"Smurf" attack hits Minnesota

A "smurf denial of service" attack against the University of Minnesota causes data loss and slow connections across the state.

Paul Festa Staff Writer, CNET News.com
Paul Festa
covers browser development and Web standards.
Paul Festa
2 min read
University of Minnesota computer networks suffered a "denial of service" attack today that caused data loss and slow connections throughout the entire state.

The attack came at 11 a.m. CT and lasted more than an hour, according to the university, though some targets reported feeling the effects earlier and for a longer duration.

Aimed at the university, the attack set off a chain reaction throughout the state, shutting down some computers entirely and in other cases causing data loss and network slowdowns.

It "created a cyber-traffic jam," UMN security incident response coordinator Susan Levy-Haskell said in a statement. "Users had difficulty accessing their servers and/or felt slowness in the system. A small number of people were totally shut down. It was necessary to down the connection to the University of Minnesota's Crookston campus, which was the target of the attack."

David Bergum, senior network engineer at MRNet, which claims to be the state's largest Internet service organization, said his network was severely affected.

"We had about 2-1/2 hours of severely degraded service, with 30 percent or more packet loss to certain places," he said. "Ten percent packet loss is noticeable, and 30 percent is pretty terrible."

According to Bergum and a statement released by the university, the attack was of the kind known as a "smurf denial of service" attack. The subject of a January advisory by the Computer Emergency Response Team (CERT), the attack floods the targeted network with replies to bogus "ping" packets.

Ping packets are sent to elicit response from networked computers. In a "smurf" attack, the attacker specifies the targeted computer as the ping packet's return address and sends out enough requests to guarantee a deluge of responses.

The attack affected MRNet because the ISP has a cooperative agreement with the university to share bandwidth provided by MCI Communications and Sprint, according to Bergum.

Because MRNet was affected, so too were the Fortune 500 companies, small businesses, and nearly all of the state's private colleges that are MRNet customers.

"We had to take our site down," said Gary Shade, president of Web design and hosting firm and MRNet client Shade's Landing. Shade said his company had felt effects of the attack as early as 10 a.m. and continued to suffer system overload well into the afternoon.

Today's attack is the second in the last two weeks for the University of Minnesota. The university was also a target in the denial of service attack that hit NASA, the Navy, and university campuses nationwide earlier this month.

As part of its January advisory, CERT posted recommendations for preventing smurf attacks.