Attackers Knew Our Weaknesses Claims Yahoo! Network Engineer | Linux Today

Attackers Knew Our Weaknesses Claims Yahoo! Network Engineer

Written By
Web Webster
Web Webster
Feb 13, 2000

By Brian
McWilliams

InternetNews.com Correspondent

New information released by Yahoo! suggests some of the denial
of service attacks on Web sites over the past week may have come
from sophisticated attackers with knowledge of each site’s
network.

In a message sent Thursday to other Internet service providers
and to the Computer Emergency
Response Team
(CERT), Yahoo! (YHOO)
network engineer Jan B. Koum concluded that the attackers were
“above your average script kiddie” and “knew about our topology and
planned this large scale attack in advance.”

According to Koum, the 1-gigabits-per-second flood of requests
directed at one of its routers Monday appeared to originate from
attackers who were expert not only in Unix and networking, but also
the unique vulnerabilities in Yahoo!’s and other victim’s
networks.

“In talking to other companies it seems they also were hit
`where it hurts” the most,'” said Koum, who also apologized for not
disclosing the firm’s findings sooner, but explained that “we
needed to be sure we are well protected first.”

Yahoo!’s analysis appears to refute recent comments by some
security experts that the attacks could have been launched by
teenage pranksters. Even Ronald Dick, chief of the computer
investigation and operations section of the FBI’s National Infrastructure Protection
Center
, said Wednesday that the availability of denial of
service utilities means “any 15-year-old” could have marshaled the
attacks, which brought outages or crippled performance to a half
dozen sites.

Elias Levy, chief technology officer for security information
firm SecurityFocus.com,
praised Yahoo! for sharing its analysis and defense strategies with
the Internet community. But he cautioned against concluding that
the attacks were perpetrated by professional computer criminals —
or even worse, by someone with inside information about the
victim’s networks.

“Whoever did it had the presence of mind to learn about Yahoo!
and its points of failure. That doesn’t make the attack
sophisticated, but it does tells us that whoever did it was very
premeditated,” said Levy.

Michael Monson, a security engineer with InterSec Communications, a computer
security instruction and auditing firm, said targeting a vulnerable
router rather than an entire Web site requires no more technical
sophistication than being able to use traceroute, a basic
networking tool.

“I definitely think a script kiddie could have pulled it off. It
doesn’t take a tremendous amount of expertise to do this,” said
Monson.

Yahoo! officials were not immediately available to confirm
whether they were treating the attacks as an inside job.

Yahoo!’s report also suggests that a variety of DoS attacks have
been aimed at victims. While Yahoo! said it experienced a
distributed denial of service attack, the company said other sites
had reported being hit by single-source DoS attacks. “One would
assume there has been a fair amount of copycat activity,” wrote
Yahoo!’s Koum.

A total of four DoS attacks were directed at Yahoo! over the
course of the week, according to the company. But subsequent
attacks had little effect because of measures taken by its upstream
Internet service provider, GlobalCenter, to limit damage. Those
actions included throttling all forms of ICMP at GlobalCenter’s
border routers.

Related Story:
LWN: DDOS
Attack Mitigation
(Feb 12, 2000)

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.