ComputerWorld: Update: Mafiaboy a copycat; attacks could have been stoppedApr 21, 2000, 00:43 (2 Talkback[s])
(Other stories by Ann Harrison)
"The Canadian teen-ager known as Mafiaboy, who was arrested this week (see story) in connection with an attack against the CNN Web site in February, is an amateur who simply copied tactics used by far more sophisticated attackers who may never be caught, security analysts say."
"Davis said another piece of the problem lies with the fact that Internet service providers (ISPs) and other outfits that make up the Internet backbone aren't using Ingress filtering, which prevents packet spoofing. The denial-of-service attacks defeated many defenses because the packets flooding targeted servers appeared to be coming from a legitimate source. Ingress filtering can determine if a packet was indeed sent from that location, and if its address is spoofed, it's stopped at the router."
"But Michael Lyle, chief technology officer at Recourse Technologies Inc. in Palo Alto, Calif., noted that this type of filtering affects network performance. In addition, the database for IP addresses isn't always accurate and could result in a loss of legitimate network traffic. "Databases need to get better and there needs to be better tools for putting together filtering lists for different service providers automatically," said Lyle."