LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 15th, 2014
Linux Security Week: September 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
SANS Newsbites Feb17 Print E-mail
User Rating:      How can I rate this item?
Source: Dave Wreski - Posted by LinuxSecurity.com Team   
Host Security This week's SANS newsbites contains a technical review of the week's DDOS attacks, as well as a great article from Alan Paller, SANS Research Director, with the President and other security luminaries. SANS Research Director Alan Paller . . . This week's SANS newsbites contains a technical review of the week's DDOS attacks, as well as a great article from Alan Paller, SANS Research Director, with the President and other security luminaries.



SANS Research Director Alan Paller met with President Clinton on Tuesday.
See http://www.sans.org/pres.htm for his fascinating trip report.

The cracker-challenge IDnet information for SANS 2000 is now available
at http://www.sans.org/sans2000/idnet.htm .

RK

**********************************************************************

SANS NEWSBITES

The SANS Weekly Security News Overview

Volume 2, Number 7 February 17, 2000

Editorial Team:
Kathy Bradford, Crispin Cowan, Roland Grefer, Rob Kolstad, Bill Murray
Stephen Northcutt, Alan Paller, Howard Schmidt, Eugene Schultz


**********************************************************************

Distributed Denial of Service Articles:
15 February 2000 Web Security Summit to Convene Today
15 February 2000 Federal Investigators Narrowing Search
15 February 2000 Conspiracy Theories
14 February 2000 Banks Had Warning of Attacks
14 February 2000 DDoS Tool Author Says He'll Speak with FBI
9-12 February 2000 Hacker Community Disparages DDoS Perpetrators
11 February 2000 FBI Posts Software to Detect DDoS Slave Programs
11 February 2000 Vulnerable Computers Made DDoS Possible
11 February 2000 California Computer Used in Attack
10 February 2000 Internet Insurance
10 February 2000 E-Mail Claims Responsibility for Attacks
10 February 2000 Defending Against DDoS Attacks
10 February 2000 Government Checking Systems for Attack Agents
9 February 2000 Distributed Denial of Service Attacks: Q & A
9 February 2000 Reno Committed to Tracking Down Perpetrators
8 February 2000 Yahoo E-Mail Bug

Other Security Articles:
15 February 2000 RSA Web Site Compromised
15 February 2000 PKI at DOD a Problem of Scale
15 February 2000 DoubleClick Addresses Privacy Concerns
14 February 2000 Fighting Computer Crime
11 February 2000 RealNames' Database Cracked
11 February 2000 Melissa Resurfaces
11 February 2000 Privacy Legislation Introduced
10 February 2000 UK Surveillance Bill Introduced, Criticized
10 February 2000 EU Cyber Crime Fighting Plan to be Drafted
10 February 2000 Windows 2000 Has New Anti Piracy Measures

********* This week's sponsor: Network-1 Security Solutions **********

Network-1 Security Solutions - Embedded NT Firewalls

Now you can stop denial of service attacks against your critical NT
servers. CyberwallPLUS-SV is the industry's first embedded firewall
for NT servers. It allows you to protect your valuable NT servers from
unwanted access and intrusion by Internet, Intranet and Extranet users.

Visit http://www.network-1.com/eval/eval6992.htm and get your free
CyberwallPLUS evaluation kit.

**********************************************************************

-- 15 February 2000 Web Security Summit to Convene Today
President Clinton has called together a group of technology executives,
academics, and other concerned parties to address the issue of protecting
the web from attacks. http://www.msnbc.com/news/370314.asp Editors
Note: The meeting occurred and SANS was invited. For a recap:
http://www.sans.org/pres.htm

-- 15 February 2000 Federal Investigators Narrowing Search
Federal agents are getting ready to question three suspects in the rash
of distributed denial of service (DDoS) attacks.
http://dailynews.yahoo.com/h/nm/20000215/ts/tech_hackers_31.html
http://www.washingtonpost.com/wp-dyn/business/A51397-2000Feb14.html
http://www.wired.com/news/business/0,1367,34341,00.html

-- 15 February 2000 Conspiracy Theories
Suspicions that the government may be responsible for the recent barrage
of distributed denial of service attacks are circulating on the Internet.
Some suggest that the attacks are the result of a classified exercise,
and others propose that they provided a "smoke screen" for the government
to place surveillance programs on computers. Still others wonder if
the attacks were staged to increase concern about computer security.
http://www.fcw.com/fcw/articles/2000/0214/web-conspiracy-02-15-00.asp
http://www.wired.com/news/print/0,1294,34285,00.html Editors Note: Most
people who have a clue disagree with these theories.

