On 8 Feb 2000, Sean Donelan wrote:
Date: 8 Feb 2000 03:25:36 -0800 From: Sean Donelan <sean@donelan.com> To: nanog@merit.edu Subject: Yahoo! Lessons Learned
As much as I enjoy finding out about Yahoo & GlobalCenter issues by reading the newswires, I wonder if there are any lessons we can learn from these events. Or was this not big enough to get attention of upper management?
Possibly.
Was there something Yahoo!, GlobalCeneter or other providers could have done, either individually or in cooperation, to prevent the
problem?
Yes. One of the emails sent in, mentioned that a network they work with or for was being utilized as an amplifier. Each network that have gateway routers should ensure that they disallow IP broadcasts. It was mentioned that this was a co-ordinated attack. That meant a bit of planning and access to various machines. As to the number of attackers only Yahoo's internal people may know. Even then it may have only been one individual with a script that accessed many locations at one time and initiated the commands. There is the ability to do such an attack. The reality of "stay connected 24/7" at the household level with highspeed internet, makes the possibility of this attack more of a multi level victom attack. Home users do not know that they are leaving the door open to exploitation with simple Window's shares. Savy people gain access to the cable and dsl modem user's PCs and then launch their attacks. Small utilities are put in place to make it easier to find the exploited machines. Thus creating a network of available attack, harder to track connections. Education is a tool that can be used to inform customers. If each node on the Internet takes care of it's own doors then there will be less available launching pads. Thus making it a bit simpler to track an attack. Who or what will do the education is a question. Who are the responsible parties if no education is taken or given? To me, the responsiblity question is a nitemare at best. I just hope Yahoo's unfortunate incident opens some eyes, some lines of communication and education. K. Graham Network Analyst, CCNA kim@penguin-power.com