FRAMINGHAM (03/03/2000) - As the FBI continues to search for suspects in the distributed denial-of-service attacks that paralyzed popular e-commerce sites last month and later hit the FBI site itself, Internet service providers are forming alliances to fight back.
Late last month, more than 400 Internet service providers and corporate security managers formed the Alliance for Internet Security to develop a set of security guidelines for combating distributed denial-of-service attacks. The group, which was founded by security vendor ICSA.net in Reston, Va., includes large commercial Internet service providers such as Road Runner in Herndon, Va.; Level 3 Communications Inc. in Broomfield, Colo.; and Sprint Corp. in Westwood, Kan. Members of the alliance subscribe to the pledge that "distributed network attacks are inherently difficult or impossible to defend against by the targeted site."
Laurie Wagner, senior vice president of business development at ICSA.net, said a long-term solution to distributed denial-of-service attacks requires a high level of cooperation among companies and Internet service providers. "We have a long-term problem we have to solve - an authentication problem with the Internet protocol itself," she said. "In the meantime, we are being practical and saying we just can't sit by and wring our hands."
Members of the alliance have agreed to implement filtering technologies and practices to address the distributed denial-of-service threats and prevent networks from being used as attack agents. Steps recommended include reconfiguring routers and firewalls and denying IP-directed broadcasts on perimeter routers.
"All Internet users should assure that their own network is in order and that their ISP is doing the appropriate filtering on behalf of everyone," said Harris Schwartz, director of security at Road Runner.
Gary Grossman, director of security at Exodus Communications Inc. in Santa Clara, Calif., a company that hosts about half the high-traffic e-commerce sites on the Web, said it's also important to improve current informal peer relationships between Internet service providers that exchange information about packet traffic and to warn of impending attacks.
Grossman said that although Exodus is still evaluating the alliance, such groups can encourage closer peering arrangements. "We have very good relations with all of our peering partners, but everyone else doesn't necessarily talk with each other," he said. Grossman added that Exodus has dedicated peering circuits on its network backbone.
Exodus last week launched a new set of security tools and services called the Exodus Security Service Pack v2. Services include internal vulnerability scans, server hardening, incidence response preparation, customized configuration and continuous review of intrusion-detection and firewall equipment.