"Smurf" attack hits Minnesota
By Paul Festa
Staff Writer, CNET NEWS.COM
March 17, 1998, 5:25 p.m. PT
University of Minnesota computer
networks suffered a "denial of
service" attack today that caused data
loss and slow connections throughout
the entire state.
The attack came at 11 a.m. CT and
lasted more than an hour, according to
the university, though some targets
reported feeling the affects earlier
and for a longer duration.
Aimed at the university, the attack
set off a chain reaction throughout
the state, shutting down some
computers entirely and in other cases
causing data loss and network
slowdowns.
It "created a cyber-traffic jam," UMN
security incident response coordinator
Susan Lezy-Haskell said in a
statement. "Users had difficulty
accessing their servers and/or felt
slowness in the system. A small number
of people were totally shut down. It
was necessary to down the connection
to the University of Minnesota's
Crookston campus, which was the target
of the attack."
David Bergum, senior network engineer
at MRNet, which claims to be the
state's largest Internet service
organization, said his network was
severely affected.
"We had about 2-1/2 hours of severely
degraded service, with 30 percent or
more packet loss to certain places,"
he said. "Ten percent packet loss is
noticeable, and 30 percent is pretty
terrible."
According to Bergum and a statement
released by the university, the attack
was of the kind known as a "smurf
denial of service" attack. The subject
of a January advisory by the Computer
Emergency Response Team (CERT), the
attack floods the targeted network
with replies to bogus "ping" packets.
Ping packets are sent to elicit
response from networked computers. In
a "smurf" attack, the attacker
specifies the targeted computer as the
ping packet's return address and sends
out enough requests to guarantee a
deluge of responses.
The attack affected MRNet because the
ISP has a cooperative agreement with
the university to share bandwidth
provided by MCI Communications and
Sprint, according to Bergum.
Because MRNet was affected, so too
were the Fortune 500 companies, small
businesses, and nearly all of the
state's private colleges that are
MRNet customers.
"We had to take our site down," said
Gary Shade, president of Web design
and hosting firm and MRNet client
Shade's Landing. Shade said his
company had felt effects of the attack
as early as 10 a.m. and continued to
suffer system overload well into the
afternoon.
Today's attack is the second in the
last two weeks for the University of
Minnesota. The university was also a
target in the denial of service attack
that hit NASA, the Navy, and
university campuses nationwide earlier
this month.
As part of its January advisory, CERT
posted recommendations on preventing
smurf attacks.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated
Received on Wed Mar 18 05:17:50 1998