Monday, Sep. 30, 1996

PANIX ATTACK

By JOSHUA QUITTNER

It was Friday night, and Alexis Rosen was about to leave work when one of his computers sent him a piece of E-mail. If this had been the movies, the message would have been presaged by something dramatic--the woo-ga sound of a submarine diving into combat, say. But of course it wasn't. This was a line of dry text automatically generated by one of the machines that guard his network. It said simply, "The mail servers are down." The alert told Rosen that his 6,000 clients were now unable to receive E-mail.

Rosen, 30, is a cool customer, not the type to go into cardiac arrest when his mail server crashes. He is the co-founder of Panix, the oldest and best-known Internet service provider in Manhattan. Years before the Net became a cereal-box buzz word, Rosen would let people connect to Panix free, or for only a few dollars a month, just because--well, because that was the culture of the time. Rosen has handled plenty of mail outages, so on this occasion he simply rolled up his sleeves and set to work, fingers clacking out a flamenco on the keyboard, looking for the cause of the glitch. What he uncovered sent a chill down his spine--and has rippled across the Net ever since, like a rumor of doom. Someone, or something, was sending at the rate of 210 a second the one kind of message his computer was obliged to answer. As long as the siege continued--and it went on for weeks--Rosen had to work day and night to keep from being overwhelmed by a cascade of incoming garbage.

It was the dread "syn flood," a relatively simple but utterly effective means for shutting down an Internet service provider--or, for that matter, anyone else on the Net. After Panix went public with its story two weeks ago, dozens of online services and companies acknowledged being hit by similar "denial of service" attacks. As of late last week, seven companies were still under furious assault.

None of the victims have anything in common, leading investigators to suspect that the attacks may stem from the same source: a pair of how-to articles that appeared two months ago in 2600 and Phrack, two journals that cater to neophyte hackers. Phrack's article was written by a 23-year-old editor known as daemon9. He also crafted the code for an easy-to-run, menu-driven, syn-flood program, suitable for use by any "kewl dewd" with access to the Internet. "Someone had to do it," wrote daemon9.

That gets to the core of what may be the Net's biggest problem these days: too many powerful software tools in the hands of people who aren't smart enough to build their own--or to use them wisely. Real hackers may be clever and prankish, but their first rule is to do no serious harm. Whoever is clobbering independent operators like Panix has as much to do with hacking as celebrity stalkers have to do with cinematography. Another of the victims was the Voters Telecommunications Watch, a nonprofit group that promotes free speech online. "Going after them was like going after the little old lady who helps people in the neighborhood and bashing her with a lead pipe," says Rosen.

Rosen was eventually able to repulse the attack; now he'd like to confront his attacker. Since some of these Netwits don't seem to know enough to wipe off their digital fingerprints, he may get his wish.

Read the Netly News daily at netlynews.com on the World Wide Web