"Denial Of Service" Attacks
No Surprise To Industry Insiders, Says TRI
(Washington, D.C., March 8, 2000) Recent "denial of service"
attacks on Internet sites are worrisome, but hardly unexpected and far from the
most serious threat facing e-commerce, according to Telecommunications Reports
International (TRI), the nations most respected publisher of telecommunications
information (www.tr.com) and a unit of CCH
"Many in the network security community and trade press have been warning
companies about this kind of threat for some time," notes Amy Fickling, managing
editor of the TRI newsletter Telecom & Data Network Security (TDNS). "But
attacks on high-profile businesses and the mainstream media coverage that followed somehow
make it all real to CEOs."
The March edition of Telecom & Data Network Security reports what industry
insiders have to say about the panic attack caused by the hacker exploits of the past
month, and what it means for the future.
In the recent denial of service attacks, hackers commandeered large numbers of
unsuspecting systems and sent messages from them that overwhelmed the capacity of target
Ironically, the TDNS article "Denial of Service Attacks: Big Deal, Not Big
Surprise" observes, the security controls on the hacked systems typically function
perfectly but are aimed at providing security of transactions, an aspect the hackers
dont target because they work so well.
The companies are vulnerable because they use low-level security applications to
support high-bandwidth networks. This is a common scenario among Internet site operators
who may focus security efforts on electronic commerce protections and leave the doors open
at other points on their networks.
Fickling observes that the phrase "denial of service" is not new to security
circles and industry insiders, including TRI, which has tracked the issue for years.
Now, however, security experts fear that the attention focused on the attacks on sites
such as Yahoo!, eBay, Datek and E*TRADE Securities may spread concern too far afield and
give lawmakers eager to extend the reach of federal law enforcement agencies into
cyberspace a new toehold. This consequence is worrisome for most of the communications
industry, which does not believe that federal legislation is the answer.
But while security industry experts prefer that the federal government enforce existing
laws and pursue those responsible for past attacks, they are bracing for the next variant
in the hackers game.
As reported in the March issue of Telecom & Data Network Security, industry
experts concur that, to date, denial of service attacks look like the work of "script
kiddies" rather than of geniuses. More sophisticated, and more crippling, attacks are
For example, just as administrators are becoming more alert to the rogue software that
might be lurking on their networks, ready to play its role in an attack, the security
community is noticing derivatives of denial of service tools that are encrypted, making
them much more difficult to detect and remove.
"Many in the security community feel they will be playing a catch-up game for some
time to come," Fickling said.
Availability and Pricing
TRIs monthly newsletter Telecom & Data Network Security covers fraud
prevention techniques to help safeguard telecom and data network systems. Each issue lists
favorite tested techniques for fraud prevention, discusses how to avoid security breaches
and recognize threats to networks and interviews industry insiders for forward-looking
trends. For more information or to subscribe to Telecom & Data Network Security,
call 1-800-822-6388. A one-year subscription is $345 plus tax, shipping and handling.
Telecommunications Reports International is the oldest and most respected provider of
communications industry information services. Since 1934, executives and policy-makers
have relied on TRIs comprehensive coverage and analysis of major issues and events
in the multibillion-dollar communications business. TRI, a unit of CCH INCORPORATED,
offers newsletters, online news services and industry reports as part of CCH's Business
and Finance Group. The TRI web site can be accessed at www.tr.com.
About CCH INCORPORATED
CCH INCORPORATED, headquartered in Riverwoods, Ill., was founded in 1913 and has served
four generations of business professionals and their clients. The company produces more
than 700 electronic and print products for the tax, legal, securities, human resources,
health care and small business markets. CCH is a wholly owned subsidiary of Wolters Kluwer
U.S. The CCH web site can be accessed at www.cch.com.
The CCH Business and Finance Group web site can be accessed at http://business.cch.com.
-- ### --
EDITORS NOTE: For members of the press, an editorial review copy of the March issue
of Telecom & Data Network Security is available by contacting Leslie Bonacum at
847-267-7153 or firstname.lastname@example.org.
TRI spokespersons are available as expert sources for interviews by contacting Leslie