A few weeks ago, i was approached by the operators of an independent Web site about a denial-of-service problem. It seems that a user did not take kindly to being banned from posting to the site and, in retaliation, began using a DoS attack known as a “Syn attack” against the site.
Syn attacks use TCP/IP against itself. The attacker tries to initiate a session from a forged, nonexistent IP address. The server tries to respond and holds open a connection request, waiting for a response that will never come. The attacker keeps repeating this, forcing the host to fill up its connection queues, eventually disabling the host. This attack is virtually untraceable and does not require much bandwidth to execute.
The Web site operators dont have much money to work with, so they cant afford intrusion detection systems, firewalls or other devices that will stop this type of attack. Without many options, I started talking to the operating system vendor. This site is running on a version of Linux called Mandrake, marketed by a French company. A clever patch was developed for Linux by Alan Cox. It works quite well but must be compiled into the kernel to operate.
My trip to the Mandrake Web site was, well, interesting. I was unable to determine if this patch is available for the Mandrake version of Linux. The site was filled with self-congratulatory rhetoric and an equal amount of anti-Microsoft propaganda, but very little in the way of technical support and not a single phone number. My attempts to contact anyone who could answer a question about this patch met with failure. Two weeks later, no one had responded to my inquiries.
Two observations: First, if the Linux community wants to realize its incredible promise, it has a lot of growing up to do. Second, much of the content on the Internet is vulnerable due to the inability of Web site operators to either buy appropriate products or acquire software updates.
If you are going into the business of providing Web content, choose your software wisely. Find out about service and support. Look for a company—whether a purveyor of Linux or not—that is dedicated to supporting businesses, not one that is trying to look “cool.” No amount of coolness can protect your data.