IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

ADVISORY 01-021

"Potential Distributed Denial of Service (DDoS) Attacks "
September 17, 2001

The National Infrastructure Protection Center (NIPC) expects an increase in Distributed Denial of Service (DDoS) attacks. NIPC Advisory 01-020, "Increased Cyber Awareness" dated September 14, 2001, warned of threatened vigilante hacking activity against organizations associated with the perceived perpetrators of the September 11, 2001 terror attacks.

On September 12, 2001, a group of hackers named the Dispatchers claimed they had already begun network operations against information infrastructure components such as routers. The Dispatchers stated they were targeting the communications and finance infrastructures. They also predicted that they would be prepared for increased operations on or about Tuesday, September 18, 2001.

There is the opportunity for significant collateral damage to any computer network and telecommunications infrastructure that does not have current countermeasures in place. The Dispatchers claim to have over 1,000 machines under their control for the attacks. It is likely that the attackers will mask their operations by using the IP addresses and pirated systems of uninvolved third parties.

System administrators are encouraged to check their systems for zombie agent software and ensure they institute best practices such as ingress and egress filtering. The NIPC has made available the "Find DDoS" tool to determine if your computer has been infected by the most common DDoS agents. The tool may be downloaded from the following web site:

http://www.nipc.gov/warnings/advisories/2000/00-055.htm.

Additionally, a list of best practices is available from the CERT/CC web site, located at: http://www.cert.org/security-improvement.

Recipients of this advisory are encouraged to report computer intrusions to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to the other appropriate authorities. Incidents may be reported online at http://www.nipc.gov/incident/cirr.htm. The NIPC Watch and Warning Unit can be reached at (202) 323-3204/3205/3206 or nipc.watch@fbi.gov.