One of the Internet's most popular portals was jammed shut for three hours Feb. 7, and observers say the attack against Yahoo was almost too easy to execute.
CNET says the attack was "an apparently coordinated attack," involving the cyberspace equivalent of a California freeway traffic jam. Yahoo executives say the traffic volume alone indicated the attack had to have been coordinated among a group of people or produced by sophisticated software.
Yahoo isn't the only high-profile Net company to be nailed in a major outage, CNET says, but the Yahoo attack "highlights a simple technique that can cripple a large, relatively well-prepared Internet company." Yahoo calls it a "distributed denial of service attack" - what the FBI calls "large networks of hosts capable of launching significant coordinated…attacks," involving launching tools installed on many computer systems secretly, without owners' permission or knowledge.
Such a denial-of-service attack happens when a Web site's servers are bombed with fake information request packets - and the attackers escalate the bombing when the target server responds, sending more requests, leaving the Web site to struggle to keep up with the escalation, which in turn slows its performance or crashes it entirely.
The Yahoo outage peaked between 10:30 a.m. and 1 p.m. PST, CNET says, with Yahoo-aimed requests hitting about one gigabit per second - more than some Web sites receive in one year, according to Yahoo spokeswoman Diane Hunt.
"This shouldn't lead to wide-scale (negativity) about the Internet," says Laurie Priddy, executive vice president of systems for GlobalCenter, Yahoo's Web hosting service, to CNET. "Was it a bad day? Sure. It's not the first one, and I doubt it will be the last...That's not to say there are not defenses."
Unfortunately, CNET says, Yahoo did have defenses but they proved inadequate - Yahoo's rate filters, aimed at blocking denial-of-service attacks, were not enough to hold back an attack this size.
In today's attack, however, those defenses proved inadequate. GlobalCenter tells CNET the level of traffic sent to Yahoo was unprecedented - Priddy says GlobalCenter handles an average of 4.5 GB per second.
"This was a highly unusual event," Hunt tells CNET. "It happened very quickly and with great intensity. "The Internet is still in its infancy," she added. "A lot of the things that happen on the Web are new. This isn't the last time this will happen on the Internet."
Yahoo switched to a backup East Coast hosting system at mid-day, which took much of the pressure off and helped bring the popular portal back online.
"Yahoo is a company that's prepared to handle really high levels of traffic," Internet technical officer Elias Levy of online security firm Security Focus tells CNET. "To be able to take down that network would require a lot of hosts coordinating their actions."
Other security analysts tell CNET brute-force DOS attacks go way back in the computer underground because they are simple enough for wreaking havoc with outside computers or Web sites.
A common form of such attacks involves an attacker effectively taking over another machine, or a group of machines, connected to the Web, and then program these "slave" machines to send streams of information at the target site, CNET continues, with such streams ordinarily being "ping" commands - basic, low-bandwidth ways for one machine to query whether another machine on the network exists.
One ping at a time can't be distinguished easily from the whole traffic flow, but enough pings means a traffic jam. CNET says attackers commonly insert fake addresses into these tiny streams of information, making them virtually untraceable. And analysts' say there's little one can do against such a concerted attack.
Another problem: the tools used to launch DOS attacks can be found online very easily, CNET says. These downloadable tools, the news service says, now have brought the ability to wreak havoc on unprepared Web sites within the range of relatively casual computer users. And CNET says experts are warning similar attacks are likely, taking advantage of inherent weaknesses in the Net's system of open, interconnected networks.
