CNET también está disponible en español.

Ir a español

Don't show this again

Tech Industry

New site communes against hackers

System administrators are joining forces to fight hackers and crackers, using a common Web site to track hacker activity in an effort to build better firewalls.

    System administrators are joining forces to fight hackers and crackers, using a common Web site to track hacker activity in an effort to build better firewalls.

    DShield.org is a free service that lets firewall users at home and at work share information about crackers and hackers who are trying to break into other people's computer systems.

    The Cambridge, Mass.-based Web site, the brainchild of Johannes Ullrich, asks visitors to submit their firewall logs so they can be compared against other logs in order to identify patterns of suspicious behavior.

    Ullrich said one reason behind building the site was the way hackers plant software on an unsuspecting victim's computer and turn it into a "zombie" machine in order to launch so-called denial-of-service (DDoS) attacks.

    DDoS disruptions occur How a denial of service attack workswhen attackers barrage a Web site's servers with fake packets of requests for information. When the victim server responds, the culprit's system steps up the barrage by sending more requests. The system may crash when the affected Web site struggles to keep up with the mounting number of requests.

    A string of DDoS attacks that struck such e-commerce titans as eBay, Amazon.com and Buy.com earlier this year gave Ullrich the idea to start his Web site.

    "I did hear how banks used similar systems and weathered a number of DDoS attacks successfully. I believe a system like this should be available in the public domain and provide as unfiltered as useful access to a wide range of firewall log information," he said.

    Although Ullrich urges visitors to register on the 2-week-old site, people can submit logs anonymously.

    Group efforts to defend against hackers are good for the industry and can be successful if implemented in the right way, said Richard Smith, chief technology officer of the Privacy Foundation. But there are some issues that should be dealt with as the effort goes forward.

    "One concern of mine is having all these logs in a central repository. If that's the case, there could be a privacy issue," Smith said. "The issue of vigilantism concerns me as well, having all of these systems administrators acting like a police force. They have to be really careful with what they do with the information. If in the wrong hands, a hacker could go back and use the information to attack those systems."