Industry retaliates against DoS attacks

ATLANTA - Last night, top computer security executives discussed the latest requirements and technologies to provide early warnings of, mitigate the impact of, reduce production outages and system breakdowns from, and promote industry-wide communications regarding Denial of Service attacks through the Internet.

The event was held in conjunction with NetWorld+Interop 2000 in Atlanta.

Distributed Denial of Service (DDoS) attacks affected high profile e-commerce companies in February depleting their computing power by bombarding them with large volumes of messages. These attacks continue to plague commercial and government Web sites worldwide.

The consortium, known as the RFC2267 DDoS Working Group, was born in response to these DDoS attacks that affected Yahoo!, eBay, E*Trade, Amazon.com, Buy.com and other sites.

"It's imperative that we in the industry take these attacks seriously," said Henry Teng, KPMG, senior manager and chair of the group. "The Internet has proven to be an enormous change agent for how we do business. Now, business must unite in how to master threats that have the potential to destroy a business - threats like denial of service attacks."

Several key themes emerged from the discussion:

The value of sharing experience, information and knowledge on DoS attacks even among business competitors.

The importance of promoting better communication and gaining long term support from ISPs, vendors, customers and law enforcement agencies.

The value of time during an attack, and the importance of developing more effective strategies, tactics and technologies to give businesses more power and control during the attack.

"The Internet is a global phenomenon, and consequently, securing the Internet must be addressed at a global level," said Frank Huerta, co-founder, president and CEO of Recourse Technologies, Inc. "As an industry, we are just beginning to go beyond defending the perimeter and take a more coordinated and proactive stance. Events and meetings like these are necessary for us to build a cohesive dialogue among Internet service providers, e-business leaders, technology providers and other interested advocates."