Homeland Security

ZDNet is the leading Web destination for people who want to buy, use and learn about technology. In January, it ranked 15^th among all Web properties, with 10.7 million unique monthly visitors.

In February 2000, ZDNet experienced two Denial of Service (DoS) attacks, both lasting between two and three hours. The first one occurred on February 9, from 7:11 a.m. to 9:43 a.m EST. The second one occurred on February 20, from 7:05 a.m. to 9:12 a.m. EST. Both the symptoms of the two attacks, and the measures taken by ZDNet and GTEI/BBN, the hosting company that manages its systems and connectivity, were identical. Following is an overview of the first attack:

Denial of Service attacks are designed to deny the use of a particular Web service to a group of users, in ZDNet's case its more than 1 million daily visitors. DoS attacks do not fit the traditional definition of a "hacker" attack, in that computers and servers are not broken into, data assets are not corrupted, and privacy is not compromised.

ZDNet was effected by the most common kind of DoS attack, the SYN FLOOD. During a SYN FLOOD attack, people attempting to visit Web sites are unable to retrieve pages, as the Web provider's servers are overwhelmed with an enormous influx of page requests from bogus sources, which cannot be processed. During the two attacks on ZDNet, affected sites received 50 to 100 times the amount of Web traffic than its servers could sustain under peak load. The servers ran out of resources and were incapable of responding to normal requests.

Because advertising is ZDNet's primary revenue stream, it does not expect these attacks to have a financial impact, unlike some of the other affected sites, which derive a significant portion of their revenues from online transactions. ZDNet's advertising clients have been supportive. In addition, the two attacks have not had significant impact on ZDNet's daily traffic, perhaps because of the national DoS news coverage during the first attack, for which ZDNet's audience typically turns to its sites for information, and because the second attack occurred during a holiday weekend.

ZDNet regrets the loss of service to its visitor base, and joins other Web businesses in its concern for the protection of the Internet's integrity. After its first attack, ZDNet joined a grassroots coalition including other top Web sites effected, for the purpose of sharing information with hosting companies like GTEI/BBN, and the FBI.

The success of the Internet is critical to the nation's economy. Internet businesses recognize the importance of working together to nurture the Web's development, and to build infrastructure security solutions that will protect against infractions like DoS attacks. The Internet is a unique industry, in that competing Web businesses are cooperating to raise the bar for the Web's performance, development, security and protection.

The private sector has the expertise to help address computer crime and thus should be primarily responsible for Internet protection at this early stage of the industry's development.

While the government should not be responsible for protecting the Internet's infrastructure, it should continue to prosecute the parties responsible for Internet-related crimes like DoS attacks. We appreciate the government's active role in collecting and sharing information to help identify the perpetrators and in providing that information, when appropriate, to Web businesses as they work to protect themselves.

# # #