CurzTech News Network
CurzTech News Network | CurzTech World News | CurzTech U.S. News | CurzTech Entertainment News | CurzTech Political News | CurzTech Conspiracy News | Yesterday's News | Offsite Archive
If Slammer's weekend assault had come just 48 hours later, the end result might have been a virtual Net shutdown. Institutional investors unable to make trades could have lost billions of dollars.
While the chaos caused by the Slammer worm on Saturday, Jan. 25 has subsided, the tiny program that gummed up the Internet leaves some painful insights into the immense damage a voracious invader can inflict -- not only on its direct targets but to secondary ones as well. Above all, Slammer, which infected the ubiquitous Microsoft (Nasdaq: MSFT) database software used to manage corporate information, was a further demonstration of just how vulnerable the Internet remains.
In this case, not using Microsoft software or products that rely on Redmond's databases was no guarantee. On the North American Network Operators list-serv, a bulletin board for network engineers, a slew of frustrated posts complained that, even after the switches and routers that serve as network traffic cops were reprogrammed to ignore Slammer, the sheer volume of worm traffic continued to bury networks. Unlike a virus, a worm doesn't require e-mail to replicate and transmit itself into other systems.
Telephone service, ATM networks, and crucial communications linkages that depend on the Net were knocked out. And while that was bad enough, things might easily have been much worse. "If it had been Monday morning, you would have had not just the tech industry buzzing -- I think you would have been talking about serious collateral damage," says Tom Ohlsson, vice-president for network-monitoring services provider Matrix NetSystems in Austin, Tex.
Fortunate Timing
If Slammer's weekend assault had come just 48 hours later, the end result might have been a virtual Net shutdown. Institutional investors unable to make trades could have lost billions of dollars. Local emergency-response operators, who rely on the Net to direct "911" assistance, might have been staring at frozen screens. Banking services, which encrypt their data traffic over the public Internet, might have ground to a halt.
The likelihood that a Slammer-style worm will hit at a more vulnerable moment is high, according to experts like Vincent Weafer, director of the computer-security outfit Symantec's (Nasdaq: SYMC) Anti-Virus Response Center (SARC). Weafer points out that every worm attack has been shorter, but much more intense, than its predecessor. And the potential for attacks is clearly rising. Vulnerabilities that researchers and companies report every week to BugTraq, a mailing list, and to CERT , a Net watchdog, have increased from an average of 20 to 25 in 2001 to around 40 or 50 in 2002.
Slammer's ripple effect also demonstrated how damage can spread beyond prime targets. For instance, due to the sheer volume of overflow traffic, some outfits running Linux-based systems in the same data centers as Slammer-infected machines also lost access to their non-Microsoft systems, experts say. A related lesson: Backup Internet connections don't guarantee protection.
Open Doors
More of these attacks are using paths left open for perfectly valid services. Slammer gained access via "port 1434," tech lingo for a standard entry point for queries to Microsoft database servers. Simply closing that port isn't a viable option, however, as it would disable key business functions.
Most worrisome, Slammer proved that the current "patching" system is sorely inadequate. Microsoft had issued a software patch to foil Slammer in July 2002. Unfortunately, harried systems administrators ("sysadmins" in geekspeak) failed to install it on tens of thousands of machines. That's not as reprehensible as it sounds, since a typical sysadmin may receive dozens of patches each week, and activating them means a time-consuming and annoying reboot. Sysadmins also complain that Microsoft patches sometimes create problems of their own, so many adopt a wait-and-see attitude when the latest one arrives.
Patching on the fly also is problematic. At the height of the Slammer attack, many sysadmins complained of being unable to download the patch. This could have been the result of problems at Microsoft, an overload of demands from harried sysadmins, or because of the broad slowdowns in the Net. Whatever the reason -- or combination of them -- it remains a shame that a patch available to so many was installed by so few.
Good News - And Bad
If any encouragement is to be found in the Slammer attack, it's that computer-security engineers now recognize and respond to attacks far more quickly than was the case before, when invaders like Nimda and CodeRed hobbled the Net. This time, network operators quickly noticed something was amiss, and engineers were able to begin reducing Slammer's impact within two hours of its initial appearance in Hong Kong. Net optimists insist that such responses can only improve, thanks to better coordination and, with any luck, better patching mechanisms.
If that rose-tinted perspective proves false, then history may well regard Slammer Saturday as a grim glimpse of the perilous future that awaits network security , an era when infections spread like wildfire, systems crash, and global commerce is hamstrung. Should that future come to pass, the road to a remedy will undoubtedly by a long, hard, uphill slog.
© 2002 Business Week Online, The McGraw-Hill Cos i/a/w ScreamingMedia, Inc. All rights reserved.
[an error occurred while processing this directive]