Users login

Create an account »


Users login

Home » Hacking News » Rash Of Router-Based DDoS Attacks Imminent

Rash Of Router-Based DDoS Attacks Imminent

by Majik on October 26th, 2001 The widespread use of poorly configured network routers has opened the door to an "imminent" spate of attacks that could slow Internet traffic to a crawl, according to report published by a government-funded security watchdog group.

"We believe this to be an imminent and real threat with a potentially high impact," wrote researchers with the Computer Emergency Response Team (CERT), located at Carnegie Mellon University in Pittsburgh. "Routing protocol attacks are being actively discussed in some intruder circles and have become agenda items" at public hacker conferences.

The report notes that intruders are increasingly compromising routers using vendor-supplied default passwords. The traffic-routing circuits are then redirected for use in so-called "distributed denial-of-service" DDoS attacks, in which a targeted Web site(s) is crippled by an overwhelming amount of network traffic. The attacks usually emanate from a number of different compromised systems, and are generally very difficult - if not impossible - to defend against.

CERT researchers say routers make tempting targets because they are often less protected by security policy and monitoring technology than other computer systems, which also allows intruders to operate with less chance of being discovered.

The report also cites an increase in the number of DDoS attacks perpetrated over private and public Internet relay chat (IRC) networks.

While IRC-based denial-of-service attacks can be difficult to trace, they are even more troublesome to shut down. Much like routers, IRC networks manage vast numbers of individual communications, and shutting them down can often lead to an overflow of traffic on other networks.

In the past, DDoS attackers often planted their attack tools on carefully selected compromised Unix hosts. Yet, according to the CERT report, intruder tools that target Windows systems have matured to the point where more advanced exploit technology for Windows-related vulnerabilities is enabling a wider array of Windows-based tools.

DDos attackers also are targeting Windows users because it is relatively easy to find network address blocks for Internet service providers (ISPs) with known, large numbers of Windows end-users, such as AOL.

"Based on reports we have received, intruders are leveraging easily identifiable network blocks to selectively target and exploit Windows end-user systems," the report said.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »