Return-Path: <sentto-279987-3484-1004128976-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 26 Oct 2001 13:44:07 -0700 (PDT) Received: (qmail 12804 invoked by uid 510); 26 Oct 2001 20:42:20 -0000 Received: from n2.groups.yahoo.com (216.115.96.52) by 204.181.12.215 with SMTP; 26 Oct 2001 20:42:20 -0000 X-eGroups-Return: sentto-279987-3484-1004128976-fc=all.net@returns.onelist.com Received: from [10.1.4.54] by n2.groups.yahoo.com with NNFMP; 26 Oct 2001 20:42:57 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 26 Oct 2001 20:42:56 -0000 Received: (qmail 23318 invoked from network); 26 Oct 2001 20:42:56 -0000 Received: from unknown (10.1.10.27) by l8.egroups.com with QMQP; 26 Oct 2001 20:42:56 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2 with SMTP; 26 Oct 2001 20:42:56 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9QKh4P22584 for iwar@onelist.com; Fri, 26 Oct 2001 13:43:04 -0700 Message-Id: <200110262043.f9QKh4P22584@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 26 Oct 2001 13:43:04 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Rash.Of.Router-Based.DDoS.Attacks.Imminent.-.CERT] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Rash Of Router-Based DDoS Attacks Imminent - CERT By Staff, Newsbytes, 10/26/2001 <a href="http://www.newsbytes.com/news/01/171530.html">http://www.newsbytes.com/news/01/171530.html> The widespread use of poorly configured network routers has opened the door to an "imminent" spate of attacks that could slow Internet traffic to a crawl, according to report published by a government-funded security watchdog group. "We believe this to be an imminent and real threat with a potentially high impact," wrote researchers with the Computer Emergency Response Team (CERT), located at Carnegie Mellon University in Pittsburgh. "Routing protocol attacks are being actively discussed in some intruder circles and have become agenda items" at public hacker conferences. The report notes that intruders are increasingly compromising routers using vendor-supplied default passwords. The traffic-routing circuits are then redirected for use in so-called "distributed denial-of-service" DDoS attacks, in which a targeted Web site(s) is crippled by an overwhelming amount of network traffic. The attacks usually emanate from a number of different compromised systems, and are generally very difficult - if not impossible - to defend against. CERT researchers say routers make tempting targets because they are often less protected by security policy and monitoring technology than other computer systems, which also allows intruders to operate with less chance of being discovered. The report also cites an increase in the number of DDoS attacks perpetrated over private and public Internet relay chat (IRC) networks. While IRC-based denial-of-service attacks can be difficult to trace, they are even more troublesome to shut down. Much like routers, IRC networks manage vast numbers of individual communications, and shutting them down can often lead to an overflow of traffic on other networks. In the past, DDoS attackers often planted their attack tools on carefully selected compromised Unix hosts. Yet, according to the CERT report, intruder tools that target Windows systems have matured to the point where more advanced exploit technology for Windows-related vulnerabilities is enabling a wider array of Windows-based tools. DDos attackers also are targeting Windows users because it is relatively easy to find network address blocks for Internet service providers (ISPs) with known, large numbers of Windows end-users, such as AOL. "Based on reports we have received, intruders are leveraging easily identifiable network blocks to selectively target and exploit Windows end-user systems," the report said. For a copy of the CERT report, visit: <a href="http://www.cert.org/archive/pdf/DoS_trends.pdf">http://www.cert.org/archive/pdf/DoS_trends.pdf> ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:57 PST