*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*
{ Sila lawat Laman Hizbi-Net - http://www.hizbi.net }
{ Hantarkan mesej anda ke: [EMAIL PROTECTED] }
{ Iklan barangan? Hantarkan ke [EMAIL PROTECTED] }
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*
PAS : KE ARAH PEMERINTAHAN ISLAM YANG ADIL
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Assalamualaikum,
Mungkin ada yang telah tahu, untuk pengetahuan semua.
Serangan "Denial Of Service" terhadap beberapa laman
terkenal.
Dipetik daripada
The Rapidly Changing Face of Computing
Feb. 21, 2000
by Jeffrey R. Harrow
Senior Consulting Engineer
Technology & Corporate Development,
Compaq Computer Corporation
Wassalam.
: )
-------------------------------------------------------------------
Distributed Denial Of Service.
As of a week ago, that term, which used to be reserved for discussions
between Internet security experts and network administrators, has made
the six o'clock news and the paper headlines. It's due to several
high-profile Web sites disappearing into cyberspace for hours at a
time; if you clicked on a link to ZDNet, E*Trade, Yahoo, Amazon.com,
CNN.com, and others -- nothing happened.
What is a Distributed Denial Of Service attack? Basically, in a
D.D.O.S. attack the attacker hides software "time bombs" in many
unsuspecting computers around the Internet. Then, when he or she is
ready, those "time bombs" are given the address of the computer to be
attacked and they begin establishing a massive number of bogus
connections with the target -- all at once -- generating as much as 1
gigabit/second of data in the case of the attack on Yahoo. Because the
target is trying its best to complete these connection requests but
can't do so, all of the computer's resources get tied up and legitimate
connections can't be made.
More detail is available from CERT at
http://www.cert.org/advisories/CA-2000-01.html
<http://www.cert.org/advisories/CA-2000-01.html> and
http://www.cert.org/reports/dsit_workshop.pdf
<http://www.cert.org/reports/dsit_workshop.pdf> , and from PCWorld at
http://www.pcworld.com/cgi-bin/pcwtoday?ID=15199
<http://www.pcworld.com/cgi-bin/pcwtoday?ID=15199> . And there's a
very
understandable explanation of this type of attack, and why its so
difficult to protect against, in the Feb. 15 Crypto-gram at
http://www.counterpane.com/crypto-gram-0002.html#DistributedDenial-of-S
<http://www.counterpane.com/crypto-gram-0002.html#DistributedDenial-of-S>
erviceAttacks .
D.D.O.S. attacks are not new, but two things are rather new: the high
profile nature of the targets; and the growing importance, both for
access to information and for commerce, that the general public is now
placing on having uninterrupted access to these Web services. Also,
there's the economic impact: Yankee Group estimates that the real loss
from these attacks, including market capitalization losses for the
firms attacked, was "in excess of $1.2
billion"(http://www.pcworld.com/cgi-bin/pcwtoday?ID=15219
<http://www.pcworld.com/cgi-bin/pcwtoday?ID=15219> ). And that
is not small change.
And so the government's response is significant as well: Attorney
General Janet Reno has tasked the FBI to get involved, "... tracking
those who are responsible," according to the Feb. 8 ZDNet News
(http://www.zdnet.com/pcweek/stories/news/0,4153,2435149,00.html
<http://www.zdnet.com/pcweek/stories/news/0,4153,2435149,00.html> ). If
the FBI is successful in finding the perpetrators, they may not be very
happy, since the Feb. 9 TechWeb
(http://www.techweb.com/wire/story/TWB20000209S0011
<http://www.techweb.com/wire/story/TWB20000209S0011> ) describes
penalties as high as $250,000 and five years in jail for the first
offense, and 10 years for offense number two, plus civil fines and
twice the amount of damages suffered by the owners of the attacked Web
sites.
I heard President Clinton talking about the issue on the radio, and a
meeting has taken place between Clinton, his Chief of Staff, Reno, the
Commerce Secretary, the National Security Advisor (quite a lineup!),
and Internet executives
(http://www.abcnews.go.com/sections/tech/DailyNews/netsummit_000215a.ht
<http://www.abcnews.go.com/sections/tech/DailyNews/netsummit_000215a.ht>
ml). Clinton, calling these events "a needed wake-up call," has
requested $2 billion, plus a $9 million supplement to this year's
budget, to "...protect the nation's computer networks from attack."
And Congressional committees are discussing the issue as well. You
just don't get any higher-level attention.
(Why is the government so concerned? It goes beyond the economic
issues we've experienced with this attack -- it's more an issue of far
more serious "cyber-warfare." For an insight into where this could
conceivably lead, check out the Feb. 16 BBC article are
http://news.bbc.co.uk/hi/english/sci/tech/newsid_642000/642867.stm
<http://news.bbc.co.uk/hi/english/sci/tech/newsid_642000/642867.stm> ,
brought to our attention by RCFoC reader Kenneth LaCrosse.)
I see these apparently coordinated attacks, and Internet users' and the
government's responses to them (and their further concerns), as a clear
recognition of the already significant, and growing, importance of the
Internet to our society. If the Internet were still just a research
network, or had little importance to how we do business, this might
have been a "ho hum" event and certainly wouldn't have gotten the
Attorney General on TV. But as the Internet continues to innervate how
we work, live, and play, the loss of its services, even temporarily,
becomes significant. Both socially, and economically.
Of course other kinds of attacks can have a direct effect on cold hard
cash (or its credit card equivalent): For example, RealNames, a
company that provides a form of Web addressing service, had its server
compromised, and it appears that all of their customers' credit card
and related personal information may now be in the hands of the vandals
(http://news.cnet.com/news/0-1005-200-1547688.html
<http://news.cnet.com/news/0-1005-200-1547688.html> ). If you
registered
a RealName, this should bring these issues very close to home for you.
(Kudos, though, to RealNames for going public with this immediately,
and for taking aggressive action to advise its customers.)
As with most "problems," looked at a different way, these security
problems also represent "opportunities." Insurance firms such as J.S.
Wurzler Underwriting Managers, American International Group, Cigna, and
J&H Marsh & McLennan, offer "Hack Attack" insurance! The price is
around $10K - $25K for a million dollars of coverage. Although,
according to the Feb. 11 Inter@ctive <mailto:Inter@ctive> Week
(http://www.zdnet.com/zdnn/stories/news/0,4586,2436984,00.html
<http://www.zdnet.com/zdnn/stories/news/0,4586,2436984,00.html> ),
Wurzler's CEO said they may now have to raise the price...
So what I take away from these events is a recognition that the
Internet is indeed "growing up," that it is clearly headed towards
becoming the next "utility," and that its operation has become
important enough that the government will do its best to keep the
Internet on an even keel. It's a shame to come to these recognitions
through such negative events, but perhaps, as with so many things, we
only begin to really realize the Internet's importance once it's (even
temporarily) not there.
-------------------------------------------------------------------
http://alpha.mysmac.com.my/~hafnie
Autoresponder <mailto:[EMAIL PROTECTED]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
( Melanggan ? To : [EMAIL PROTECTED] pada body : SUBSCRIBE HIZB)
( Berhenti ? To : [EMAIL PROTECTED] pada body: UNSUBSCRIBE HIZB)
( Segala pendapat yang dikemukakan tidak menggambarkan )
( pandangan rasmi & bukan tanggungjawab HIZBI-Net )
( Bermasalah? Sila hubungi [EMAIL PROTECTED] )
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pengirim: Harisfazillah Bin Jamel <[EMAIL PROTECTED]>
