"Increased Potential for
Distributed Denial of Service (DDoS) Attacks"
The National Infrastructure Protection Center (NIPC) issued Advisory 01-021 on September 17, 2001 concerning "Potential Distributed Denial of Service (DDoS) Attacks." Cyber protests and hacktivist activity have increased since Advisory 01-021 was issued and the potential for targeting U.S. organizations is higher than in September.
In the aftermath of the September 11 attacks, hacking groups have formed and participated in pro-U.S. and anti-U.S. cyber activities, fought mainly through web defacements. There has been minimal activity in the form of DDoS attacks, mostly between opposing protesting groups. NIPC has reason to believe that the potential for future DDoS attacks is high. The protesters have indicated they are targeting web sites of the U.S. Department of Defense and organizations that support the critical infrastructure of the United States, but many businesses and other organizationssome completely unrelated to the eventshave been victims.
In the current situation, infrastructure support systems must take a defensive posture and remain vigilant at a higher state of alert. System administrators are encouraged to check their systems for zombie agent software and ensure they institute best practices such as ingress and egress filtering.
A list of best practices is available from the CERT/CC web site, located at:
Recipients of this advisory are encouraged to
report computer intrusions to their local FBI office