Routers surpass servers for hacker attacks

As security experts have suspected for some time, denial of service (DoS) attack methods are changing, and this time the heat is on the lowest level of network infrastructure - the routers.

A paper released this week by CERT analyses the changes in DoS attack methods and reveals a new twist.

Hackers, crackers and cyber-vandals are increasingly getting into routers rather than servers and desktop PCs. The reason? CERT found that router administration was typically sloppier even than the security on servers.

The research found that in 2001, advances in intruder automation techniques have led to a steady stream of new self-propagating worms. Some of which, such as Nimda and Code Red, have been used to deploy DoS attack technology.

As if this didn't add enough to the problem, the control mechanisms for DDoS (Distrubuted Denial of Service) attack networks are changing to make greater use of Internet Relay Chat (IRC) technology too.

CERT also found that the impact of DoS attacks is causing greater collateral damage, boosted by the fact that widespread automated propagation itself has become a vehicle for causing denial of service.

The research painted a bleak picture for the future. "Evolution in intruder tools is a long-standing trend and it will continue," said CERT. "And, DoS attacks by their very nature are difficult to defend against and will continue to be an attractive and effective form of attack."

The organisation said that automation of attack tool deployment and ease of management will continue to be areas of focused evolution for DoS tools.

"It is also likely, at least in the short term, that advancements in DoS attack technology will take shape in the form of protocol-specific attacks, such as attacks on routing protocols, rather than as significant innovations in basic characteristics of packet flooding streams," said CERT.

But CERT was not able to provide any solutions to the issues it discusses, instead putting the onus on the users to "evaluate how security policies, procedures, and technologies may need to change to address the current trends in DoS attack technology."

"While DoS attack technology continues to evolve, the circumstances enabling attacks have not significantly changed in recent years," said the report. "DoS attacks remain a serious threat to the users, organizations, and infrastructures of the internet."