The Australian Computer Emergency Response Team (AusCERT) based at The University of Queensland is warning Australian organisations about the potential ramifications of Internet attacks on their Web sites.
AusCERT is one of the few organisations in Australia recognised internationally as an authoritative source of expertise and information about Internet security. It provides a single, trusted point of contact in Australia for the computer community to deal with computer security incidents and their prevention.
AusCERT manager Ben Barton said recent media coverage had focused on a series of Distributed Denial of Service (DDOS) attacks against a number of high profile sites. In general, these sites have been E-Commerce related. Previous years have seen concentrated attacks against other industry groups, particularly Internet Service Providers (ISPs), universities and other agencies throughout the world.
"We are contacting organisations as a community service to assist understanding of what these attacks mean," he said.
"The attacks have been taking place in earnest since early February, although the technology has existed for some time. They have caused significant inconvenience for a number of organisations, both in the US and other countries.
"Media reports have speculated on cost, although to date there are no firm figures on the true cost. The cost of these attacks will be incurred through network traffic, loss of availability, time to respond and repair, and loss of reputation and commercial opportunity." Some indication of the impact of these attacks is found in web site benchmarks published at:
http://www.keynote.com/news/announcements/pr021200attacks.html
Mr Barton said indications were that the attacks in question lasted for up to five hours each, during which time services were unavailable or seriously impaired. After reasonable service was restored in the face of these attacks, response times for some sites were still seriously impaired, with 10% or more loss of availability.
"The good news is that the attacks themselves are based on components that have been available and understood for several years," he said. "In many cases, systems that may be involved in these attacks will have fingerprints that can be uncovered by various software tools. However the effectiveness of these tools is dependent to some extent by the ability of the attacker to hide his or her presence.
"The bad news is that it is almost impossible to completely block these attacks if a person chooses to attack your network. However, it is possible to take steps to mitigate their effects."
These steps include:
o Ensure your site is adequately protected against attacks other than DDOS attacks.
o Make sure that your network is configured to restrict the type and volume of particular types of traffic used in these attacks.
o Ensure that your network does not allow forged traffic.
o Follow up on any suspicious network activity.
o Check systems to make sure that your site is not being used as a relay in these attacks. If your site is being used as a relay, then your network has probably been compromised. Additionally, the end victim of any attack is likely to be unhappy with your organisation for being involved.
Mr Barton said AusCERT had also written a seven page report outlining in greater technical detail the ramifications to business of a sustained DDOS attack. The confidential report has been written for its members, but was available to non-members for a $100 cost by contacting bbarton@AusCERT.org.au.
The AusCert Home page can be accessed at URL: http://www.auscert.org.au/home.html
Media: For further information, contactRob McMillan at AusCERT, telephone 07 3365 4417.
.jpg)
