Thanks to safeguards installed several months ago, it's unlikely that any computers at Cornell played a significant role in the recent attacks on popular Internet sites, said Kevin Unrue, Cornell's security coordinator.
"We had some episodes last summer that caused our network management to install filters to prevent our computers from being used for a number of common denial-of-service techniques. More recently, mechanisms have been put into service that limit the rate at which the kinds of signals hackers abuse can be sent from campus. It makes Cornell a relatively unattractive site for hackers," Unrue said.
Nevertheless, he added, network administrators are checking university computers to see if there is any evidence of intrusion, and logs are being examined to see if there was an unusual amount of traffic to any of the sites that were attacked. This is a fairly slow process because it has to be done by someone sitting in front of each computer, he said.
The recent attacks on Yahoo!, CNN, eBay and other popular Internet sites were what is called "denial-of-service" (DoS) attacks, in which literally millions of signals are sent to a site every second, overloading connections and making it impossible for legitimate users to log on. It's believed the attackers did this by hacking into many computers all over the Internet and installing programs that automatically woke up and began sending signals at prearranged times. The FBI has said computers at businesses and universities probably were used, because these computers have high-speed connections to the Internet and are on 24 hours a day.
Cornell computers were victimized by an unpublicized denial-of-service attack last summer. As a result, Unrue said, the university installed programs to detect traffic that matches the signature of a number of common DoS attacks and block them and placed limits on the rate at which some signals can be sent. These limits will have little or no impact on legitimate traffic, he said, but will block high volume outgoing traffic characteristic of an attack from a Cornell source. "As a result of the attacks last summer, we took a look at the whole subject of denial-of-service attacks and took measures to protect ourselves and also to prevent someone outside of Cornell using our computers to attack someone else outside," Unrue said. "It makes us a friendly neighbor."
The FBI has not contacted Cornell in connection with the recent attacks, Unrue said. "Everything we've done has been entirely proactive," he said. "But I want to emphasize that we do cooperate with law-enforcement agencies if we are contacted."
| Cornell Chronicle Front Page | | Table of Contents | | Cornell News Service Home Page |