[ISN] "Potential Distributed Denial of Service (DDoS) Attacks"

From: InfoSec News (isnat_private)
Date: Tue Sep 18 2001 - 01:05:07 PDT

  • Next message: InfoSec News: "[ISN] CSI 28th Annual Early-bird Deadline Extended"

    ADVISORY 01-021
    "Potential Distributed Denial of Service (DDoS) Attacks "
    The National Infrastructure Protection Center (NIPC) expects an
    increase in Distributed Denial of Service (DDoS) attacks. NIPC
    Advisory 01-020, "Increased Cyber Awareness" dated September 14, 2001
    warned of threatened vigilante hacking activity against organizations
    associated with the perceived perpetrators of the September 11, 2001
    terror attacks.
    On September 12, 2001, a group of hackers named the Dispatchers
    claimed they had already begun network operations against information
    infrastructure components such as routers. The Dispatchers stated they
    were targeting the communications and finance infrastructures. They
    also predicted that they would be prepared for increased operations on
    or about Tuesday, September 18, 2001.
    There is the opportunity for significant collateral damage to any
    computer network and telecommunications infrastructure that does not
    have current countermeasures in place. The Dispatchers claim to have
    over 1,000 machines under their control for the attacks. It is likely
    that the attackers will mask their operations by using the IP
    addresses and pirated systems of uninvolved third parties.
    System administrators are encouraged to check their systems for zombie
    agent software and ensure they institute best practices such as
    ingress and egress filtering. The NIPC has made available the "Find
    DDoS" tool to determine if your computer has been infected by the most
    common DDoS agents. The tool may be downloaded from the following
    Additionally, a list of best practices is available from the CERT/CC
    website, located at: http://www.cert.org/security-improvement. 
    Recipients of this advisory are encouraged to report computer
    intrusions to their local FBI office
    or the NIPC, and to the other appropriate authorities. Incidents may
    be reported online at http://www.nipc.gov/incident/cirr.htm. The NIPC
    Watch and Warning Unit can be reached at (202) 323-3204/3205/3206 or
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 03:02:58 PDT