[iwar] [fc:Rash.Of.Router-Based.DDoS.Attacks.Imminent.-.CERT]

From: Fred Cohen (fc@all.net)
Date: 2001-10-26 13:43:04


Return-Path: <sentto-279987-3484-1004128976-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 26 Oct 2001 13:44:07 -0700 (PDT)
Received: (qmail 12804 invoked by uid 510); 26 Oct 2001 20:42:20 -0000
Received: from n2.groups.yahoo.com (216.115.96.52) by 204.181.12.215 with SMTP; 26 Oct 2001 20:42:20 -0000
X-eGroups-Return: sentto-279987-3484-1004128976-fc=all.net@returns.onelist.com
Received: from [10.1.4.54] by n2.groups.yahoo.com with NNFMP; 26 Oct 2001 20:42:57 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_0_1); 26 Oct 2001 20:42:56 -0000
Received: (qmail 23318 invoked from network); 26 Oct 2001 20:42:56 -0000
Received: from unknown (10.1.10.27) by l8.egroups.com with QMQP; 26 Oct 2001 20:42:56 -0000
Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2 with SMTP; 26 Oct 2001 20:42:56 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9QKh4P22584 for iwar@onelist.com; Fri, 26 Oct 2001 13:43:04 -0700
Message-Id: <200110262043.f9QKh4P22584@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Fri, 26 Oct 2001 13:43:04 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Rash.Of.Router-Based.DDoS.Attacks.Imminent.-.CERT]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Rash Of Router-Based DDoS Attacks Imminent - CERT 
By Staff, Newsbytes, 10/26/2001
<a href="http://www.newsbytes.com/news/01/171530.html">http://www.newsbytes.com/news/01/171530.html>

The widespread use of poorly configured network routers has opened the
door to an "imminent" spate of attacks that could slow Internet traffic
to a crawl, according to report published by a government-funded
security watchdog group. 
"We believe this to be an imminent and real threat with a potentially
high impact," wrote researchers with the Computer Emergency Response
Team (CERT), located at Carnegie Mellon University in Pittsburgh.
"Routing protocol attacks are being actively discussed in some intruder
circles and have become agenda items" at public hacker conferences. 
The report notes that intruders are increasingly compromising routers
using vendor-supplied default passwords. The traffic-routing circuits
are then redirected for use in so-called "distributed denial-of-service"
DDoS attacks, in which a targeted Web site(s) is crippled by an
overwhelming amount of network traffic. The attacks usually emanate from
a number of different compromised systems, and are generally very
difficult - if not impossible - to defend against. 
CERT researchers say routers make tempting targets because they are
often less protected by security policy and monitoring technology than
other computer systems, which also allows intruders to operate with less
chance of being discovered. 
The report also cites an increase in the number of DDoS attacks
perpetrated over private and public Internet relay chat (IRC) networks. 
While IRC-based denial-of-service attacks can be difficult to trace,
they are even more troublesome to shut down. Much like routers, IRC
networks manage vast numbers of individual communications, and shutting
them down can often lead to an overflow of traffic on other networks. 
In the past, DDoS attackers often planted their attack tools on
carefully selected compromised Unix hosts. Yet, according to the CERT
report, intruder tools that target Windows systems have matured to the
point where more advanced exploit technology for Windows-related
vulnerabilities is enabling a wider array of Windows-based tools. 
DDos attackers also are targeting Windows users because it is relatively
easy to find network address blocks for Internet service providers
(ISPs) with known, large numbers of Windows end-users, such as AOL. 
"Based on reports we have received, intruders are leveraging easily
identifiable network blocks to selectively target and exploit Windows
end-user systems," the report said. 
For a copy of the CERT report, visit:
<a href="http://www.cert.org/archive/pdf/DoS_trends.pdf">http://www.cert.org/archive/pdf/DoS_trends.pdf>

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:57 PST