This article (question) was written (answered) by Jerry Carson, in the "Ask the Expert" column. This article appeared in the March 2000 WYSIWYG newsletter.
Internet Security
by Jerry Carson
As of this writing they still haven't caught the hackers responsible for the recent "denial of service" (DOS) attacks. Note: the DOS attacks do NOT have anything to do with the Disk Operating System (DOS), they just happen to have the same acronym. Let me start by trying to explain exactly what a DOS attack is.
Web sites are designed to handle requests for information (hits). Most popular webs sites can easily handle millions of hits a day. In a DOS attack hackers generate hits faster than the web site can handle them. These hits prevent normal users from being able to get through with their requests. It's kinda like an Internet busy signal. The way the hacker generate these hits is to first break into a number of smaller systems. Universities, small companies, anything with an Internet connection. Then they direct all the systems to hit the same web site at the same time. It's like having thousands of people trying to dial the same number all at the same time.
The way to correct the problem is to identify the infected systems and ignore the requests coming from them. Not quite as easy as it sounds because the hackers may route the requests through a number of different sites before it ends up at the target. Once a web site ignores the bogus hits, the attackers simply change targets and the whole process starts again.
Now the good news. Once infected systems are identified, it is fairly easy to remove the hackers' access. Of course, you need to improve security so they can't just break right back in. Another piece of good news. No data is actually given to the hackers nor can they delete or change data on the system. Users just can't get access for a while. This can be serious for online trading but not nearly as bad as if hackers get sensitive information or wipe out records. Finally, Are you safe? Well unless you're a large company (very large) you are not likely to come under attack yourself. I would make sure that I have an alternate means of communicating with any web company that I relied on heavily (like online trading or banking). Also, as a result of these attacks, many companies are taking security more seriously and you can expect better security. The web is not 100% safe, but then neither is any non-web business.
End of Article