NASA site blocks out Brazil

NASA's JPL says it's blocking Brazilian access to its Web servers due to a wave of computer attacks

Brazil, we have a problem: NASA's Jet Propulsion Laboratory (JPL) says it is blocking Brazilian access to its Web servers due to a wave of computer attacks from different locations in the country. But a spokesman emphasised on Tuesday that the blockage would remain in effect only until more thorough security measures were put in place.

The blocking maneouver comes amid a wave of concern about new techniques for attacking remote computers -- including the "zombie attacks" that brought down a series of big Web sites last month.

The JPL, a NASA centre managed by the California Institute of Technology, ranks as one of the Internet's most popular sites, with extensive resources on robotic space exploration and images of other worlds. It's also a prime target for computer intrusions: Attrition.org, a security-oriented Web clearinghouse, says JPL servers have been compromised at least seven times in the past year.

JPL's current ban on Brazilian data traffic was first brought to light on Tuesday by Geovani Balbino, a network analyst at the Bank of Brazil's office in Brasilia. Balbino said he noticed more than two weeks ago that he was no longer able to gain access to the JPL site, even though other NASA sites were unaffected. "I'm just a space enthusiast," he said, "so every day I check those sites."

Balbino said he traced the path that his packets of data were taking and found they were blocked at the final jump to JPL. He went so far as to correspond with the laboratory's network personnel, and said he was finally told that Brazilian traffic was blocked because attacks from numerous sites in there had compromised computer security at JPL.

JPL spokesman Frank O'Donnell confirmed that Brazil -- Latin America's most populous country and the Internet's 19th ranked top-level domain -- was being blacklisted for now. "From time to time, when JPL security people detect hacker activity emanating from a particular part of the world, or particular subnets, they will block access until they get the situation resolved," he said.

Such measures are usually not publicised, and O'Donnell declined to provide further details. "The concern we always have with computer security issues is that if you give out too much detail, it could potentially provide information to people with an interest in hacking," he said. "The thing we want to stress is that it's not permanent by any stretch of the imagination." He added that the potential vulnerability "should be resolved fairly quickly".

Blocking traffic from an entire network or country isn't as extreme a measure as it may sound, said Mark Zajicek, daily operations team leader at the CERT Coordination Center. "In general, that is something that's quite often done, usually to give the system administrators more breathing space and limit the traffic that might be coming from a particular source," Zajicek said.

The Pittsburgh centre, which is part of the Pentagon-funded Software Engineering Institute at Carnegie Mellon University, serves as a national clearing house for computer security issues. Although Zajicek couldn't comment specifically about JPL's actions, he said "it's very easy" to block traffic "on a per-domain, or per-site or per-host basis". "As far as how effective it is -- it depends," he said. Some attacks involve "spoofing" the source of the assault, so that an attack appearing to come from Brazil actually originates from somewhere else. "The newer distributed Denial of Service attacks are exactly those kinds of attacks that this reaction (blocking domains) is not effective against," he said.

O'Donnell said he was not aware that JPL servers were involved in last month's distributed computer attacks, but he said the organisation was on guard. "Computer security is a subject that's taken seriously here, and obviously there can be many avenues of attack, such as the recent Denial of Service attacks on some of the commercial sites, as well as other modes," he said. "It's always a bit of a challenge because there are a large number of computer hosts at a large technical organisation like JPL."

Zajicek, meanwhile, declined to comment on whether would-be intruders have targeted NASA computers. "In general, the attacks can span the entire demographics of the Internet. The intruders were trying to find any host that had high bandwidth to the Internet," Zajicek said. "You could find those in all different types of organisations."

What do you think? Tell the Mailroom and read what others have to say.