A New York-based Internet access provider has been crippled for nearly a week as a result of a hacker attack in which messages pouring in overwhelmed the computers, the company says.
Panix (Public Access Networks) began receiving the barrage of packet streams with fake return addresses last Friday on different computers on the company's network, interrupting services to its subscribers. The attack, which experts say is easy to achieve, underscores the vulnerability of the Internet, according to Panix.
"The nature of the Internet, which is designed to let machines communicate with a minimum exchange of identifying information, makes every site on the Internet vulnerable to this sort of attack," Panix president and co-owner Alexis Rosen says in a statement. Rosen says ISPs (Internet service providers) must cooperate on figuring out ways to prevent such attacks.
"This is a nasty problem and it's a problem people haven't worried much about before because the rest of security is so bad," says Peter Neumann, principal scientist at the computer science lab at SRI International, a not-for-profit think tank that formerly was the Stanford Research Institute. "Suppose it was AOL -- it could have brought them to their knees."
The infrastructure of the global network is not designed to protect against such attacks, which have caused both malicious and unintentional shutdowns to computers in the past, he says. "If you had meaningful authentication and meaningful access controls, which we don't have at the moment, then you still wouldn't be able to stop this problem," he says.
The Internet needs operating system and network security, user and network authentication and good cryptography, he says. "And there are serious obstacles in achieving every one of those things."