杏吧原创

Should service providers pay for net attacks?

An internet lawyer thinks ISPs should pay if they let malicious traffic through their servers

IMAGINE a computer criminal is threatening to mount a damaging attack on your company unless you pay thousands of dollars. The threat, which is becoming increasingly common, comes from 鈥渄enial of service鈥 (DoS) attacks, in which a hacker takes down an organisation鈥檚 website by flooding it with page requests from a network of 鈥渮ombie鈥 PCs infected with 鈥渂ot鈥 viruses.

Can such attacks be stopped? Easily, say some, who argue that an internet service provider should be held legally liable if it allows a DoS attack to take place via its network.

In a DoS attack, a hacker plants a bot virus on PCs, where it lies dormant until it is told to overwhelm a website with millions of page requests or send spam emails. It鈥檚 a lucrative crime. 鈥淵ou can buy a custom-written bot virus on eBay for around $4000 that will evade antivirus software for at least two weeks, giving time to stage a DoS attack,鈥 says Ian Brown of the Communication Research Network, an internet policy group based in Cambridge, UK. Some gambling sites will pay extortionists up to $50,000 to stop an attack because it鈥檚 cheaper than being offline for long, he says.

At a conference in London next week, Lilian Edwards, an internet lawyer at the University of Southampton in the UK, will argue that the attacks could be stopped if ISPs were required to check the contents of the data packets they relay. ISPs can already do this, using a technique called deep packet inspection, so that they can tell the difference between, say, internet phone calls and video downloads, and charge accordingly.

The technique could identify sudden storms of identical page requests, and the ISP could use this information to shut them off, says Edwards. 鈥淭he ISPs have the knowledge, the resources and the power. They control the net traffic and they can detect unusual patterns in that traffic.鈥

The idea will be strongly resisted by ISPs. Malcolm Hutty of the London Internet Exchange, an ISP association, says that to distinguish between malicious data and innocent traffic would be far too expensive. 鈥淔or instance, the public blog at the Internet Governance Forum in Athens was so popular the servers went down, taking many other UN sites with it. That was not a DoS attack 鈥 but it looked like one.鈥

Further problems loom, says Ollie Whitehouse of Symantec Antivirus. Hackers now transmit unencrypted commands to zombie PCs, but if they use encryption the commands will be almost undetectable. 鈥淭hat will make spotting a DoS attack a whole lot harder for an ISP,鈥 he says.