<Picture>Using the same kind of attack that shut down the New York-based
Panix Internet service last week, computer hackers are bombarding at
least two online chess sites, CNET learned today.=20
The hackers began their assault Thursday, using an attack known as a
"SYN flood," which is basically a series of connection requests. They
stopped over the weekend, but launched it again today, said Daniel
Sleator, a computer science professor at Carnegie Mellon University and
president of the Internet Chess Club, a subscription-based chess
service.=20
This kind of attack is becoming more commonplace, worrying Internet
providers and users alike. Hacker publications even have published
"how-to" guides on the technique, which exploits a basic weakness in the
Internet's architecture.=20
"This is not a tough thing to do," one online chess club subscriber said
today. "That's part of the problem."=20
With a SYN flood attack, hackers don't actually get into the system.
Instead, they send out a flood of bogus connection requests that clog
the system and prevent real users from getting on. To use an analogy,
the hackers basically block the front door, Sleator said.=20
Hackers shut down the Internet Chess Club for 20 hours Thursday and
Friday and had shut it down again for six to seven hours today before
Sleator temporarily foiled the hack, he said.=20
Sleator said the service has received "thousands of complaints,
continuous complaints. Thousands of people want to use the service and
they can't."=20
Hackers also attacked the Free Internet Chess Server on Friday, Sleator
said.=20
Stopping the attack can be difficult. Sleator had tried the same methods
as Panix to stop the attacks, but they didn't work for the chess club.
Instead, he temporarily outfoxed the hackers tonight by essentially
creating 100 doors for Internet Chess Club members to use instead of
two.=20
Now he has to inform all the users to change the way they get into the
club, which is "quite inconvenient."=20
Why, anyone would attack online chess services is anyone's guess. "I can
only speculate," Sleator said. "There are a number of possible reasons."
It could be in retaliation for charging a membership fee, he said.
"We're one of the first sites on the Internet to charge fees," Sleator
said. "We started charging $49 a year back in March 1995 and that
created a lot of animosity.=20
It could be someone who has a vendetta against the site, such as an
angry member booted off for using offensive language.=20
<Picture>Copyright =A9 1996 CNET Inc. All rights reserved. =20
=20
http://www.news.com/News/Item/0,4,3520,00.html