Kevin Mitnick may be offline for a long season, but he has some advice for the high-profile Web sites which were hit in a series of spam-bomb denial of service attacks last week.
In the current issue of Time, Mitnick writes that he'd tell those running the sites "three things" if his release terms let him online to tell them.
"One, use a network-monitoring tool to analyze the packets being sent to your site to determine their source, purpose, and destination," he writes. "Two, place your machines on different subnetworks of the larger network, in order to present multiple defenses; and, three, install software tools that use packet filtering on the router or firewall to reject any packets from known sources of denial-of-service traffic."
Mitnick was recently paroled after spending 59 months in federal prison, much of which was spent awaiting trial for a hacking spree which led the government to consider him the world's number one computer troublemaker - a stance critics say did nothing except make Mitnick a role model for other hackers while depriving him of due process.
His freedom's price now is that he's banned from using cell phones or providing advice on technology matters to computer companies. Time was careful to say that his written remarks were for information alone.
"If I could talk with the people carrying out these disruptions, I'd tell them that their actions just aren't the cool thing to do: these attacks aren't impressive," Mitnick writes. "They require no sophistication. They are analogous to throwing paint remover on cars driving down the street, and they're getting a bunch of people angry.
"I've learned a very painful lesson--avoid any contact with the criminal-justice system," he continues, "because it's a system that's stacked completely in favor of the prosecution."
Meanwhile, federal investigations into last week's attacks continue. Over the weekend, it was learned that computer systems at Stanford University and the University of California at Santa Barbara had been co-opted in the DOS attacks, drawing a throng of media to those campuses, says Wired.
But Wired also suggests that technicians inside the world of the Web and not federal criminal investigators are the most likely to solve the mystery of where the attacks sprang from and, perhaps, why.
"The FBI is basically relying on the providers to figure it out," says one executive at one network provider to Wired. But to veteran network wonks, the magazine says, the DOS attacks "were more high-profile than usual, but hardly unprecedented. Internet relay chat servers have been the subject of smaller DOS attempts since at least 1996, and automated "smurf" tools like trinoo and TFN have been available since last summer.
