Home page logo
/

nanog logo nanog mailing list archives

Fw: NIPC Advisory 01-021, "Potential DDoS Attacks"
From: "Mike Lewinski" <mike () rockynet com>
Date: Tue, 18 Sep 2001 20:38:29 -0600



----- Original Message -----
From: "VanMeter, John" <John.VanMeter () ost dot gov>
To: "Incidents (E-mail)" <INCIDENTS () SECURITYFOCUS COM>
Sent: Tuesday, September 18, 2001 4:12 AM
Subject: NIPC Advisory 01-021, "Potential DDoS Attacks"




National Infrastructure Protection Center
"Potential Distributed Denial of Service (DDoS) Attacks"
Advisory 01-021
17 September 2001

The National Infrastructure Protection Center (NIPC) expects an
increase in
Distributed Denial of Service (DDoS) attacks.  NIPC Advisory 01-020,
"Increased Cyber Awareness" dated September 14, 2001 warned of
threatened
vigilante hacking activity against organizations associated with the
perceived perpetrators of the September 11, 2001 terror attacks.
On September 12, 2001, a group of hackers named the Dispatchers
claimed they
had already begun network operations against information
infrastructure
components such as routers.  The Dispatchers stated they were
targeting the
communications and finance infrastructures.  They also predicted that
they
would be prepared for increased operations on or about Tuesday,
September
18, 2001.
There is the opportunity for significant collateral damage to any
computer
network and telecommunications infrastructure that does not have
current
countermeasures in place.  The Dispatchers claim to have over 1,000
machines
under their control for the attacks.  It is likely that the attackers
will
mask their operations by using the IP addresses and pirated systems of
uninvolved third parties.
System administrators are encouraged to check their systems for zombie
agent
software and ensure they institute best practices such as ingress and
egress
filtering.  The NIPC has made available the "Find DDoS" tool to
determine if
your computer has been infected by the most common DDoS agents.  The
tool
may be downloaded from the following website:
http://www.nipc.gov/warnings/advisories/2000/00-055.htm.
Additionally, a list of best practices is available from the CERT/CC
website, located at:
http://www.cert.org/security-improvement.
Recipients of this advisory are encouraged to report computer
intrusions to
their local FBI office
(http://www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to the other
appropriate authorities.  Incidents may be reported online at
http://www.nipc.gov/incident/cirr.htm.   The .NIPC Watch and Warning
Unit
can be reached at (202) 323-3204/3205/3206 or nipc.watch () fbi gov 




----------------------------------------------------------------------
------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com




  By Date           By Thread  

Current thread:
  • Fw: NIPC Advisory 01-021, "Potential DDoS Attacks" Mike Lewinski (Sep 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault