[iwar] [fc:NIPC.ADVISORY.01-026]

From: Fred Cohen (fc@all.net)
Date: 2001-11-06 07:50:41


Return-Path: <sentto-279987-3791-1005061843-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 06 Nov 2001 07:52:07 -0800 (PST)
Received: (qmail 31008 invoked by uid 510); 6 Nov 2001 15:49:47 -0000
Received: from n15.groups.yahoo.com (216.115.96.65) by 204.181.12.215 with SMTP; 6 Nov 2001 15:49:47 -0000
X-eGroups-Return: sentto-279987-3791-1005061843-fc=all.net@returns.groups.yahoo.com
Received: from [10.1.4.54] by n15.groups.yahoo.com with NNFMP; 06 Nov 2001 15:50:35 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_0_0_1); 6 Nov 2001 15:50:42 -0000
Received: (qmail 57005 invoked from network); 6 Nov 2001 15:50:42 -0000
Received: from unknown (216.115.97.167) by m10.grp.snv.yahoo.com with QMQP; 6 Nov 2001 15:50:42 -0000
Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1.grp.snv.yahoo.com with SMTP; 6 Nov 2001 15:50:42 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fA6FofD16396 for iwar@onelist.com; Tue, 6 Nov 2001 07:50:41 -0800
Message-Id: <200111061550.fA6FofD16396@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Tue, 6 Nov 2001 07:50:41 -0800 (PST)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:NIPC.ADVISORY.01-026]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

ADVISORY 01-026

"Increased Potential for Distributed Denial of Service (DDoS) Attacks"

November 02, 2001

The National Infrastructure Protection Center (NIPC) issued Advisory
01-021 on 17 September 2001 concerning "Potential Distributed Denial of
Service (DDoS) Attacks." Cyber protests and hacktivist activity have
increased since Advisory 01-021 was issued and the potential for
targeting U.S.  organizations is higher than in September. 

In the aftermath of the 11 September attacks, hacking groups have formed
and participated in pro-U.S.  and anti-U.S.  cyber activities, fought
mainly through web defacements.  There has been minimal activity in the
form of DDoS attacks, mostly between opposing protesting groups.  NIPC
has reason to believe that the potential for future DDoS attacks is
high.  The protesters have indicated they are targeting web sites of the
U.S.  Department of Defense and organizations that support the critical
infrastructure of the United States, but many businesses and other
organizations—some completely unrelated to the events—have been victims. 

In the current situation, infrastructure support systems must take a
defensive posture and remain vigilant at a higher state of alert. 
System administrators are encouraged to check their systems for zombie
agent software and ensure they institute best practices such as ingress
and egress filtering. 

A list of best practices is available from the CERT/CC website, located
at:

<a
href="http://www.cert.org/security-improvement">http://www.cert.org/security-improvement>. 

Recipients of this advisory are encouraged to report computer intrusions
to me or NIPC, and to the other appropriate authorities.  Incidents may
be reported online at <a
href="http://www.nipc.gov/incident/cirr.htm">http://www.nipc.gov/incident/cirr.htm>. 
The NIPC Watch and Warning Unit can be reached at (202)
323-3204/3205/3206 or nipc.watch@fbi.gov. 


------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST