Related Resources • Are We Under Attack? • Glossary of Terms • Zombie Computers    Elsewhere on About • China Takes US Hostages • Cyberterrorism Links • Web Security • Computer Crime

Elsewhere on the Web • Emergency Net   • China chat attack   • Intrusion Detection FAQ   • The China Syndrome   • CNN on Cybercrime

As the events surrounding the World Trade Center and Pentagon disasters unfolded, many people turned to the Internet for information and community. According to a Reuters news report, Internet News Traffic Soars Following U.S. Attacks, the additional traffic brought some sites to a virtual standstill. Overall though, the majority of sites held up well in spite of the increased traffic demands. Would the same be true if the terrorist attacks extended to a large scale denial of service attack?

In many instances, denial of service attacks are implemented through the use of Remote Access Trojans, or RATs. A RAT can be placed on an unsuspecting user's machine in a variety of ways: through an infected file download, via an infected email attachment, or passed through Internet Relay Chat (IRC). Once established on the system, the RAT phones home to its controller to let it know it is in place. One of the more popular RATs is the SubSeven Trojan. Estimates are that at any given time thousands of machines are infected by these Trojans. The affected machines are referred to as Zombies.

In a Distributed Denial of Service (DDos)attack, the Zombies are all directed to begin flooding specific sites with traffic. Under the deluge, the sites are crippled and thus unable to handle any additional traffic. Thus the phrase "denial of service." This can be likened to tens of thousands of people all trying to call into a single phone circuit. The circuit becomes overwhelmed and the familiar "all circuits are busy" results. Bennet Todd of Open Source Security has a much more indepth explanation of DDoS attacks in his whitepaper, Distributed Denial of Service Attacks. The recent Code Red worm attacks attempted a similar DDoS attack against the U.S. White House web site. That attack was unsuccessful due to clever manuevering on the part of the FBI and other U.S. officials.

DDoS attacks are preventable. In the case of Code Red, a simple security update - which had been available for quite some time before the exploit - does the trick. In the case of RATs, a decent firewall that monitors both inbound and outbound connection attempts can prevent a RAT from phoning home. Two very good firewalls are free for personal use: ZoneAlarm and Tiny Personal Firewall. Antivirus software is also fairly adept at detecting the more common remote access Trojans. The more people who employ firewall and antivirus protection, the safer and more reliable the Internet becomes for us all.