Distributed computing is a powerful tool. And although distributed computing isn't new in the mainframe world, it is new in the PC arena when it comes to low-end applications. One of the more popular means of distributed processing is a methodology where individual PCs work together to process data from a centralized database. This approach spreads the processing load over numerous machines instead of one machine with several CPUs. The methodology quickens the overall processing time because no one machine or CPU has to process all the data.
Distributed.net helped popularize this technique on PCs by developing software to crack encryption keys. Distributed.net hosts various encryption-cracking contests, such as the current RC5 challenge (go here for details). In a nutshell, the company's key-cracking software can run on any number of individual PCs; the software pulls a data set from a central database, processes that data on the local PC, and sends the results back to the central database-processing center.
Black hat computer users have taken an interest in distributed processing. Why? Distributed processing lets these black hats take down a giant network with relative ease. They can muster the bandwidth and processing resources of numerous networks to launch an attack against another network or machine. In most instances, the attack quickly overpowers the network or machine, knocking the network or machine out of service because it can't handle the overwhelming processor and bandwidth loads.
Without distributed processing, denying service to a remote network would be incredibly tough in most cases. You'd either have to know of a software bug that eats all available CPU cycles on the target machine, or you'd have to have more bandwidth and processing power than the target network. But with distributed denial of service (DoS) attack techniques, those factors have become moot.
When I turned on the news this morning, I saw a headline story that informed me Yahoo's site was down because of a massive DoS attack. I was amazed that a DoS attack made national headline news. I was even more amazed that people think that a DoS attack is news in the first place.
DoS attacks are as old as computers. The only thing new about the attack against Yahoo is that the attack successfully took down Yahoo's network, which has mammoth amounts of bandwidth and processing power. At the height of the attack, Yahoo received more than 1GBps of traffic. That's a huge amount of traffic by any standard. In all probability, the attack was a distributed attack because of the amount of bandwidth involved.
So, how do you prevent this type of distributed attack? In most cases, it's incredibly difficult, if not impossible, to defend against distributed DoS attacks. Today's hardware and software are not equipped to fend off such attacks. Although some firewall systems and back-end services can prevent a few types of well-known DoS attacks, they have not proven they can stand up against even a lightweight distributed attack.
The problem appears to be manifold. New developments must address all aspects of networking--from the network border hardware to the back-end applications--to prevent outages before we can fend off such attacks. Servers need faster processors in greater numbers, applications need better user-session filtering, and network hardware needs faster CPUs and improvements to the software code base.
Until these developments happen, networks are easy targets. But even with improved hardware and software, DoS attacks will still boil down to a war of bandwidth, where the person with the most bandwidth almost always wins. And, with distributed processing attack methods, pipe size has no upper limit for the intruder.
I don't see a definitive solution for preventing distributed DoS attacks in our near future. I do see that cyber-terrorism has, in fact, arrived, and it's riding on the coattails of distributed processing. Until next time, have a great week.