When Internet service in a Midwestern school district crashed because of e-mail bombs-huge numbers of duplicate messages blitzed to target addresses to overload systems maliciously-the technology coordinator wanted to alert other districts to the growing potential for such assaults. E-mail bombs, also called "denial-of-service attacks," are easy for anyone to launch, and all schools are vulnerable, he says. While students and others may send e-mail bombs to district users as pranks, they can cripple e-mail accounts, chew up communications bandwidth and close down online applications for everyone.
The added e-mail volume also makes it difficult to sort legitimate messages from those that are bogus, and squanders district time, money and resources. For example, Dan Brenner, assistant superintendent of New York's Roslyn Public Schools says a recent denial of service attack slowed their online systems significantly, and "caused true heartache for the technical staff." Brenner says it took three long nights for the district technology expert Ed Salina Jr. to correct the problems.
But denial-of-service attacks can also be launched from within schools, as illustrated by a case in another New York district, where an assistant principal used e-mail bombs to harass individuals and higher education institutions for a three-year period. His actions caused multiple systems to fail, and deprived thousands of students, faculty and other users of online access.
While most student denial-of-service attacks on schools have been practical jokes, the situation is escalating to dangerous levels. Perpetrators from around the world are using sophisticated online robots and banks of computers to barrage targets with messages. The identities and motivations of these individuals are usually not known, but according to the VeriSign online security company, a flood of messages early this year blocked 1,500 major Web sites. There are also "how-to" denial-of-service tutorials on the Internet, and sites that urge the e-mail bombing of public figures. E-mail bombing is now deadly serious business threatening online communications in all areas of society, including schools.
A recent example is the "Winning Notification" e-mail bomb sent to about 750 K-12 administrators and others in the education field, including me. The four-page message, which stated the recipient won a sweepstakes lottery in Thailand, hit each person 335 times in a 24-hour period, resulting in approximately 250,000 messages and a million pages of text polluting the Internet.
The e-mail bomb is becoming a common weapon of war against Internet hosts, being sent by spammers, con artists and others who seek to interfere with the Internet, and schools can be caught in the crossfire. It is therefore crucial that your computers are armed with up-to-date operating systems, spam and virus filters, and firewalls to reduce the risks. It is also important to alert service providers to try and block offending sites-as I did in the recent attack-and never reply to such messages, which only intensifies assaults.
Districts also need acceptable use policies that explicitly prohibit the sending of e-mail bomb messages inside or outside the schools. The resources below offer useful district models and information for your staff and students. DA
Odvard Egil Dyrli, firstname.lastname@example.org, is
senior editor and emeritus professor of education at the University of Connecticut.