FRAMINGHAM (04/18/2000) - The 911 virus and distributed denial-of-service attacks are the most recent manifestations of parasitic attacks. Parasitic attacks compromise unwitting intermediate victims, using them as launching pads to attack a targeted site. The unsuspecting intermediary provides the attacker with three essential resources: CPU cycles, network bandwidth and identity. The attacker uses these resources to launch automated strikes against the target.
From the assailant's point of view, parasitic attacks are free, effective and anonymous. From the victim's, they are disastrous. ISPs' mail servers become choked with spam, and staff time is wasted analyzing and recovering from the attacks. Vendors' public relations suffer when vulnerabilities in their software or router are implicated in a high-visibility security failure.
Customers are baffled by security problems originating from some unknown Internet source.
The increasing frequency and severity of parasitic attacks raises the possibility that victims will seek some form of compensation from the hapless upstream launching point. This infighting among Internet members has the potential to invite unwanted federal regulation and interference.
Fortunately, technical and organizational countermeasures have not changed just because the attack mode has become increasingly automated. Disciplined system management practices will stave off most parasitic attacks. Hostile code can be controlled through antivirus software and end-user training; system vulnerabilities can be plugged by following the bug lists and applying critical patches; and unneeded services should be disabled on routers and servers.
Determining an appropriately strong configuration for a router or network host is simple: The trick is applying it consistently. Just as assailants are automating their attacks, Internet citizens must also automate. This involves carefully orchestrating security and organizational procedures, and using enterprise configuration management products.
Cooperation with other Internet entities must become a routine aspect of security programs. Subscribers need the assistance of their ISPs. ISPs must cooperate with one another to prevent and trace attacks. Vendors must work with ISPs and customers to develop security features that are resistant to parasitic attacks.
Work with your ISP to learn what its incident response will be if you fall victim to a parasitic attack. Ask to see what security policy has been implemented at your hosting site to prevent your Web server from becoming a zombie. Don't wait until an attack is under way before finding the appropriate contact at your ISP or system vendor. Call them today and discuss how they will support you in an emergency.
Parasitic attacks succeed by turning poorly managed hosts into offensive weapons. If you don't take the time to fix bugs and system vulnerabilities, you aren't just hurting yourself - your negligence will result in damage to someone else's business. Does your organization want to bear that responsibility?
Heiser is a senior Infosec consultant with Lucent NetworkCare, located near Washington, D.C. He can be reached at firstname.lastname@example.org.