|
|
|
|
|
|
|
|
|
||
|
|
||
|
Be a Commerce Partner |
Subscribers Don't Know What Their ISPs Do For Them
It's getting more and more dangerous on the Internet, and the best ISPs protect their customers so well that they don't know just how bad it is out there.
|
|
|
We've talked to ISPs that have done all sorts of things for their customers. Some will consider subscribing to newsgroup services for $100 per month if as little as one dialup subscriber asks. Wireless ISP owners routinely spend Saturday mornings on rooftops fixing problems caused by, say, an antenna that shifted during the night (and if the antenna was hit by a baseball, nobody's telling).
During the recent attack from the Swen virus, many ISPs worked overtime. One WISP technician told us that five customers were infected but were harming the entire network. He disconnected the five, called them up, and stayed on the phone with them while they updated their anti-virus software.
The Swen virus, which masquerades as a message from Microsoft, shows how pernicious even well known dangers are. Speaking last year about the SirCam virus, which had been identified in 2001, Mark Sunner, CTO of MessageLabs, an anti-virus and anti-spam provider, said, "There's no excuse for getting SirCam. If you keep your AV products up to date, you should not get SirCam infections."
Technological solutions will solve virus problems only to the extent that users keep their anti-virus products up to date. Unfortunately, many users don't understand the problem and don't care.
One ISP CEO complained to us, "we tried to charge $0.50 per month for anti-virus but people weren't paying for it. They needed it, and when they got infected they got upset at us, and it hurt our network, so now we offer it for free."
Every computer is at risk. In 1998, when the Internet carried less infection, security expert Lance Spitzner connected a standard Linux computer to his wife's ISDN line. He reported that within 15 minutes, the computer had been cracked. Any vulnerability left exposed to the Internet today will be cracked faster because there are worms scanning constantly for known vulnerabilities, taking advantage of the Internet's ever-increasing bandwidth.
The problem is particularly acute in large data centers, where, if one customer is negligent or hasty and leaves a vulnerable server connected, every server in the data center may be at risk from the resulting problem.
The people at EV1 Servers (formerly known as Rackshack), one of the world's largest webhosts by number of servers (about 18,000) and customers (over 400,000), had survived Swen and were feeling confident in their filtering when an unidentified person stated online that they were planning on "ruining the company's reputation."
In a data center this large, the bandwidth pipes are large too. The company has 13 Gbps of bandwidth, which, after overhead, translates into 10 Gbps of usable bandwidth. Much of that pipe is used by legitimate traffic, but only a powerful attack can harm a 10 Gbps pipe.
This particular attack masqueraded as legitimate SYN traffic.
The SYNs of the world
SYN traffic, part of the TCP/IP
protocol, is important, legitimate traffic, but hackers have learned to exploit
it as part of an attack known as a SYN flood.
Randy Williams, CTO of EV1 Servers, says that the ISP was accustomed to dealing with DoS attacks. "We can ID and block the sources of DoS attacks. We generally block individual IP numbers." But SYN floods were more challenging. "It would take several minutes to ID and block the attackers."
EV1 Servers wanted to do better, so they contacted Top Layer, whose Attack Mitigator IPS product includes a feature that deals well with SYN floods.
|
1.
Subscribers Don't Know What Their ISPs Do For Them
|
ISP-Planet's
RSS feed
