IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

ADVISORY 01-026

"Increased Potential for Distributed Denial of Service (DDoS) Attacks"
November 02, 2001

The National Infrastructure Protection Center (NIPC) issued Advisory 01-021 on September 17, 2001 concerning "Potential Distributed Denial of Service (DDoS) Attacks." Cyber protests and hacktivist activity have increased since Advisory 01-021 was issued and the potential for targeting U.S. organizations is higher than in September.

In the aftermath of the September 11 attacks, hacking groups have formed and participated in pro-U.S. and anti-U.S. cyber activities, fought mainly through web defacements. There has been minimal activity in the form of DDoS attacks, mostly between opposing protesting groups. NIPC has reason to believe that the potential for future DDoS attacks is high. The protesters have indicated they are targeting web sites of the U.S. Department of Defense and organizations that support the critical infrastructure of the United States, but many businesses and other organizations—some completely unrelated to the events—have been victims.

In the current situation, infrastructure support systems must take a defensive posture and remain vigilant at a higher state of alert. System administrators are encouraged to check their systems for zombie agent software and ensure they institute best practices such as ingress and egress filtering.

A list of best practices is available from the CERT/CC web site, located at:

http://www.cert.org/security-improvement.

Recipients of this advisory are encouraged to report computer intrusions to their local FBI office
(http://www.fbi.gov/contact/fo/fo.htm) or the NIPC, and to the other appropriate authorities. Incidents may be reported online at http://www.nipc.gov/incident/cirr.htm. The NIPC Watch and Warning Unit can be reached at (202) 323-3204/3205/3206 or nipc.watch@fbi.gov.