Attempted attack on Net backbone highlights potential risks

by John McCormick | Feb 12, 2007 9:54:00 PM

Tags: Domain names, SECURITY, John McCormick, Adobe Systems Inc., Adobe Acrobat Reader, CVE Web site, DNS server, server, backbone, Internet, IT Locksmith Newsletter

13 comment(s)

Takeaway: When hackers recently targeted the backbone of the Internet, they caused little damage. But the attempt underscores the risks associated with our reliance on the Web. John McCormick weighs in on the attempted attack and brings you up to speed on other recent threats.

While causing no actual damage, a recent attempt to bring down the Internet emphasizes our dependence on the Web�as well as the need to come up with a contingency plan if hackers eventually manage to succeed. Meanwhile, another flaw has surfaced in Adobe.

Details

Things are pretty quiet on the security front as Microsoft gears up for a hefty Patch Tuesday. The software giant plans to release a dozen security bulletins this week. But that gives us some time to contemplate the implications of what turned out to be a major attack on the Internet's backbone.

According to a number of reports, a surge of junk traffic targeting the Internet's backbone nearly brought down several key DNS servers on February 6. According to News.com, John Crain, ICANN's chief technical officer, said there was an "unusually large amount of traffic" hitting DNS servers beginning around 2:30 A.M. Pacific Time. While traffic spiked on multiple root DNS servers, the main focus seemed to be on two of the 13 official root DNS servers: the "G" server run by the U.S. Department of Defense in Vienna, Va. and the "L" server run by ICANN.

The attempted attack caused a slowdown, but there was no other damage. However, several security experts both inside and outside of the government view this as a test of a potentially disastrous cyber-weapon.

In fact, the biggest impact this event should have is a wakeup call for anyone whose business depends heavily on the Internet. Does your organization have plans in place to keep critical functions up and running in the event of an actual outage?

Open source

While many users think of Adobe Reader as a Windows application, vulnerabilities often extend across all platforms�including Linux. That applies to a recent patch.

Another heap corruption vulnerability has emerged in Adobe Reader; this one affects versions 6.x and 7.x (VU#698924). The threat could allow an attacker to run arbitrary code on a vulnerable system.

Adobe Security Bulletin APSB07-01 covers the update. However, with the growing number of Adobe threats, it would be a good idea to routinely block users from automatically opening PDF files in their browsers.

The patch provided by Adobe is for Reader version 7.0.8 as well as earlier Reader and Acrobat releases. The patch addresses multiple vulnerabilities: CVE-2006-5857, CVE-2007-0045, CVE-2007-0046, CVE-2007-0047, and CVE-2007-0048.

While writing this article, I was unable to access the CVE Web site. If you encounter the same problems, remember that Secunia commonly mirrors CVEs. To access them from this alternate site, use the following format:

http://secunia.com/cve_reference/CVE-2006-5857/

Just plug in the particular CVE number you're looking for. I find the Secunia pages to be particularly useful because they typically include relevant vendor links.

Final word

As recent events should tell you, depending 100 percent on the Internet for your business requires a great deal of caution and a full understanding of the risks. There is always a chance that a cyberattack could bring down the entire Net for a significant period�and don't forget that a significant period could be as short as five minutes for some businesses.

Of course, IT pros are the ones management will turn to if a major outage occurs. To fully prepare for such an event, you need to answer a couple questions: How dependent is your company on a fast Internet connection for mission-critical business activities? And more important, do you have alternative plans?

In many instances, there will simply be no useful technological alternative, and that's something you need to inform management about. Disaster planning isn't always about being able to find a workaround; sometimes, all you can do is make sure people are aware of the possibilities.

We're all aware of how much grief a local network slowdown can cause�just imagine what would happen if large portions of the Net became unusable for an hour or two. Remember, this wasn't just some Web sites under attack, it was the backbone itself!

For small operations, there are some possible alternatives. I recently dusted off an old BBS system that ran on a dedicated PC and was simply too old to do much else. Nevertheless, that old hardware/software combination supplies ready dial-up access directly into my critical support network. I can always post vital information with the BBS.

What will your organization do if a major attack takes down the Internet for a few hours or a few days?

Miss a column?

Check out the IT Locksmith Archive, and catch up on the most recent editions of John McCormick's column.

Want to stay on top of the latest security updates? Automatically sign up for our free IT Locksmith newsletter, delivered each Tuesday!

John McCormick is a security consultant and well-known author in the field of IT, with more than 17,000 published articles. He has written the IT Locksmith column for TechRepublic for more than four years.

13 comment(s)