Third of UK businesses at DDoS risk

A third of all UK businesses will be hit by a distributed denial of service (DDoS) attack during 2002, resulting in £54m in lost revenue.

DDoS attacks have long been a headache for online firms because their disparate nature makes them almost impossible to defend against.

Estimates by security firm Webscreen Technologies suggest that such attacks could cost the UK more than £270m by 2005.

Denial of service tools, such as Trin00, Tribe Flood Network and Stacheldraht, are readily available on the internet, and are easy to use.

And given the apparent number of script kiddies that have the ability to break into machines and install these tools, getting an army of zombie machines together is becoming child's play.

From a hacker's central controlling computer, the zombie machines are directed to send a stream of dud packets to the target machine, clogging up its bandwidth and knocking it offline or causing it to crash.

In the past big names such as eBay, Yahoo and Amazon have been knocked out in this way. In January this year UK internet service provider (ISP) Cloud Nine was forced to close permanently following a DoS attack, and in the same month ISP Tiscali suffered considerable disruption.

Gary Milo, managing director at Webscreen, said: "It is very easy to remain anonymous when launching an attack as the DDoS networks reside on PCs without the knowledge of their owners.

"This means that anyone from kids to dissatisfied customers or disgruntled employees now have the power to cause havoc on a global scale.

"Existing security measures don't protect [against] DDoS attacks and they're the fastest growing threat to internet security.

"Firewalls don't fully protect against them and, as Cloud Nine discovered to its cost earlier this year, without specialist equipment these attacks are almost impossible to detect until it's too late."

Webscreen has been developing a filter that sits in front of the web server and is designed to sift attack data from genuine requests.