous worms like ramen, the attack code was in an external site. The compromised computer had to go back to the attacking host to retrieve a copy of the attack code, install it and then execute it. The autonomous model is much more efficient. It doesn't have to take as many steps to initiate another attack." (continued...)

1  |  2  |  Next Page >