-- 14 February 2000 Banks Had Warning of Attacks
Computer experts at banks and other financial institutions received
warnings about the recent DDoS attacks, but due to rules mandated by
their security network, they were unable to share that information with
law enforcement agencies. http://www.msnbc.com/news/370221.asp

-- 14 February 2000 DDoS Tool Author Says He'll Speak with FBI
A white-hat hacker who uses the moniker "Mixter" and who authored Tribe
Flood Network (TFN), a distributed denial of service (DDoS) attack tool
program said in an interview on ZDNet that he wants to talk with the
FBI because he wants the perpetrator of the attacks caught. Mixter said
he wrote the program to demonstrate weaknesses in the Internet, and that
when he posted the program, he was operating under the concept of "full
disclosure." (The MSNBC article has the text of the ZDNet interview).
http://www.zdnet.com/zdnn/stories/news/0,4586,2437637,00.html
http://www.msnbc.com/news/370058.asp

-- 9 - 12 February 2000 Hacker Community Disparages DDoS Perpetrators
The hacker community has been quite vocal in its disdain for those
responsible for the recent burst of distributed denial of service attacks
(DDoS). While such attacks do not require "technical prowess", there
is evidence to suggest that the person or group responsible for the
attack on Yahoo used more sophisticated technologies that specifically
targeted the site's vulnerabilities.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_640000/640527.stm
http://www.usatoday.com/life/cyber/tech/cth337.htm
http://www.usatoday.com/life/cyber/tech/cth328.htm
http://www.wired.com/news/print/0,1294,34228,00.html

-- 11 February 2000 FBI Posts Software to Detect DDoS Slave Programs
The FBI's National Infrastructure Protection Center (NIPC) has posted
software that can detect the surreptitiously placed programs which act
as slaves in distributed denial of service attacks (DDoS), but few people
have downloaded the tool. Those who have downloaded the software have
been asked to alert the FBI if the suspected programs are found on their
computers. http://news.cnet.com/category/0-1003-200-1547115.html
http://www.computerworld.com/home/print.nsf/all/000211E9BE
http://www.fcw.com/fcw/articles/2000/0214/web-fbi-02-14-00.asp Editor's
Note (Paller): This software was actually released in December after
many of the subscribers of this newsletter helped the FBI test it. More
than 4,000 downloads were made shortly after CERT and SANS announced
the program's availability, and many dozens of organizations found that
their systems were infected. A significant number reported those
discoveries to SANS, but they expressed reluctance to report them to
the FBI. On February 15, SANS posted a related document on what to do
if you find your system are infected: http://www.sans.org/y2k/DDoS.htm

-- 11 February 2000 Vulnerable Computers Made DDoS Possible
The first computers attacked of the distributed denial of service (DDoS)
attacks weren't the major sites, but the computers surreptitiously
enlisted to carry out the barrage of traffic sent to the sites. The
computers vulnerable to manipulation share several characteristics: they
are always connected to the Internet, they have high bandwidth access,
and belong to people or institutions whose primary concern is not
security. http://www.computerworld.com/home/print.nsf/all/000211E9AE

-- 11 February 2000 California Computer Used in Attack
Network administrators at the University of California at Santa Barbara
said that one of their computers was used in the attack on CNN's web
site. The cracker who manipulated the computer did not destroy all the
monitoring logs. http://www.wired.com/news/print/0,1294,34305,00.html
http://www.usatoday.com/life/cyber/tech/cth346.htm
http://news.cnet.com/category/0-1005-200-1548087.html
http://www.zdnet.com/zdnn/stories/news/0,4586,2437045,00.html

-- 10 February 2000 Internet Insurance
Requests for information about Internet insurance coverage have escalated
in the wake of the recent distributed denial of service attacks. The
majority of losses due to cracking are not covered by traditional
insurance. http://www.usatoday.com/life/cyber/tech/cth331.htm
http://www.wired.com/news/print/0,1294,34229,00.html

-- 10 February 2000 E-Mail Claims Responsibility for Attacks
Attrition.org received an e-mail claiming responsibility for the recent
distributed denial of service (DDoS) attacks. The author also claimed
that the intent of the attacks was to scare Internet stockholders, and
that each attacked site had an insider who helped the attack along.
While DDoS attacks do not require the help of insiders, the claim is
being investigated. http://www.wired.com/news/print/0,1294,34256,00.html

-- 10 February 2000 Defending Against DDoS Attacks
The best defense against distributed denial of service (DDoS) attacks
is to prevent the slave programs from being installed on your computer.
Another wise move would be to install filters that refuse to send packets
to improper addresses.
http://www.wired.com/news/print/0,1294,34230,00.html

-- 10 February 2000 Government Checking Systems for Attack Agents
The federal government is checking its computers to make sure they do
not contain agents used to overwhelm web sites with traffic. Several
free security products that will scan for such programs are available
for downloading.
http://www.fcw.com/fcw/articles/2000/0207/web-servers-02-10-00.asp
http://news.bbc.co.uk/hi/english/business/newsid_638000/638445.stm

-- 9 February 2000 Distributed Denial of Service Attacks: Q & A
Two articles that do a good job of describing how the attacks work, and
what can be done to mitigate their effects.
http://news.cnet.com/category/0-1007-200-1546362.html
http://www.usatoday.com/life/cyber/tech/cth317.htm

-- 9 February 2000 Reno Committed to Tracking Down Perpetrators
Attorney general Janet Reno is committed to combating "Internet
vandalism." No motive for the recent attacks has been uncovered.
Perpetrators outside the US can be prosecuted if they used US computers
to carry out their attacks.
http://news.cnet.com/category/0-1005-200-1546086.html

