Hackers attack Mac sites

A Swedish site that dared Netizens to crack its Macintosh Web server was hit by a "denial of service" attack.

2 min read
A Swedish site that dared Netizens to crack its Macintosh Web server was hit by a "denial of service" attack.

Hackers not only blocked surfers from accessing the overseas site but also may have attacked a well-known U.S. site as well--MacInTouch.

MacInTouch reported today that its "domain remains under SYN flood attack," meaning visitors may not be able to get into the site. MacInTouch has teamed up with the Swedish site's creators to try to stop the assault.

The Swedish Crack-a-Mac contest was "aimed at trying to prove that no one can alter the content on a Mac OS based Web server," according to a letter from the contest coordinator, Joakim Jardenberg.

"We at Infinit Information in Sweden are running this challenge for the second time, and the reward is still 100.000 SEK to the first one to change the content on the pages on 'http://hacke.infinit.se.' But as it is right now, no one will be able to even try and claim the reward. The server is unreachable," he wrote.

CNET's NEWS.COM was able to access the site, but operators of both sites have posted warnings that the attacks could resume.

Other Mac sites were rumored to be affected, but Stan Flack of MacCentral said his site was not under siege. "We have had some email indicating other sites had been affected, but ours hasn't. The panic may be a part of the whole InterNIC fiasco." (See related story)

In a typical connection, the user sends a message asking the server to authenticate it. The server returns the authentication approval to the user. The user acknowledges this approval and then is allowed onto the server.

In a "denial of service" attack, the user sends several authentication requests to the server, filling it up. All requests have false return addresses, so the server can't find the user when it tries to send the authentication approval. The server waits, sometimes more than a minute, before closing the connection. When it does close the connection, the attacker sends a new batch of forged requests, and the process begins again--tying up the service indefinitely.