North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Fw: NIPC Advisory 01-021, "Potential DDoS Attacks"

  • From: Mike Lewinski
  • Date: Tue Sep 18 22:39:34 2001

----- Original Message -----
From: "VanMeter, John" <[email protected]>
To: "Incidents (E-mail)" <[email protected]>
Sent: Tuesday, September 18, 2001 4:12 AM
Subject: NIPC Advisory 01-021, "Potential DDoS Attacks"

> National Infrastructure Protection Center
> "Potential Distributed Denial of Service (DDoS) Attacks"
> Advisory 01-021
> 17 September 2001
> The National Infrastructure Protection Center (NIPC) expects an
increase in
> Distributed Denial of Service (DDoS) attacks.  NIPC Advisory 01-020,
> "Increased Cyber Awareness" dated September 14, 2001 warned of
> vigilante hacking activity against organizations associated with the
> perceived perpetrators of the September 11, 2001 terror attacks.
> On September 12, 2001, a group of hackers named the Dispatchers
claimed they
> had already begun network operations against information
> components such as routers.  The Dispatchers stated they were
targeting the
> communications and finance infrastructures.  They also predicted that
> would be prepared for increased operations on or about Tuesday,
> 18, 2001.
> There is the opportunity for significant collateral damage to any
> network and telecommunications infrastructure that does not have
> countermeasures in place.  The Dispatchers claim to have over 1,000
> under their control for the attacks.  It is likely that the attackers
> mask their operations by using the IP addresses and pirated systems of
> uninvolved third parties.
> System administrators are encouraged to check their systems for zombie
> software and ensure they institute best practices such as ingress and
> filtering.  The NIPC has made available the "Find DDoS" tool to
determine if
> your computer has been infected by the most common DDoS agents.  The
> may be downloaded from the following website:
> Additionally, a list of best practices is available from the CERT/CC
> website, located at:
> Recipients of this advisory are encouraged to report computer
intrusions to
> their local FBI office
> ( or the NIPC, and to the other
> appropriate authorities.  Incidents may be reported online at
>   The .NIPC Watch and Warning
> can be reached at (202) 323-3204/3205/3206 or [email protected]
> ----------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: