NASA site blocks out Brazil
The blocking maneuver comes amid a wave of concern about new techniques for attacking remote computers - including the "zombie attacks" that brought down a series of heavy-duty Web sites last month.
The Jet Propulsion Laboratory, a NASA center managed by the California Institute of Technology, ranks as one of the Internet's most popular sites - with extensive resources on robotic space exploration and images of other worlds. It's also a prime target for computer intrusions: Attrition.org, a security-oriented Web clearinghouse, says JPL servers have been compromised at least seven times in the past year.
JPL's current ban on Brazilian data traffic was first brought to light Tuesday by Geovani Balbino, a network analyst at the Bank of Brazil's office in Brasilia. Balbino said he noticed more than two weeks ago that he was no longer able to gain access to the JPL site, even though other NASA sites were unaffected.
"I'm just a space enthusiast," he told MSNBC, "so every day I check those sites."
Balbino said he traced the path that his packets of data were taking and found that they were blocked at the final jump to JPL. He went so far as to correspond with the laboratory's network personnel, and said he was finally told that Brazilian traffic was blocked because attacks from numerous sites in Brazil had compromised computer security at JPL.
JPL spokesman Frank O'Donnell confirmed that Brazil - Latin America's most populous country and the Internet's 19th-ranked top-level domain - was being blacklisted for now.
"From time to time, when JPL security people detect hacker activity emanating from a particular part of the world, or particular subnets, they will block access until they get the situation resolved," he told MSNBC.
Such measures are usually not publicized, and O'Donnell declined to provide further details. "The concern we always have with computer security issues is that if you give out too much detail ... it could potentially provide information to people with an interest in hacking," he said.
"The thing we want to stress is that it's not permanent by any stretch of the imagination," he said. The potential vulnerability "should be resolved fairly quickly."
Blocking traffic from an entire network or country isn't as extreme a measure as it may sound, said Mark Zajicek, daily operations team leader at the CERT Coordination Center. "In general, that is something that's quite often done, usually to give the system administrators more breathing space and limit the traffic that might be coming from a particular source," Zajicek told MSNBC.
The Pittsburgh center, which is part of the Pentagon-funded Software Engineering Institute at Carnegie Mellon University, serves as a national clearinghouse for computer security issues. Although Zajicek couldn't comment specifically about JPL's actions, he said "it's very easy" to block traffic "on a per-domain, or per-site or per-host basis."
"As far as how effective it is - it depends," he said. Some attacks involve "spoofing" the source of the assault, so that an attack appearing to come from Brazil actually originates somewhere else.
"The newer distributed denial-of-service attacks are exactly those kinds of attacks that this reaction (blocking domains) is not effective against," he said.
O'Donnell said he was not aware that JPL servers were involved in last month's distributed computer attacks, but he said the organization was on guard.
"Computer security is a subject that's taken seriously here, and obviously there can be many avenues of attack, such as the recent denial-of-service attacks on some of the commercial sites, as well as other modes," he said. "It's always a bit of a challenge because there are a large number of computer hosts at a large technical organization like JPL."
Zajicek, meanwhile, declined to comment on whether would-be intruders have targeted NASA computers.
"In general, the attacks can span the entire demographics of the Internet. ... The intruders were trying to find any host that had high bandwidth to the Internet," Zajicek said. "You could find those in all different types of organizations."