FW: NIPC Advisory 01-021, "Potential DDoS Attacks"

From: George Heuston (georgeh@private)
Date: Mon Sep 17 2001 - 16:48:11 PDT

Next message: T. Sugahara: "US Flags"

Previous message: Zot O'Connor: "[Fwd: FPC-News - Senate OKs FBI Net Spying]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: NIPC Watch
To: nipc.watch@private
Sent: 9/17/01 3:58 PM
Subject: NIPC Advisory 01-021, "Potential DDoS Attacks"
Importance: High

National Infrastructure Protection Center 
"Potential Distributed Denial of Service (DDoS) Attacks" 
Advisory 01-021 
17 September 2001

The National Infrastructure Protection Center (NIPC) expects an increase
in Distributed Denial of Service (DDoS) attacks.  NIPC Advisory 01-020,
"Increased Cyber Awareness" dated September 14, 2001 warned of
threatened vigilante hacking activity against organizations associated
with the perceived perpetrators of the September 11, 2001 terror
attacks. 

On September 12, 2001, a group of hackers named the Dispatchers claimed
they had already begun network operations against information
infrastructure components such as routers.  The Dispatchers stated they
were targeting the communications and finance infrastructures.  They
also predicted that they would be prepared for increased operations on
or about Tuesday, September 18, 2001. 

There is the opportunity for significant collateral damage to any
computer network and telecommunications infrastructure that does not
have current countermeasures in place.  The Dispatchers claim to have
over 1,000 machines under their control for the attacks.  It is likely
that the attackers will mask their operations by using the IP addresses
and pirated systems of uninvolved third parties. 

System administrators are encouraged to check their systems for zombie
agent software and ensure they institute best practices such as ingress
and egress filtering.  The NIPC has made available the "Find DDoS" tool
to determine if your computer has been infected by the most common DDoS
agents.  The tool may be downloaded from the following website: 

http://www.nipc.gov/warnings/advisories/2000/00-055.htm
<http://www.nipc.gov/warnings/advisories/2000/00-055.htm> . 

Additionally, a list of best practices is available from the CERT/CC
website, located at: 

http://www.cert.org/security-improvement
<http://www.cert.org/security-improvement> . 

Recipients of this advisory are encouraged to report computer intrusions
to their local FBI office 
( http://www.fbi.gov/contact/fo/fo.htm
<http://www.fbi.gov/contact/fo/fo.htm> ) or the NIPC, and to the other
appropriate authorities.  Incidents may be reported online at
http://www.nipc.gov/incident/cirr.htm
<http://www.nipc.gov/incident/cirr.htm> .   The .NIPC Watch and Warning
Unit can be reached at (202) 323-3204/3205/3206 or nipc.watch@private

Next message: T. Sugahara: "US Flags"
Previous message: Zot O'Connor: "[Fwd: FPC-News - Senate OKs FBI Net Spying]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:24:54 PDT