North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: Yahoo offline because of attack (was: Yahoo network outage)
- From: Sykes, Phil
- Date: Wed Feb 09 04:42:49 2000
> Okay, but you've still missed the point. Even if I stipulate everything
> said here, that's still 50 largish systems that are compromised. I would
> almost wager that the perpetrators didn't use all of their assets either.
> That's a shit-load of large compromised systems on the Internet. Doesn't
> that thought worry you in the slightest?
It worries everyone!
Dave Dittrich in his analyses of DDOS tools (available from
"Trinoo networks are probably being set up on hundreds, perhaps
thousands, of systems on the Internet that are being compromised by
remote buffer overrun exploitation. Access to these systems is
probably being perpetuated by the installation of multiple "back
doors" along with the trinoo daemons."
CERT suggests (http://www.cert.org/incident_notes/IN-99-07.html)
Prevent installation of distributed attack tools on your systems
Prevent origination of IP packets with spoofed source addresses
Monitor your network for signatures of distributed attack tools
Should we as network operators be taking a pro-active role to police our
users for DDOS running boxen? It seems to me that educating end-users is the
problem here, just as educating people to use 'no ip directed-broadcast' was
back in 1997.
Phil Sykes, Network Engineer
Cable & Wireless Europe
p: +49 89 92699 204 m: +49 172 89 79 727