-- 8 February 2000 Yahoo E-Mail Bug
In the midst of recovering from a massive distributed denial of service
attack, Yahoo inadvertently introduced an e-mail bug which sent some
messages without their headers, and others without their headers or
their bodies. http://news.cnet.com/category/0-1005-200-1545407.html

-- 15 February 2000 RSA Web Site Compromised
People trying to get to www.rsa.com were instead led to a rogue page
hosted by a server in Colombia. RSA's computers were not compromised.
Two crackers have claimed responsibility.
http://www.currents.net/newstoday/00/02/15/news2.html Editor's Note
(Murray): The compromised site, rsa.com, is not the current site name
for RSA Security; the new site name is rsasecurity.com.

-- 15 February 2000 PKI at DOD a Problem of Scale
Using Public Key Infrastructure (PKI) to protect Defense Department
(DOD) information systems would require an "enormous" undertaking to
provide the more than a million users with digital certificates, according
to the National Security Agency (NSA).
http://www.fcw.com/fcw/articles/2000/0214/web-nsa-02-15-00.asp

-- 15 February 2000 DoubleClick Addresses Privacy Concerns
DoubleClick, the focus of much debate about consumer privacy, has set
up a web site from which consumers can opt-out of having their on-line
data collected, and which offers links to privacy advocacy sites.
DoubleClick's president maintains that the purpose of advertisements is
to keep the cost of the Internet down. Privacy advocates call the plan
"disingenuous". http://www.currents.net/newstoday/00/02/15/news5.html

-- 14 February 2000 Fighting Computer Crime
The Justice Department's chief prosecutor of computer crimes says the
public expects a balance between security and ease of access.
http://www.usatoday.com/life/cyber/tech/cth353.htm

-- 11 February 2000 RealNames' Database Cracked
A cracker broke into RealNames' keyword database and redirected all
searches to a web site in China. Credit card numbers and passwords
could have been stolen, and RealNames has asked its customers to change
their passwords. http://www.wired.com/news/print/0,1294,34295,00.html
http://www.computerworld.com/home/print.nsf/all/000211E9C2
http://news.cnet.com/category/0-1005-200-1547688.html

-- 11 February 2000 Melissa Resurfaces
Washington state's Snohomosh County government's e-mail system was hit
with the Melissa worm. The system was shut down while the servers were
cleaned up. http://www.usatoday.com/life/cyber/tech/cth335.htm

-- 11 February 2000 Privacy Legislation Introduced
Recent Internet privacy violations have fueled privacy advocates' hopes
for legislation restricting the on-line gathering of personal consumer
data, and recently introduced legislation would prevent sites from
collecting personal data without the customer's express permission.
The legislation focuses on "cookies," or data strings stored on computers
and used to identify visitors to sites. Opponents say improving
advertising is necessary to keep the Internet free.
http://news.cnet.com/category/0-1005-200-1547443.html
http://www.usatoday.com/life/cyber/tech/cth319.htm

-- 10 February 2000 UK Surveillance Bill Introduced, Criticized
The UK's Regulation of Investigatory Powers Bill declares that law
enforcement officials should have the power to demand encryption keys
or plaintext versions of computer files. Those who fail to comply would
be faced with jail time. Critics of the measure say that people could
be jailed for losing their encryption keys. The bill does require that
law enforcement have "reasonable grounds" to demand keys.
http://news.bbc.co.uk/hi/english/sci/tech/newsid_638000/638041.stm

-- 10 February 2000 EU Cyber Crime Fighting Plan to be Drafted
The European Commission intends to step up development of its cyber
crime fighting plan. Representatives will meet in March to draft a
policy document. Provisions likely to be included are law enforcement
training in cyber crime prevention, and cooperation across borders within
the European Union. http://news.cnet.com/category/0-1007-200-1546938.html

-- 10 February 2000 Windows 2000 Has New Anti Piracy Measures
Windows 2000 Professional will ship soon with increased anti-piracy
protection, including a measure that requires users to register the
software within the first fifty times it is used. If the software is
not registered by then, it will stop working. Registrants will receive
a code to disable the alert message.
http://www.computerworld.com/home/print.nsf/all/000210E832

******* Also Sponsored by VeriSign - The Internet Trust Company ******

Running multiple servers in your organization? Securing all of them can
quickly become complicated. Learn how to simplify security administration
through a single point of management. Request your FREE copy of VeriSign's
"Guide to Securing Intranet and Extranet Servers" now at:
http://www.verisign.com/cgi-bin/go.cgi?a=n018305080151000

== End ==

Please feel free to share this with interested parties via email (not
on bulletin boards). For a free subscription, e-mail sans@sans.org
with the subject: Subscribe NewsBites

Email with complete instructions and your SD number
(from the headers) for subscribe, unsubscribe, change address, add
other digests, or any other comments.

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Encryption goof fixed in TorrentLocker file-locking malware
Qubes: The Open Source OS Built for Security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.