George Mason Computer Network Was Attacked

Posted: September 18, 2000 at 1:00 am, Last Updated: November 30, -0001 at 12:00 am

By Emily Yaghmour

In late July, the university’s intranet or LAN system was affected by what network administrators call distributed denial-of-service attacks. The attacks caused users either to lose connection altogether to the LAN or to experience delays when connecting to the network. The attacks, however, did not cause damage to equipment, and network administrators in University Computing and Information Systems (UCIS) corrected all problems associated with the attacks within a couple of days.

Distributed denial-of-service attacks emanate from multiple directions and are more difficult to detect and defend against than simple denial-of-service attacks, says John Hanks, UCIS manager of network engineering. In a distributed denial-of-service attack, a hacker operating from a “master” computer (or computers) contacts several computers on a given network and loads the attack tools on those machines. Like time bombs, the tools may then be set to unleash an attack at any given time.

In the end, the attacks were launched from only three or four machines, but Hanks found that several additional campus machines were receiving data from the same off-campus systems that appeared to be orchestrating the attacks. He removed all of the systems involved in the attacks from the network. By now, most of them have been rebuilt and brought back into service, but a couple of machines remain in quarantine, says Hanks. One system was confiscated and is being used to aid in the ongoing criminal investigation by University Police.

The campus computers involved in the attacks were all Unix systems, Hanks says. They were located in several places on the Fairfax Campus, including WebSTAR, some of the labs in the Science and Tech buildings, and the library systems office. So far, the university has no suspects. Because the attacks were instigated remotely, there’s no reason to suspect that anyone from the George Mason community was involved.

Hanks has installed a filter on the network to help detect traffic between campus machines and the off-campus systems that were involved in the July attacks. Unfortunately, precautions like this cannot guard against distributed denial-of-service attacks from other sources, nor can they protect against the garden-variety denial-of-service attacks, such as the one that occurred in late August through a machine in a Science and Tech I computer lab.

One of the ways the university plans to help prevent future denial-of-service attacks is by building awareness across the university of ways individuals can secure their machines from intruders, says Hanks. This will be one of the responsibilities of the newly created position of chief information security officer, for which the university is currently accepting applications. In addition, says Hanks, the university plans to purchase intrusion detection software as well as “scanning” software, which Mason’s network administrators can use to try to detect security weaknesses in machines across the university.

Write to at