RE: NIPC Daily Report 6 November 2001

From: Steve Nichols (steven@private)
Date: Wed Nov 07 2001 - 17:52:04 PST

  • Next message: Bromley, Gareth ( PSO ): "RE: Tracking Spoofs"

    If anyone is interested, I met the CTO, Dr K. Narayanaswamy of Cs3 at the
    ISPcon last month.
    We are going to test out the unit. It's a nice piece of hardware.
    It scan's outgoing, allowing me to free up some acl's and memory on my
    cisco's.
    I will no longer have to scan my outbound on my hssi ports.
    you can join the test consortium here.
    http://www.cs3-inc.com
    The cost for the firewall is around $2000 ( show special price $ 1200-1400
    ( mention IPSCon and you'll get a good deal ))
    
    Private Sector - Using funding from the Defense Advanced Research
    Projects Agency (DARPA), security technology firm Cs3 is looking at the
    concept of reverse firewalling, or keeping the flood of data from a DoS
    attack dammed up at the source.  The Reverse Firewall works by filtering
    the outgoing packets from a network. The difference between a legitimate
    application that uses high bandwidth and a packet flooding attack is
    that, in the former case, the machine at the other end of the
    conversation is participating in a two-way conversation. In the case of
    a DoS attack, the exchange is one sided.  (Source: Vnunet, 6 November)
    
    Steve Nichols
    Internet Manager
    
    
                       VALLEY INTERNET COMPANY
                    1709 NE 27th Street, Suite C
                      McMinnville, Oregon 97128
               503-565-5030 or 800-909-9078 (toll-free)
         "Pay no attention to the folks behind the curtain..."
       PGP: www.viclink.com/~steven/steven.nichols.pgp.txt
    
    -----Original Message-----
    From: owner-crime@/var/spool/majordomo/lists/crime
    [mailto:owner-crime@/var/spool/majordomo/lists/crime]On Behalf Of George
    Heuston
    Sent: Tuesday, November 06, 2001 4:58 PM
    To: 'crime@private'
    Subject: FW: NIPC Daily Report 6 November 2001
    
    
    
    
    -----Original Message-----
    From: NIPC Watch
    To: daily
    Sent: 11/6/01 7:25 AM
    Subject: NIPC Daily Report 6 November 2001
    
    NIPC Daily Report, 6 November 2001
    
    NOTE:  Please understand that this is for informational purposes only
    and does not constitute any verification of the information contained in
    the report nor does this constitute endorsement by the NIPC or the FBI.
    
    Significant Changes and Assessment - No Significant Changes
    
    Private Sector - Using funding from the Defense Advanced Research
    Projects Agency (DARPA), security technology firm Cs3 is looking at the
    concept of reverse firewalling, or keeping the flood of data from a DoS
    attack dammed up at the source.  The Reverse Firewall works by filtering
    the outgoing packets from a network. The difference between a legitimate
    application that uses high bandwidth and a packet flooding attack is
    that, in the former case, the machine at the other end of the
    conversation is participating in a two-way conversation. In the case of
    a DoS attack, the exchange is one sided.  (Source: Vnunet, 6 November)
    
    Tools used to detect computer viruses and stop malicious hack attacks
    may not be as effective as they could be because they lack the human
    touch.  Security experts contend that protecting computers from
    people-created plagues and problems requires technology based on human
    biology and behavior. Two new security programs use what science knows
    about humans' physical and psychological makeup to protect computers
    from people.  TASC's eDNA program identifies and stops malicious
    programs such as viruses in the same way that a human's DNA can be used
    to identify his or her centuries-old genetic makeup.  eDNA does not rely
    on heuristics scanning as many antiviral programs do. Heuristics looks
    for specific patterns of code associated with known viruses in order to
    spot new or rewritten viruses. eDNA digs deeper and ferrets out the old
    ancestral links, even if the program's code has been greatly altered.
    "A person can be matched from his or her DNA no matter what makeup they
    are wearing or what body altering surgery they have undergone," said
    David Sanders, head scientist at TASC. "Similarly, eDNA can identify
    version 3.2 of a virus or Trojan with a sample from version 1.0, just
    like a child can be identified and differentiated from all the other
    children in the neighborhood by a DNA sample from its father." (Source:
    Wired News, 5 November)
    
    Government - Claude R. Carpenter II was sentenced to 15 months in prison
    and fined $109,000 for sabotaging IRS computers at the agency's New
    Carrollton, MD, office.  Carpenter worked as a systems administrator for
    Network Resources Inc., a subcontractor to the IRS on the agency's
    Integrated Network Operations Management System database.  He pleaded
    guilty to intentionally damaging a protected computer in July.
    Carpenter monitored three servers at the IRS facility and inserted code
    into them that deleted all their data.  He tried to conceal his
    activities by turning off system logs, removing history files and
    overwriting the code after execution to prevent system administrators
    from determining why the data was deleted.  The IRS had to shut down the
    servers to remove the code and re-establish security. The case was
    investigated by the Office of the Treasury Inspector General for Tax
    Administration.  (Source:  Government Computing News, 5 November)
    
