Internet

@Home users barred from chat network

Subscribers to the high-speed cable Net service are bounced from one of the Internet's most popular chat networks because of a security problem.

@Home's subscribers have found themselves bounced from one of the Internet's most popular chat networks after network administrators determined that misuse of a shareware program was creating a security problem.

Subscribers to the high-speed @Home cable Internet access service found themselves "kill-lined," or "k-lined," from the DALnet IRC Network following a Saturday night hacker attack against DALnet.

At the core @Home suffering cracks in the foundation? of the problem is the use by roughly 300 subscribers of software called WinGate. Created and distributed as shareware by Massachusetts' Deerfield.Com, the software lets users on multiple computers get on the Internet through a single connection. The default setting of the software does not password-protect it, so if users fail to proactively protect their computer, anyone can use it to launch so-called denial-of-service attacks masked by that computer's Internet protocol (IP) address.

Hackers have targeted @Home users for launching these kinds of denial-of-service attacks--which send out a crippling glut of messages and requests for responses known as "ping packets"--for three reasons. One is @Home's bandwidth capabilities.

"The high See newsmaker: Feeling @Home with CEO Tom Jermoluk bandwidth of these @Home open WinGates makes the attack much more effective than if the attacker went out and tried to use open WinGates on, say, a dial-up EarthLink or AT&T WorldNet user," wrote DALnet administrator Sven Nielsen in an email message to CNET News.com.

Another thing that makes @Home a target is its "always-on" functionality and the tendency of users to leave their computers on all the time. Because @Home users don't disconnect, they effectively have static IP addresses that hackers can count on. @Home, like most dial-up ISPs, dynamically assigns IP addresses each time a user logs on.

DALnet's decision to bar @Home users is only temporary, and the chat network says it is working on a technical solution to the problem that it will implement in a week's time. Meanwhile, @Home chatters who used DALnet have been left in the lurch.

"This has been horrible and we're really anxious to get back on," said @Home subscriber and DALnet chatter Michelle Banach. Banach describes herself as an avid chatter. She also administers two sexually themed chat channels. Because she can't access the DALnet network, she has been unable to monitor her channels.

"I need to make sure that people aren't in there who don't belong there, like teenagers," she said. Ms. Banach runs a "see-you-see-me" adult camera room, as well as Michigan@Swingers, a chat area.

Added one user on the "alt.fan.pst" newsgroup: "I've been informed that, until further notice, all users from @Home Network have been K-lined for security reasons. Until I can get unbanned I've got to look into alternative ways of accessing the channel. I might have to change ISPs."

@Home representatives stressed that the security issue was mostly out of their hands.

"College campuses have been dealing with this forever," said @Home network architect Michale StJohns. "There's a machine set up insecurely, and the hacker finds it. The college campus has the right to go in and shut off the machine, but we don't own our customers' computers."

StJohns said @Home had implemented some security features to address the most egregious security hazards associated with WinGate use. He also acknowledged that @Home users were especially apt to be targeted for this kind of hacking exploit.

"We're unique except maybe for RoadRunner," StJohns said. "DSL [digital subscriber lines] is sort of similar and has a lot of the same issues, but there you're dealing mostly with early adopters, who are a little bit smarter about security. As their deployments increase, though, they'll see an increase in these types of things."