Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Google brings Buzz social networking to Gmail, mobile
Virginia firm files encryption lawsuit against tech giants
Most smartphones now have touchscreens, research finds
Five Ways Early Adopters Have Been Screwed
Google Nexus One fee cut follows broad FCC inquiry
NASA Endeavour set to dock with, expand International Space Station
Cisco, Juniper push new mobility-focused products
Startup links VMware with Amazon to create secure cloud storage
Adobe apologizes for 16-month-old Flash bug
Juniper execs share network vision
Planning for virtualization? Beware of server overload
US National Climate Service to manage world of climate change
Google tries to make Gmail more like Facebook, Twitter
'Rugged Manifesto' promotes secure coding
Security /

Windows XP could unleash wave of DoS attacks

Related linksToday's breaking news
Send to a friendFeedback

By Sam Costello
IDG News Service, 06/06/01

Windows XP, Microsoft's forthcoming operating system, has the potential to escalate denial-of-service attacks to a level never before seen, according to a computer security researcher.

Windows XP, set to be released on Oct. 25, is more open to being used in denial-of-service attacks than previous versions of Windows because Microsoft has fully implemented a networking technology called Unix Sockets, according to Steve Gibson, founder and owner of Gibson Research, a computer security product maker.

Unix Sockets, long a standard part of Unix operating systems, has only recently been fully included in Windows, starting with Windows 2000 and now in XP, Gibson wrote, in a piece on his Web site about denial-of-service attacks that had been launched against his company by a 13-year-old.

Denial-of-service attacks can disable a Web server or other type of computer by bombarding it with a high volume of fake requests for information, causing the target computer to crash or become so overloaded that it grinds to a halt.

The implementation of Unix Sockets is troubling, Gibson wrote, because it is frequently used in two aspects of denial-of-service attacks. The first is falsifying IP addresses using a technique called "spoofing," which makes the source of an attack harder to pinpoint. The second is allowing computers to flood other computers with certain types of traffic, in this case, the kind of TCP packets that can bring down Web servers.

Using Unix Sockets in a consumer operating system like Windows XP is particularly dangerous because the combination of users who are not security experts, an insecure operating system and broadband Internet connections will likely lead to "an escalation of Internet terrorism the likes of which has never been seen before," Gibson wrote.

Windows XP systems will be targets for hackers to take over and use in denial of service and distributed denial-of-service attacks (attacks in which multiple computers worldwide are taken over and used in an attack) because they will be both powerful and easy to break into, Gibson wrote. Computers can be taken over, or primed for use in such attacks, without their owners even knowing. Worms, such as those spread through e-mail, can contain hidden code that will allow a hacker access to the system when they want to launch a denial-of-service attack.

When married with high-speed Internet connections, Windows XP systems could be used to launch a denial-of-service attack against which "the historical problems with Internet attacks promise to pale in comparison," Gibson wrote.

Denial-of-service attacks have plagued the Web for years, though they came to prominence early last year when a series of such attacks were launched against major commercial sites, including Yahoo.com, Amazon.com and eBay.com. A recent study by researchers at the University of California San Diego found that more than 4,000 denial-of-service attacks are launched each week against companies and individuals.

Microsoft, however, called Gibson's charges "drastically overblown," in the words of Steve Lipner, manager of the company's security response center. Windows has always had some of the functionality Gibson is talking about, Lipner said. Additionally, DoS attack effectiveness is not as much a function of operating systems as the programs used to launch them, he said. Programs running on any operating system can be written to perform such attacks, he added.

Though Windows XP can be used to launch denial-of-service attacks, and can spoof IPs as Gibson charged, adding security features to the operating system was a better idea than removing features, Lipner said. Spoofing IPs can have legitimate purposes, such as for firewall testing and some other network operations.

Included in the operating system are such new security features as a personal firewall; a security application that can help stop intruders and DoS attacks that is configured automatically when a PC is hooked up to the Internet; user-definable policies to keep certain kinds of code from running on the machine; and modifications to the Outlook e-mail client designed to prevent e-mail worms from spreading, Lipner said.

Gibson and Microsoft have conducted a dialog over e-mail about these issues and essentially agreed to disagree, Lipner said.

Gibson arrived at his position after his site was attacked, prompting him to focus on what Windows didn't do, as opposed to what it did do, according to Lipner. "He's more focused on the mechanism than the effect," he said.

Chris Le Tocq, principal analyst with Palo Alto's Guernsey Research, said it's difficult to gauge the accuracy of Gibson's claims. However, to the extent that Gibson raised awareness of security issues and techniques for consumer operating systems, Gibson has done a good thing, Le Tocq said.

Though Le Tocq agrees with Gibson that the danger posed by automated attack programs and always-on broadband connections is serious, Windows XP's personal firewall - which functions more like an intrusion detection system than a true firewall, a distinction Gibson has helped highlight - will likely block 80% of attacks, he said.

In the end, Le Tocq said, Gibson's statements should help raise awareness of security issues for consumers. Now, end users just have to make sure their computers are as secure as possible.

Gibson Research, in Laguna Hills, Calif., is at www.grc.com
Microsoft, in Redmond, Wash., is at www.microsoft

The IDG News Service is a Network World affiliate.

Related Links

 
NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.