Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Yahoo offline because of attack (was: Yahoo network outage)

  • From: Sykes, Phil
  • Date: Wed Feb 09 04:42:49 2000

> Okay, but you've still missed the point. Even if I stipulate everything
you
> said here, that's still 50 largish systems that are compromised. I would
> almost wager that the perpetrators didn't use all of their assets either.
> That's a shit-load of large compromised systems on the Internet. Doesn't
> that thought worry you in the slightest?

 It worries everyone!

 Dave Dittrich in his analyses of DDOS tools (available from 
http://www.washington.edu/People/dad/) suggests:

"Trinoo networks are probably being set up on hundreds, perhaps
thousands, of systems on the Internet that are being compromised by
remote buffer overrun exploitation.  Access to these systems is
probably being perpetuated by the installation of multiple "back
doors" along with the trinoo daemons."

 CERT suggests (http://www.cert.org/incident_notes/IN-99-07.html)

Prevent installation of distributed attack tools on your systems 
Prevent origination of IP packets with spoofed source addresses 
Monitor your network for signatures of distributed attack tools  

 Should we as network operators be taking a pro-active role to police our
users for DDOS running boxen? It seems to me that educating end-users is the
problem here, just as educating people to use 'no ip directed-broadcast' was
back in 1997.

Phil Sykes, Network Engineer
Cable & Wireless Europe
p: +49 89 92699 204 m: +49 172 89 79 727







Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.