This is an update on the broadening global cyberwar against Revisionist
and other dissident sites.
It started with the weekend attack on Web Communications, (Webcom) the server
hosting the Zundelsite. Apparently for 40 hours straight, some automatic
software program shot out 200 MESSAGES PER SECOND into the server computer
system, with the following result, as summarized by a press release from
Webcom:
WEB COMMUNICATIONS SUFFERS INTERRUPTION OF SERVICES DUE TO MALICIOUS NETWORK ATTACK
SANTA CRUZ, Calif., December 16, 1996 Web Communications (WebCom) (http://www.webcom.com), one of the world's largest Web site hosting services, 3,000 Web sites receiving 2,000,000 hits per day, reported today that it had become the latest victim of the form of Internet sabotage known as a "denial of service" or "SYN flood" attack. This type of attack became well-known when PANIX Networks of New York and the New York Times suffered similar attacks in September, 1996. It is particularly problematic because it can be perpetrated by almost anybody with access to the Internet and only a modest level of technical sophistication, is difficult to trace back to the perpetrator, is nearly impossible to defend against regardless of the type of computer or operating system being attacked, and results immediately in complete disabling of the targeted server.
For 40 hours beginning on Saturday, December 14, 1996 at 12:20 AM PST, the company's Web server, and thus all 3,000 Web sites hosted by the company, were rendered virtually inaccessible by the attack. Customer email was not affected by the attack, however. By Sunday December 15 at 3:00 PM the company, by working in concert with network engineers at 3 different major Internet Service Providers (ISPs), succeeded in pinpointing and blocking the source of the attack, and the attack itself ceased at 7:00PM Sunday.
Within moments of the onset of the attack, WebCom network engineers were automatically alerted that the Web server had ceased responding to requests. WebCom engineers quickly determined that the server was suffering a network attack, and immediately contacted PSI, the Internet Service Provider which services the WebCom network, and worked throughout the duration of the attack with PSI network engineers to develop and implement a strategy for determining its source.
Approximately 14 hours into the incident, PSI was able to determine that the attack was entering the PSI network from the MCI network. MCI was immediately notified, and was eventually able to determine that the attack was entering their network from CA-Net, a Canadian ISP. CA-Net in turn traced the attack to BC-Net, who traced it to a network at a college in British Columbia. MCI then blocked all traffic to WebCom originating from CA-Net as a temporary measure, and lifted the block after the attack ceased.
The "SYN flood" or "denial of service" attack succeeds by taking advantage of the fact the Internet currently does not prevent the sending of phony network packets with falsified return address information. Network saboteurs exploit this vulnerability by sending hundreds of phony network packets requesting a connection with a server. The server dutifully sends an acknowledgment to each connection request, but since it has been provided with a phony return address, it never receives a response to its acknowledgment. Because vendors of Internet protocol software never anticipated a server having so many simultaneous pending requests waiting for an acknowledgment, the system's pending connection queue quickly reaches capacity and the system stops responding to legitimate connection requests. The most powerful servers on the Internet can be effectively disabled with this method using only a Pentium class computer, a 9600 baud modem, and readily available software designed to execute the attack.
In a bulletin dated December 10, 1996, the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC - http://ciac.llnl.gov/), an organization dedicated to educating the public about computer and network security vulnerabilities and solutions reported:
Any system that is connected to a TCP/IP-based network (Internet or intranet) and offers TCP-based services is vulnerable to the SYN flood attack. The attack does not distinguish between operating systems, software version levels, or hardware platforms; all systems are vulnerable.
Because this attack takes advantage of the TCP protocol itself, it cannot be eliminated without changing the protocol. However, it is possible to make changes to the implementation of the connection establishment procedure that can mitigate the problems caused by the attack, and several vendors have either made such changes or are in the process of making them.
"The SYN flood attack exposes a gaping hole in Internet security which must be fixed rapidly." said Chris Schefler, President and co-founder of WebCom. "We now join PANIX Networks of New York and the CIAC in calling on Internet Service Providers and infrastructure vendors to implement as rapidly as feasible mechanisms which will both ameliorate server vulnerability to SYN flood and related attacks as well as block network users from sending forged network packets in the first place. In the meantime, we urge all ISPs to educate themselves about this problem and develop contingency plans for tracing the source of such attacks so that they can be rapidly blocked as soon as they occur," he added.
"Although this attack represented by far the most serious interruption of our services in our 2-year history of operations, we are confident that most ISPs will act quickly and responsibly in configuring their networks to disallow forged packets, and that router and operating system vendors will shore up this vulnerability in the next release of their products," said Thomas Leavitt, Executive Vice President, co-founder, and chief network administrator at WebCom. "We all learned alot in this incident and as a result we will be able to respond and defend ourselves much more quickly and effectively in the event of a recurrence of such an attack", he added.
"We owe a great deal of thanks to PSI, MCI, and CA-Net for working closely with us day and night throughout the weekend to pinpoint and block the source of the attack, as well as to Thomas Leavitt who really drove and coordinated the entire effort throughout the weekend" said Schefler. "The perpetrator of the attack may be objecting to something being published by one of our customers, may be a disgruntled customer, or may just be a bored hacker," he said. "We are attempting to contact the college from which the attack originated and identify the culprit positively, and are making progress in that regard. Both WebCom and thousands of our customers suffered substantial damages as a result of this attack, and we intend to do everything within our power to see that the culprit is held responsible," he concluded.
Web Communications was founded in May, 1994 by Chris Schefler and Thomas Leavitt to provide innovative, easy-to-use tools, resources and services designed to assist individuals and organizations publish and communicate effectively and affordably on the global Internet, and has since become one of the largest hosts of Web sites and email services in the world."
(End of press release)
The attack above appears to this computer illiterate to be the equivalent
of an electronic "nuclear blast". The president of Webcom, in
an interview with a computer magazine reporter, has stated that there is
no evidence that the target was the Zundelsite, but that he does not rule
it out.
I would like to say also that Webcom, which has hosted our site for more
than a year, has been impeccable and scrupulously professional in their
response to sabotage directed at our site.
Webcom was under heavy pressure in the January attack by Deutsche Telekom
in Germany against us that shut down some 1500 websites at the time and
led to the first Zundel-mirrors put up across prestigious universities.
It would have been easy to ask us to leave; Webcom did not do so. Whether
they will withstand this kind of pressure this time around remains to be
seen - but whatever the outcome, I want to go on record saying that here
was one heck of a principled server who held on to his principles, at great
costs to himself.
And this is only the beginning. This morning, I woke up to yet another e-mail
bomb, resulting in some 800 letters to our e-mail address and, apparently,
an attempt to sign us up with automatic lists that will keep shooting unwanted
messages to us. (As I am writing this, this is still going on!) Not only
that, several other Revisionist sites - as well as dissident sites that
have nothing to do with us, such as Militia sites - seem to have been similarly
bombarded.
As we go into the Christmas season, do we have an electronic "Intifada
War" on our hands? It surely looks like it. It's us with no weapons
at all except our minds, our will and our documents against very sophisticated
computer weaponry to blast us out of cyberspace.
I looked up the word "intifada" - apparently it is Arab and means
"shaking off." We ARE shaking off the lies of half a century.
It's our "rocks" against their "nuclear" devices.
Ingrid
Thought for the Day:
"My private and public feud with Fascism keeps me alive."
(Abraham L. Feinberg)