The cyberassault that caused outages on Yahoo Inc.'s heavily trafficked Web portal Monday appears to have been just the start of a wave of denial-of-service attacks on large e-commerce and news sites.
Yesterday, Buy.com Inc. and eBay Inc. experienced shutdowns prompted by attacks similar to the one directed against Yahoo's California data center. The attack on Buy.com came within an hour of the online retailer's initial public stock offering and lasted about three hours. Both companies are clients of service provider Exodus Communications Inc. in Santa Clara, Calif., which reportedly issued a denial-of-service alert yesterday.
Other sites have also apparently been targeted. Internet monitoring firm Keynote Systems Inc. in San Mateo, Calif., reported yesterday that it observed a sharp drop in access speed and availability of a Web site run by Amazon.com Inc. and CNN.com, a unit of Time Warner Inc. Both sites appeared back to normal an hour later.
"On most sites, availability is 95 to 98%. What we have been seeing during these attacks are availability averages as low as 0% — in other words, it's next to impossible to get through," said a Keynote spokeswoman. Officials at both CNN and Amazon were not available for comment.
The spokeswoman for Keynote, which was among the first outside observers to detect the attacks, said the company had corresponded with a conference in San Jose yesterday sponsored by the North American Network Operators Group. She pointed out that the topic of the first session on the conference's agenda was denial-of-service attacks, and that session took place at the same time as the Yahoo attack.
Russ Cooper, editor of the popular security mailing list NTBugtraq, said the attackers are likely people trying to illustrate weaknesses in the Internet infrastructure. "They are attacking things that the media will notice. It is obviously an attempt to draw attention to some fact," Cooper said.
The attacks on Yahoo, eBay, Buy.com, CNN and Amazon have followed a pattern that suggests a denial-of-service attack. In each case, sites have been targeted with a massive volume of mock traffic that overwhelms servers and blocks routine traffic. Security analysts said the sheer amount of packet traffic in these attacks suggests a coordinated effort that uses many linked machines, which could have been hijacked by attackers from a remote location.
A spokeswoman for Yahoo, which was shut down for three hours Monday, said the source of the attack has been narrowed to 50 IP addresses. She said it was halted when filters were installed on routers that were able
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
