Hello: I try to summarize about what is going on. Please let me know if I miss something. I will put this later into http://ittf.vlsm.org ======================================================================== Clue alert... the recent attacks were not TCP SYN Floods (Warfield). - Place to discuss: NANOG (The North American Network Operators' Group) Milis: http://www.nanog.org/mailinglist.html - RFCs 2267 Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing http://www.ietf.org/rfc/rfc2267.txt "There is no assumption implied that RFC2267 filtering is needed -- it is required. What good is it if one or two or 300 people do it, and another 157,000 do not? (Ferguson)" "... while there are certainly clueless ISPs out there, I suspect that on the average they're more clueful about the net than the typical end site (Bellovin)." 2350 Expectations for Computer Security Incident Response http://www.ietf.org/rfc/rfc2350.txt 2502 Limitations of Internet Protocol Suite for Distributed Simulation in the Large Multicast Environment http://www.ietf.org/rfc/rfc2502.txt 2644 Changing the Default for Directed Broadcasts in Routers http://www.ietf.org/rfc/rfc2644.txt - Further references: http://xforce.iss.net/alerts/advise40.php3 http://www.cert.org/advisories/CA-2000-01.html - Analysis of TFN (Tribe Flood Network): http://staff.washington.edu/dittrich/misc/tfn.analysis http://staff.washington.edu/dittrich/misc/trinoo.analysis http://staff.washington.edu/dittrich/misc/stacheldraht.analysis - Craig Huegen's on minimizing the effects of DoS attacks: http://users.quadrunner.com/chuegen/smurf.cgi - Distributed Denial of Service (DDoS) News Flash, http://www.cisco.com/warp/public/707/newsflash.html - Dave Dittrich's analysis of the recent DDoS attack tools. http://www.washington.edu/People/dad/ - NIPC (National Infrstructure Protection Center), TRINOO/Tribal Flood Net/tfn2k stuff: http://www.fbi.gov/nipc/trinoo.htm - Handling A Distributed Denial of Service Trojan Infection: Step-by-Step. http://www.sans.org/y2k/DDoS.htm - Internet Security Advisories http://www.cisco.com/warp/public/707/advisory.html http://www.cisco.com/warp/public/707/22.html http://www.cisco.com/warp/public/707/sec_incident_response.shtml http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip - Know your enemy: Script Kiddies http://www.enteract.com/~lspitz/enemy.html - Flow Logs and Intrusion Detection at the Ohio State University http://www.usenix.org/publications/login/1999-9/osu.html - Achtung LAWyers! http://www.techweb.com/wire/story/TWB20000211S0014 - The size of the internet: 72,000,000 domains/hosts. http://www.isc.org/ds/ - Sources (tararengkyu ka): Steve Bellovin Paul Ferguson Valdis Kletnieks April Marine Michael H. Warfield tabe, -- - Rahmat M. Samik-Ibrahim -- VLSM-TJT -- http://rms46.vlsm.org/ - - Always select ShutDown from the StartMenu - M$Windows after crash
