Fw: NIPC Advisory 01-021, "Potential DDoS Attacks"

["Mike Lewinski" <mike () rockynet com>]

----- Original Message -----
From: "VanMeter, John" <John.VanMeter () ost dot gov>
To: "Incidents (E-mail)" <INCIDENTS () SECURITYFOCUS COM>
Sent: Tuesday, September 18, 2001 4:12 AM
Subject: NIPC Advisory 01-021, "Potential DDoS Attacks"


> National Infrastructure Protection Center
> "Potential Distributed Denial of Service (DDoS) Attacks"
> Advisory 01-021
> 17 September 2001
>
> The National Infrastructure Protection Center (NIPC) expects an
increase in
> Distributed Denial of Service (DDoS) attacks.  NIPC Advisory 01-020,
> "Increased Cyber Awareness" dated September 14, 2001 warned of
threatened
> vigilante hacking activity against organizations associated with the
> perceived perpetrators of the September 11, 2001 terror attacks.
> On September 12, 2001, a group of hackers named the Dispatchers
claimed they
> had already begun network operations against information
infrastructure
> components such as routers.  The Dispatchers stated they were
targeting the
> communications and finance infrastructures.  They also predicted that
they
> would be prepared for increased operations on or about Tuesday,
September
> 18, 2001.
> There is the opportunity for significant collateral damage to any
computer
> network and telecommunications infrastructure that does not have
current
> countermeasures in place.  The Dispatchers claim to have over 1,000
machines
> under their control for the attacks.  It is likely that the attackers
will
> mask their operations by using the IP addresses and pirated systems of
> uninvolved third parties.
> System administrators are encouraged to check their systems for zombie
agent
> software and ensure they institute best practices such as ingress and
egress
> filtering.  The NIPC has made available the "Find DDoS" tool to
determine if
> your computer has been infected by the most common DDoS agents.  The
tool
> may be downloaded from the following website:
> http://www.nipc.gov/warnings/advisories/2000/00-055.htm.
> Additionally, a list of best practices is available from the CERT/CC
> website, located at:
> http://www.cert.org/security-improvement.
> Recipients of this advisory are encouraged to report computer
intrusions to
> their local FBI office
> (http://www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to the other
> appropriate authorities.  Incidents may be reported online at
> http://www.nipc.gov/incident/cirr.htm.   The .NIPC Watch and Warning
Unit
> can be reached at (202) 323-3204/3205/3206 or nipc.watch () fbi gov.
>
>
>
>
> ----------------------------------------------------------------------
------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com