The NIPC advisory from this morning.... National Infrastructure Protection Center "Potential Distributed Denial of Service (DDoS) Attacks" Advisory 01-021 17 September 2001 The National Infrastructure Protection Center (NIPC) expects an increase in Distributed Denial of Service (DDoS) attacks. NIPC Advisory 01-020, "Increased Cyber Awareness" dated September 14, 2001 warned of threatened vigilante hacking activity against organizations associated with the perceived perpetrators of the September 11, 2001 terror attacks. On September 12, 2001, a group of hackers named the Dispatchers claimed they had already begun network operations against information infrastructure components such as routers. The Dispatchers stated they were targeting the communications and finance infrastructures. They also predicted that they would be prepared for increased operations on or about Tuesday, September 18, 2001. There is the opportunity for significant collateral damage to any computer network and telecommunications infrastructure that does not have current countermeasures in place. The Dispatchers claim to have over 1,000 machines under their control for the attacks. It is likely that the attackers will mask their operations by using the IP addresses and pirated systems of uninvolved third parties. System administrators are encouraged to check their systems for zombie agent software and ensure they institute best practices such as ingress and egress filtering. The NIPC has made available the "Find DDoS" tool to determine if your computer has been infected by the most common DDoS agents. The tool may be downloaded from the following website: http://www.nipc.gov/warnings/advisories/2000/00-055.htm. Additionally, a list of best practices is available from the CERT/CC website, located at: http://www.cert.org/security-improvement. Recipients of this advisory are encouraged to report computer intrusions to me at either the email address or telephone number below, or NIPC, and to other appropriate authorities. Incidents may be reported online at http://www.nipc.gov/incident/cirr.htm. The NIPC Watch and Warning Unit can be reached at (202) 323-3204/3205/3206 or nipc.watchat_private Recipients of this message are authorized to forward this Advisory to associates within your organization, as well as others deemed appropriate. ********************************************************************* Special Agent Gary Harter, Email: gharterat_private FBI Washington Field Office/NVRA ANSIR Coordinator 7799 Leesburg Pike, Falls Church, Va. 22043 Phone: 703-762-3024, Fax: (703) 762-3446 ********************************************************************* -----Original Message----- From: Flynn Tom [mailto:tflynnat_private] Sent: Tuesday, September 18, 2001 12:19 PM To: 'Pedro Miller Rabinovitch'; forensicsat_private Cc: Cory McIntire; focus-msat_private; focus-idsat_private Subject: New problem I am having some serious problems with our internet connection. TCP FIN scans are hitting our site and causing all sorts of troubles. Anyone heard of this or experiencing this? We have 3 locations in North America and all are experiencing similar problems. "The information contained in or attached to this message, to the extent it is non-public, is the confidential, proprietary information of New York Air Brake and may not be reproduced, disclosed to any third party or used by the recipient and/or the recipient's employer (hereinafter "recipient"), for other than the intended purpose for which it was provided to the recipient, without the prior written approval of New York Air Brake. These restrictions are in addition to any restrictions that may apply pursuant to the terms of any Confidentiality or Non-Disclosure Agreement(s) between New York Air Brake, its affiliates, and the recipient." ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 12:52:55 PDT