Hacker Exposes Weakness of Net Construction
An unscrupulous computer hacker, taking advantage of a weakness in the construction of the Internet, has driven an Internet access company to its knees in an attack computer security experts say is one of the longest ever seen.
The attack has prevented Public Access Networks Corp., the first company to provide Internet connections to New York City residents, from connecting its customers to the global data network for nearly a week.
Thousands of individuals and dozens of companies have been affected, most of them in New York. The company, known as Panix, is small and privately owned and may not survive if the attack persists.
“It means 25 people could shortly be looking for work,” said Alexis Rosen, president and co-owner of Panix. “We may well survive this. We know the business a lot better than most.”
But the attack, and news accounts of it, have given greater exposure to a problem in the Internet’s structure that many security experts and network design engineers are familiar with but rarely discuss publicly.
The hacker is sending scores of requests for information each second to computers at Panix. But the requests have fake return addresses, which confuse the Panix computers. At the rate the fake requests are coming, Panix is unable to handle legitimate interactions with other computers.
Experts from Lucent Technologies Inc.’s Bell Labs and the CERT Coordination Center, a Pittsburgh-based group that responds to Internet security troubles, are helping Panix.
But Rosen said, “There’s no help to be had. This a problem fundamental to structure of the Internet.”
The easiest solution would be for all other Internet access companies to filter their outgoing traffic to make sure the data has legitimate return addresses. But it could take months for companies to agree to that and take the necessary technical steps.
“Until all people start filtering their traffic to assure there are no forgeries in the packets, this attack can continue unabated,” Rosen said.
“We’ve been batting around possible defenses,” said William Cheswick, a Bell Labs scientist. But he said any kind of computer system can be overloaded.
“It’s an arms race,” he said. “A lot of the easy solutions for dealing with the attack are looking for idiosyncrasies in it and separating the attack [data] packets from the other ones. That game only goes on for so long before we can’t tell them apart again.”
Typically, hacker attacks on corporate computers are brief. The length of time that Panix has been under siege is especially severe. It began Sept. 6, was interrupted Sunday evening and restarted Monday.
