Not again. Just when one had heaved a sigh of relief after all the hullabaloo about how ill-behaved Indians on the Net are, how they abuse others in the IRC Talkcity chatrooms, how much they would be embarrassed if their names would appear on the Internet Users Club of India page of shame ... they strike again. No, not the Indian Internet users. This time, what do we call it but (here, do an Alt+Tab into true kitsch-Yankee mode) THE ATTACK OF THE NET GURUS!
Yes, again. What else could guarantee the much-needed credibility to a special report in a Mumbai newspaper on hacker attacks on websites? The eight column headline screamed Hacked to Death: Cyberassassins threaten Information Superhighway. So, heart in your mouth, the Netsurfer reads on.
They are the Jack the Rippers of the Information superhighway (unquote: ugh!). Electronic hit men who strike at random... watch out cybercops, the Cyberassassins are here. Tired old SF movie lines ... If you need inspiration, go watch The Net.
The massive population of 30,000 Internet subscribers in India is generally nice. But the hackers (oh, the vermin ...) can and have attacked and disabled the VSNL website for, hold your breath, five minutes! Oh the tragedy of it all.
Lets get serious here. Using a technology known as SYN flooding, it is possible to disable a website. SYN flooding is when someone tries to start many (many) telnet connections in a short period of time, but never acknowledging the connection. The maximum number of connections a UNIX-based operating system can manage at any given time is only eight. This engages the server too much that all the other services are interrupted. But if not a poorly set up or designed system, nothing dies but incoming TCP connections. Outgoing TCP, incoming and outgoing UDP, and any established TCP connections are unaffected.
But what happens if a website or server is disabled in this manner? Oh, what could happen? Your site goes off the Net for a while. Thats bad, and risky, and if you are generally the kind who gets struck by lightning on a summer afternoon, you should take precautions.
Till recently, the only known attack of this type occurred in America, and the second, as the report says, happened before this reporters eyes at the Vijay Mukhi computer institute in Mumbai. The server Miheer Mafatlal (at http://www.mafatlal.co.in) was attacked and disabled.
What is the actual threat? Nothing. There are several ways in which hackers can crack, break or crash into a system, and this is one of the simplest. And there are no cures yet, either. The only potential risk is in alerting the potential hacker around to such a possibility through eight column news reports.
So, how do you protect yourself? There are no foolproof ways, so there. The fault is inherent in the protocol, and you can see whether your website is under attack by trying to access it yourself.
Heres something found on the Net: If you are running Digital UNIX, the length of the queue can be increased to a max of 32,767 without an appreciable loss of host performance. So, for the default time-out of 75 seconds, a sustained attack of more than 400 bogus SYNs per second would be required to swamp the kernel. If you set the time-out to a more realistic 20 seconds, it would require a sustained attack of more than 1,600 SYNs per second. If you are running Digital UNIX see the website http://www.digital.com/info/internet/document/ias/tuning.html for details on tuning.
Back to the story. It is based on a What If scenario, where anything could happen. What if an attacker targets the 10 Gateway Internet Access Systems (GIAS) of VSNL? What if the attacker targets Netscape and Microsoft? What about the monetary losses? What if the Net gurus have started running out of interesting issues to talk about? The report even goes on to say that Vijay Mukhi wrote the required TCP code on for disabling any website.
Probably, but one found warnings on the newsgroups that some hacker magazines have published codes for SYN flooding and ISPs better take care. So there.
Even the legendary (to some) Tsutomu Shimomura, the security expert who caught Kevin Mitnick, the maverick hacker, has some postings on the Usenet Newsgroups to his credit on SYN flooding and IP spoofing. If you have already got real panicky, you can write to him at tsutomu@ucsd.edu and ask for advise. Maybe he might help. Or, if you have a website, you could ask the Mukhi to keep the code secret, so not another 17-year-old Vishal Doshi tries it out on who knows, Netscape or Microsoft for fun ... It could even be good for him, after all. He might get to learn a few things about REAL Internet security.
PS: By the way, heard anything about the Page of Shame on Miheer Mafatlals server? The catalyst: Miheer got abused. Who complained: Miheer. Who is hosting the Page: Miheer. Netsurfer caught Miheer, declaring in an on-line IUCI chat that he was the one who complained to the Talkcity hosts about Indian chatters unruly behaviour. Talk about taking chatters into your own hands! Meanwhile, Indian visitors on Talkcity, as far as Netsurfer know, remain friendly as ever.
