Date: 10 February 2000
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
A U S C E R T A L E R T
AL-2000.02 -- AUSCERT ALERT
Recent Denial of Service attacks
10 February 2000
===========================================================================
PROBLEM:
AusCERT is aware of an increase in denial of service attacks which
have been launched against organisations using both recent and
older vulnerabilities and intruder tools.
We have previously distributed information regarding these types
of attacks. However due to the recent increase in attacks we are
taking this opportunity to remind our members that these attacks
may result in a significant impact to a site.
Preparation is essential in mitigating the attacks, so we strongly
encourage sites to review the documents listed below for information
in dealing with denial of services attacks, including distributed
denial of service (DDOS) attacks (some examples of which have been
extensively publicised).
IMPACT:
Denial of service attacks may cause a victim's network or servers
to become unusable, unstable or crash. Depending on the victim's
Internet traffic pricing model, this may also cause a significant
increase in their Internet traffic charges.
SOLUTION:
The CERT/CC have produced a technical document discussing various
issues relating to denial of service attacks:
http://www.cert.org/tech_tips/denial_of_service.html
In addition, a wide range of information relating specificly to
distributed denial of service attacks is readily available
including:
"Results of the Distributed-Systems Intruder Tools Workshop"
http://www.cert.org/reports/dsit_workshop.pdf
This describes distributed denial of service attacks including
recommendations for mitigating the impact of the attacks.
Some CERT/CC documents which also discuss distributed denial of
service attacks:
http://www.cert.org/advisories/CA-2000-01.html
http://www.cert.org/advisories/CA-99-17-denial-of-service-tools.html
http://www.cert.org/incident_notes/IN-99-07.html
The United States National Infrastructure Protection Center has
produced alerts and warnings including software to assist in
detecting the presence of some DDOS attack tools. More information
is available from:
http://www.nipc.gov/
Technical information about some specific intruder tools being
used to launch the attacks is available from:
http://staff.washington.edu/dittrich/misc/tfn.analysis
http://staff.washington.edu/dittrich/misc/trinoo.analysis
http://staff.washington.edu/dittrich/misc/stacheldraht.analysis
- ---------------------------------------------------------------------------
[AusCERT issues an alert when the risk posed by a vulnerability that may
not have been thoroughly investigated and for which a work-around or fix
may not yet have been developed requires notification.]
The AusCERT team has made every effort to ensure that the information
contained in this document is accurate at the time of publication. However,
the decision to use the information described is the responsibility of
each user or organisation. The appropriateness of this document for an
organisation or individual system should be considered before application
in conjunction with local policies and procedures. AusCERT takes no
responsibility for the consequences of applying the contents of this
document.
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
AusCERT maintains an anonymous FTP service which is found on:
ftp://ftp.auscert.org.au/pub/. This archive contains past SERT
and AusCERT Advisories, and other computer security information.
AusCERT maintains a World Wide Web service which is found on:
http://www.auscert.org.au/.
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours which are GMT+10:00 (AEST). On call
after hours for emergencies.
Postal:
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
AUSTRALIA
===========================================================================
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBOMy19Ch9+71yA2DNAQHNmQQAjtKRF5y7VYxJRk09m6zG4gpWxW27hX4h
5FkJ1uFrI6/WFCk1cJuIcs4ZOvw/NY633DsR/y8M/Q0EyFQCivcFTJ/9Xyh7Fc2H
rpW/guDV6qF6/AX2uT4pvF6hk7+/DH9JsrRzQycL6WKHV9JIS9oeFsCjbsJLBluP
xW0TVaAP7/U=
=xess
-----END PGP SIGNATURE-----
|