Thursday, 31 May, 2001

DDos Attack on Steve Gibson

Steve Gibson, creator of SpinRite, ShieldsUP, and a number of other tools over the last 15 years, suffered a Distributed Denial of Service (DDoS) attack on his web site ( over the first part of this month.  The script kiddies fooled with the wrong guy.  Steve is nothing if not a very accomplished hacker, and he put his considerable skill to good use tracking down the perpetrators of this attack and figuring out how they did it.  His detailed report of the attack and its aftermath makes for very interesting reading.  It's a very long article, but well worth the time.

The attack on the web site was performed by 474 computers that had been previously compromised and were running a "bot" that takes commands from a central server.  The person responsible for the bots just had to give the command, and the bots started flooding with millions of TCP packets.  This type of attack doesn't attempt to compromise the victim's computer or data--it just floods the site with so much data that legitimate requests can't get through.  This type of attack is made possible by the structure of the Internet and the protocols used to communicate.

One of the most important statements that Steve makes (at the end of his article) is:

The days of an Internet based upon mutual trust among interconnected networks has passed.  The Internet's fundamental infrastructure MUST BE SECURED before the Net becomes further threatened by increasing levels of malicious attacks.

I couldn't agree more.  This is fundamentally the same issue as the spam (unsolicited commercial email) problem, and will require much the same solution.  I'm convinced that it will cost anonymity, which is no big deal to me but will likely get some people all in a lather.