Home > Articles > Home & Office Computing > Mac OS X

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Everybody Else

Finally, there's everybody else out there in the computing and network world. You might not think of them as a threat, or even an issue in planning your security strategy, but in many cases they play a significant role.

Consider the fact that in the recent Distributed Denial of Service attack against GRC.com (http://grc.com/dos/grcdos.htm)—it's an amusing read, and provides good insight into the mind of the script kiddie and the thug, especially in the excerpted bits of communication between them), machines belonging to 474 random MS Windows users around the Internet participated in knocking the company off the Net. It's highly unlikely that any of these users intended to attack GRC.com, or had anything against the company, yet participate their machines did. This attack and several more following it were perpetrated by a 13-year-old, self-proclaimed thug using pure script kiddie techniques, namely an IRC attack-bot written by a considerably more senior cracker. As is typical for the breed, he appears, despite claims to the contrary, to know little to nothing about how the "bot" works. Also typical, in the ongoing quest for self-aggrandizement, he made minor modifications to it such as changing the name, then claimed it as his own work and unleashed its destructive power on an unsuspecting company that he felt had indirectly insulted him. In the process, it co-opted the resources of 474 "innocent" Windows machines and turned them into zombies participating in the attack. What can you do about hundreds of other machines that you've no connection to and no control over? Nothing immediate or direct, but it's the complacent acceptance of people running insecure and vulnerable software that allows these people to continue to run software that even a clueless script kiddie can crack. Keep up with the security vulnerabilities in software that's out there, make very sure you're not running it, and then work to make it unacceptable for the people around you to run it, either. The fact that "everyone's doing it" isn't an excuse to continue; it's the reason there's a problem.

Perhaps of greater concern (and also demonstrated conveniently by attacks against GRC.com, which you can read about at http://grc.com/dos/drdos.htm), there are new methods out there that make use of machines that haven't even been compromised to execute their attacks. They use defects in the basic design of various software fundamental to the working of the Internet to perpetrate attacks directly, rather than to compromise the machines running the software. This will be a more difficult problem to solve than that of individuals running vulnerable software: The machines effecting the attack may be (and in the case of the attacks on GRC.com, were) doing exactly what they're supposed to do, and what is required of them to carry on the transmission of the normal Internet traffic that we expect of them on a day-to-day basis. Fixing the problem in a general sense is going to require either rethinking the way we use our network resources or inventing and installing some clever filtering software on every ISP's servers. Neither of these is likely to happen overnight, but at the least you can understand the potential threats, and be supportive of those changes that are likely to effect valuable protections to other network citizens. Some of the changes might be inconvenient, and are almost certain to be unpopular, but they're nowhere near as inconvenient as having your machine completely and unpreventably bashed off the Net by 13-year-old malcontents.

  • + Share This
  • 🔖 Save To Your Account