ISPs search for a cure

Internet providers are looking to halt the hack attacks that increasingly are crippling Net access services. Now comes the hard part.

CNET News staff
2 min read
Internet providers are searching for ways to halt the trendy hack attacks that increasingly are crippling Net access services, but they're finding that there's no panacea.

The first line of defense is to block attacks being launched from their systems. While that may slow down the attacks, it won't stop them.

Why? Because every ISP in the world would have to do exactly that, and there are just too many of them and no one to enforce universal security standards.

Hack attacks that shut down services such as Panix.com and Internet Chess Club in the past week have brought widespread attention to the problem, leaving. ISPs scratching their collective heads and doing what little they can to try to prevent, or even detect, a so-called SYN flood attack on their own systems.

A SYN flood is a series of connection requests, resurrected by hackers to clog Internet systems, which effectively shuts them down. With a SYN flood attack, hackers play a high-tech version of "doorbell ditch," where you keep knocking on a door but run away.

In this case, hackers send out a massive number of phony authentication requests to an ISP server. When the servers try replying to the requests, they can't because the address is phony. This keeps the server so tied up that it can't answer real calls.

While experts say the hack is relatively easy, the solution isn't.

ISPs do have one remedy: programming their routers to filter outgoing authentication requests for phony addresses.

"That would require every ISP to program routers to do that," Internet consultant specializing in network architecture and security Vik Bajaj said today. "Frankly, that is not going to happen. Any solution that rests on the cooperation of everyone involved is no solution."

Nevertheless, without a solution at hand, ISPs are using the blockage to at least make a dent in the problem from their tiny corners of the Internet.

For instance, Jim Winkleman, director of technology and engineering for ZipLink, a national start-up ISP, reprogrammed its equipment yesterday.

ZipLink is also taking other measures to prevent attacks from being successful. "There's a number of technical things that we're looking at and experimenting with," Winkleman said.

ISPs also can increase the number of requests that can be accepted by their servers, said Christopher Klaus, founder and CEO of Internet Security Systems. His company, like others, is working on a solution as well. "We were able to prevent an attack from happening in our own network" by using their own program, RealSecure, still in beta.

But, Bajaj said, "there aren't any real solutions. It's just a game. You make your system less vulnerable and the attacks get more sophisticated."