[NEWS and TOOLS] Denial of Service Info

Jean L Francois Jean.L.Francois@aexp.com
10 Feb 2000 09:59:43 -0700 

<JLF NOTE>
Please make sure that if you are running Cisco Routers
that you have set:
                                    ip no directed-broadcast
on all of your interfaces.
Also make sure that you are doing proper filtering outbound at
your border router(s) to prevent source address spoofing.
</JLF NOTE>

System scanner that searches for trin00 and other distributed denial of
service attack tools.  http://www.fbi.gov/nipc/trinoo.htm
<JLF NOTE> 
I do not personally like the idea of running 
untested binaries from the FBI on my computers.
But that is just how I am. You make the call.
</JLF NOTE>

CenterTrack, the tool that Internet Service Providers will use to find
the source of forged IP packets employed in distributed denial of service
attacks.  http://www.nanog.org/mtg-9910/robert.html

At least two other sites have been the targets of distributed denial of
service (DDOS) attacks similar to the one that plagued Yahoo on Monday.
DDOS attacks flood sites with traffic from a variety of locations, often
causing the sites to shut down.
http://dailynews.yahoo.com/h/nm/20000208/ts/tech_hackers_1.html

At the Northern California branch of Sandia National Laboratory, computer
security students are learning to defeat computer attacks, and sharing
their work on the Internet.
http://washingtonpost.com/wp-srv/WPlate/2000-02/05/078l-020500-idx.html

Many e-commerce businesses lack comprehensive security policies, and IT
managers are less confident in the security of their systems than are
company executives, according to a recent study by Deloitte Touche
Tohmatsu and the Information Systems Audit and Control Association
(ISACA) http://www.currents.net/newstoday/00/02/04/news17.html

Some web based shopping cart applications could allow malicious shoppers
to alter fields in HTML forms and in URLs to change the price of items
they are buying.  Eight of the eleven identified vulnerable shopping
applications have been altered to increase security.
http://www.computerworld.com/home/print.nsf/all/000202E636
http://www.usatoday.com/life/cyber/nb/nb2.htm
http://www.theregister.co.uk/000203-000006.html

At least two fraudulent web sites purporting to be related to Alaska
Airlines Flight 261 have popped up on the Internet.  At least one is
trying to solicit donations and it spreads a virus to site visitors;
another was shut down.  Alaska Airlines is trying to find out who set
up the phony sites; their official site, which contains Flight 261
information, is www.alaskaair.com.
http://www.usatoday.com/life/cyber/tech/cth273.htm
http://www.currents.net/newstoday/00/02/04/news7.html

Government systems security and encryption validation standards have
been updated.  Revisions include removal of redundant information and
the addition of a section on surviving cyber attacks.
http://www.gcn.com/vol1_no1/daily-updates/1236-1.html

The US's reliance on information technology is both an asset and a
liability.  The technology of information warfare can magnify the range
and effect of a single attacker, according to the directors of the CIA
and the DIA (Defense Intelligence Agency).  Intelligence suggests that
Middle East terrorist groups are using computers and encryption.  Most
adversaries, however, are not sophisticated enough to launch a
comprehensive information systems attack.
http://www.currents.net/newstoday/00/02/03/news19.html

A security hole in Microsoft's Java virtual machine could allow attackers
to lift files from computers by inserting code into a Java applet and
them embedding it in a web page.
http://www.zdnet.com/zdnn/stories/news/0,4586,2431555,00.html

The Electronic Frontier Foundation (EFF), arguing for the defense in
two DVD code cases, says that DVD encryption does not meet the minimum
standard for a trade secret.
http://www.cnnfn.com/news/technology/newsbytes/143179.html

FIDNet, the proposed Federal Intrusion Detection Network, is the focus
of debate about the Clinton administration's National Plan for Information
Systems Protection.  Privacy advocates say the plan focused heavily on
system monitoring and surveillance rather than on enhancing computer
security.  They have also expressed concern that one agency, the General
Services Administration (GSA) would monitor all federal network
communication.
http://www2.infoworld.com/articles/en/xml/00/02/01/000201enprivate.xml?Template
=/storypages/printarticle.html
http://www.thestandard.com/article/display/1,1151,9327,00.html
http://www.computerworld.com/home/print.nsf/all/000201E5E2
http://www.wired.com/news/print/0,1294,34027,00.html

Questions, Comments, Suggestions, Complaints----> JLF@magusnet.com