    The Federal Computer Incident Response Center (FedCIRC) and the Carnegie
    Mellon University Computer Emergency Response Team/Coordination Center
    (CERT/CC) released FedCIRC Advisory FA-2001-30 Multiple Vulnerabilities
    in lpd.  The advisory discusses multiple vulnerabilities in several
    implementations of the line printer daemon (lpd), affecting several UNIX
    systems.  Although some of vulnerabilities have been publicly disclosed
    previously, many system and network administrators may have overlooked
    one or more of these vulnerabilities.  The advisory was issued to
    encourage administrators to validate that they have addressed the lpd
    vulnerabilities.  The full FedCIRC advisory can be found on the FedCIRC
    web site at http://www2.fedcirc.gov/advisories/FA-2001-30.html.
    (Source: FedCIRC/CERT-CC, 5 November)
    
    The Chairman of the Senate Governmental Affairs Committee, Sen. Joseph
    Lieberman (D-CT) has called for the creation of a $1 billion IT fund to
    enhance homeland and information security.  The Senator's proposal would
    establish a fund managed by the Office of Management and Budget.  The
    proposal is similar to the one that was set up to help the government
    respond to the Y2k crisis.  However, the money would be aimed
    specifically at jump-starting some of the more pressing IT security
    requirements throughout government and the private sector. Sen. Robert
    Byrd (D-WV.) is supporting the proposal and is expected to include it as
    part of his economic stimulus package to help the nation recover from
    the setbacks caused by the 11 September terrorist attacks.  The talking
    points are being used to sell the proposal state that the money in the
    fund could be spent only on projects to improve the federal government's
    information security systems, to protect critical infrastructure or to
    provide stronger defenses against natural and man-made threats to the
    nation.  (Source: ComputerWorld, 5 November)
    
    Military - The Navy recently selected five vendor teams to provide
    electronic warfare support services as well as electronic intelligence
    and communications equipment, systems and programs for the Naval Surface
    Warfare Center, Port Hueneme Division.  The awards contain one base year
    and four one-year options with a potential value of about $162 million
    if all options are exercised, according to the Navy.  (Source: Federal
    Computer Week, 5 November)
    
    International - NTR
    
    U.S. SECTOR INFORMATION:
    
    Transportation - New federal flight restrictions protect airspace over
    many nuclear reactor sites, but fail to secure the skies over the
    nuclear reactors in aircraft carriers at Newport News Shipbuilding.  In
    a special order issued earlier this week, the Federal Aviation
    Administration (FAA) prohibited planes from flying within about an
    11.5-mile radius of nuclear power plants.  But the FAA reports no such
    restrictions over Newport News Shipbuilding, where a nuclear-powered
    aircraft carrier is being constructed and another is being refueled.
    Navy officials said they are negotiating with the FAA for airspace
    safety measures over the locations of its ships.  Scores of smaller
    nuclear reactors, such as those used in research companies and
    universities, are not even considered for such safety measures.  The
    potential of danger from any aerial terrorist attack on the ships'
    nuclear reactors is uncertain. Navy nuclear reactors are built to secure
    against meltdowns.  It is also unclear how many nuclear reactors are
    running in the shipyard.  (Source: Knight Ridder/Tribune, 5 November)
    
    On 5 November, the primary radar at the Baltimore Washington
    International (BWI) Airport resumed operation following an outage that
    forced rerouting of high-altitude flights. Air controllers said two
    backup radars also malfunctioned on Sunday, 4 November, leading them to
    declare the airspace shared by Reagan National and Washington Dulles
    unsafe. The diversions caused flights at BWI to run about 30 minutes
    late. Flights at Dulles were delayed about 15 minutes, FAA officials
    said.  (Source: Associated Press, 6 November)
    
    Electrical Power - More than 700 guards armed are patrolling Duke Energy
    Corporations's seven US nuclear electric generation facilities according
    to Harvey Padewar, president of Duke Energy Services.  He said the
    Charlotte, NC, energy holding company has done a "tremendous" job of
    both operating and responding to any perceived threat against its
    nuclear facilities.  Nuclear power plant operators nationwide stepped up
    security measures after the federal government issued another warning of
    a possible terrorist attack without mentioning specific potential
    targets.  Governors of seven states have authorized the National Guard
    to help patrol nuclear plants, including Florida, Arkansas, Missouri,
    Louisiana, Mississippi, New York, and Massachusetts.  (Source: OGJ
    Online Staff, 5 November)
    
    Telecommunications - Verizon Wireless and the government are in the
    final stages of a deal that would give some emergency officials priority
    access to the company's cellular network, according to federal
    officials.   The system, intended to be used only in times of crisis,
    would be operational in New York City, Washington, DC, and Salt Lake
    City, the site of the 2002 Winter Olympics.  Verizon has submitted a
    request to the Federal Communications Commission (FCC), which must
    review and approve some elements of the plan.   In a statement Monday,
    Verizon acknowledged the deal but said it is not yet final.  (Source:
    Associated Press, 6 November)
    
    Water Supply - NTR
    Emergency Services - NTR
    Gas and Oil Storage Distribution - NTR
    Government Services - NTR
    Banking and Finance - NTR
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:30:48 PDT