Security threats Toolkit

With ISPs like these, who needs enemies?

Andrew Donoghue ZDNet.co.uk

Published: 06 Dec 2004 13:40 GMT

Question: What have do the CTO of online betting exchange Betfair and the US Government's ex-Cyber-security chief Richard Clarke have in common? Answer: They both think ISPs should be doing more to combat Distributed Denial of Service (DDOS) attacks.

In a recent interview with ZDNet UK Clarke claimed that the number of networks of remotely hijacked Pcs --- so-called Botnets -- being used to deliver DDOS attacks has shot up from around 2000 to 30,000 in the last year. "I think we are going to see companies asking their ISPS to do more. A lot of denial-of-service attacks could be prevented if ISPs co-operated with each other," he said.

Betfair's CTO, David Yu, recently voted Daily Telegraph IT director of the year and a runner up in our very own CNET UK awards, has had first hand experience of the havoc these kind of attacks can wreak. Earlier this year, his and some other online gambling sites fell victim to a coordinated series of DDOS attacks - no laughing matter when your business relies on 24/7 uptime with around 300 transactions being processed per second. For companies like Betfair -- which operate in real-time, changing odds and taking bets right up to the point a horse race or football game ends -- downtime is lost money and lots of it.

Things got so bad that at the height of the attacks, all the sites being targeted opted to forget their competitive differences and concentrate on the best way to combat the common enemy: the hackers and criminals threatening to crash their sites if cash wasn't forthcoming. Yu claims this cross-company coordination was vital in combating the problem.

The idea of companies coming together to form a united defence makes sound business sense. Capitalism is about competition but cooperation between rivals can make sense if it benefits them all equally. But while the gambling sites showed a willingness to cooperate against the DDOS groups not everyone with a part to play in the attacks was as forthcoming.

Yu is insistent that ISPs are a vital link in the chain and their participation in battling the DDOS groups is vital. Despite being pretty happy with his ISP's participation -- Cable & Wireless -- Yu said service providers should be doing more to prevent DDOS attacks. One answer would be proactively filtering or blocking the flood of traffic at source.

But it seems that some ISPs don't share Yu's penchant for reciprocal altruism. When contacted by ZDNet UK reporters last week to gauge their reaction to calls for greater ISP participation in blocking DDOS attacks, BT and, surprisingly given Yu's earlier praises, Cable& Wireless, were pretty dismissive.

The most scathing comments came from John Regnault, head of security technology for BT who when asked if ISPs should be doing more said: "Why should ISPs do something?" "It's very much as if people want something for nothing. This noise is superfluous and silly." Nice.

Just the kind of caring sharing attitude we have come to expect from BT. "It is a question of what a customer is prepared to buy," Regnault added. "There are a number of BT customers who are very happy with the DDoS defence. Perhaps if you are not prepared to pay that, you would jump up and down and say it's the duty of the ISP to do it. Perhaps I would say that it's time to change ISP."