Connections slow as computer vandals execute ‘smurf attack’

by V. Paul

University students and faculty members had difficulty accessing the University online service from their homes Tuesday night because of an old-fashioned “smurf attack.”
One of the three modem banks through which outside users dial up the University servers was targeted by a denial-of-service attack between 10 p.m. and midnight on Tuesday.
The attack sent streams of data at the modems, slowing down Internet connections. Using a method called a smurf attack, unknown computer vandals sent a single information packet to outside routers or broadcast systems that then launched upwards of hundreds of packet copies at University modems.
There is no defense against this sort of attack, said Susan Levy Haskell, a security response incident coordinator for the University’s Networking and Telecommunications Services. All network administrators can do is monitor their systems and respond to an attack quickly.
“We were attempting to throw away the traffic as fast as possible,” said John Ladwig, a security architect for networking services. “It’s an arms race, and they’re ahead.”
Combined, the University’s three modem banks can handle up to 2,000 users in a single moment; the attack essentially disabled one-third of the University’s capacity.
Tuesday’s incident was simply the most recent in stepped-up copy-cat attacks the University has had to weather since CNN, Yahoo and other media outlets were targeted by similar attacks several weeks ago.
“There are minor attacks going on (against the University daily),” said Steve Cawley, associate vice president and chief information officer. “Many days, it’s simply an annoyance for our networking staff. Our folks are generally getting very good at getting at (the attacks) quickly and restoring service.”
The methods the unknown computer vandals used to clog the University dial-up system were unusual because they were not over the Internet. Instead, vandals used a method that fell out of fashion more than a year-and-a-half ago, Haskell said.
The attackers sent out a “ping” packet with a forged University address to several Internet routers.
“Ping” packets are legitimate tools used by network operators to determine what objects are connected to their networks. When a packet is sent, each object returns the packet — essentially pings back — to the sender, letting the sender know it is hooked up.
In Tuesday’s attack, the objects connected to the routers “pinged” back the packets to the University instead of the original sender. The vandals’ single information packet became hundreds.