Return-Path: <sentto-279987-3821-1005243672-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 08 Nov 2001 10:23:08 -0800 (PST) Received: (qmail 31312 invoked by uid 510); 8 Nov 2001 18:20:12 -0000 Received: from n4.groups.yahoo.com (216.115.96.54) by 204.181.12.215 with SMTP; 8 Nov 2001 18:20:12 -0000 X-eGroups-Return: sentto-279987-3821-1005243672-fc=all.net@returns.groups.yahoo.com Received: from [10.1.1.220] by n4.groups.yahoo.com with NNFMP; 08 Nov 2001 18:21:12 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 8 Nov 2001 18:21:11 -0000 Received: (qmail 97713 invoked from network); 8 Nov 2001 18:21:10 -0000 Received: from unknown (216.115.97.172) by m2.grp.snv.yahoo.com with QMQP; 8 Nov 2001 18:21:10 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta2.grp.snv.yahoo.com with SMTP; 8 Nov 2001 18:21:10 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id fA8ILMO28241 for iwar@onelist.com; Thu, 8 Nov 2001 10:21:22 -0800 Message-Id: <200111081821.fA8ILMO28241@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 8 Nov 2001 10:21:22 -0800 (PST) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Denial-of-service.attacks.expected] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Denial-of-service attacks expected By Sam Costello, IDG, 11/8/2001 <a href="http://www.cnn.com/2001/TECH/internet/11/07/DoS.attacks.idg/index.html">http://www.cnn.com/2001/TECH/internet/11/07/DoS.attacks.idg/index.html> There is a high probability that the U.S. critical computer infrastructure, such as the Web site of the U.S. Department of Defense, is being targeted for Distributed Denial of Service attacks by cyberprotestors, according to a warning issued Friday by the National Infrastructure Protection Center (NIPC). The center is the U.S. Federal Bureau of Investigation's cybersecurity arm. Denial of Service (DoS) attacks are those in which a target computer system is flooded with false requests for information to the point that it is unable to respond to legitimate requests, denying them service. Distributed Denial of Service (DDoS) attacks, the more damaging relative of DoS attacks, are those that use multiple computers worldwide to launch their attacks and are harder to combat. DdoS attacks knocked high-profile sites such as Amazon.com, Yahoo.com, and EBay.com offline over the course of a week in February 2000. Online protests, both pro- and anti-United States, have been frequent since September 11, but have largely been limited to Web site defacements, the NIPC said. Although the DDoS activity that has gone on so far has been minimal, and mostly limited to attacks between protest groups, protestors have indicated that U.S. infrastructure will be a target, the NIPC warning said. But businesses and organizations unrelated to the September 11 attacks also could be targets, the NIPC said. The NIPC cautioned organizations to "take a defensive posture and remain vigilant." The center also referred systems administrators to a list of best security practices offered by the government-funded security research body CERT/CC. There may be no cause for alarm, however, as one company that tracks DoS and DDoS activity, SecurityFocus, hasn't seen much evidence that such an attack is imminent. SecurityFocus uses a product it sells called ARIS Predictor to monitor corporate networks in more than 138 countries to determine and predict attack trends and patterns. Though SecurityFocus had detected a 3 percent rise in the rate of communication between master computers that would control DDoS attacks and the systems used to launch the attacks, this is not a significant increase, said Arthur Wong, CEO of SecurityFocus. The master computers are ostensibly operated by hackers and would use systems called zombies to launch the attacks. "At this point, we haven't seen any increase that is significant," Wong said. The increase that the company has seen "doesn't indicate that there's an attack imminent," he added. The cyberprotest groups mentioned by the NIPC have been active, but their activities have so far been small scale, Wong said. In fact, "since September, there hasn't been a lot of significant [attack] traffic," he said. This may signal that "people are beginning to be more reluctant to launch frivolous attacks," he said, although at the same time he cautioned that this means that "when you do get attacks, they're going to be more serious." Notwithstanding SecurityFocus' data, attacks could be pending, Wong said. Even if they're not, however, organizations ought to heed the NIPC's advice and take steps to better secure their systems, Wong said. ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST