Hello:
I try to summarize about what is going on. Please let me know if
I miss something. I will put this later into http://ittf.vlsm.org
========================================================================
Clue alert... the recent attacks were not TCP SYN Floods (Warfield).
- Place to discuss: NANOG (The North American Network Operators' Group)
Milis: http://www.nanog.org/mailinglist.html
- RFCs
2267 Network Ingress Filtering: Defeating Denial of Service
Attacks which employ IP Source Address Spoofing
http://www.ietf.org/rfc/rfc2267.txt
"There is no assumption implied that RFC2267 filtering
is needed -- it is required. What good is it if one or
two or 300 people do it, and another 157,000 do not?
(Ferguson)"
"... while there are certainly clueless ISPs out there,
I suspect that on the average they're more clueful
about the net than the typical end site (Bellovin)."
2350 Expectations for Computer Security Incident Response
http://www.ietf.org/rfc/rfc2350.txt
2502 Limitations of Internet Protocol Suite for Distributed
Simulation in the Large Multicast Environment
http://www.ietf.org/rfc/rfc2502.txt
2644 Changing the Default for Directed Broadcasts in Routers
http://www.ietf.org/rfc/rfc2644.txt
- Further references:
http://xforce.iss.net/alerts/advise40.php3
http://www.cert.org/advisories/CA-2000-01.html
- Analysis of TFN (Tribe Flood Network):
http://staff.washington.edu/dittrich/misc/tfn.analysis
http://staff.washington.edu/dittrich/misc/trinoo.analysis
http://staff.washington.edu/dittrich/misc/stacheldraht.analysis
- Craig Huegen's on minimizing the effects of DoS attacks:
http://users.quadrunner.com/chuegen/smurf.cgi
- Distributed Denial of Service (DDoS) News Flash,
http://www.cisco.com/warp/public/707/newsflash.html
- Dave Dittrich's analysis of the recent DDoS attack tools.
http://www.washington.edu/People/dad/
- NIPC (National Infrstructure Protection Center),
TRINOO/Tribal Flood Net/tfn2k stuff:
http://www.fbi.gov/nipc/trinoo.htm
- Handling A Distributed Denial of Service Trojan Infection:
Step-by-Step.
http://www.sans.org/y2k/DDoS.htm
- Internet Security Advisories
http://www.cisco.com/warp/public/707/advisory.html
http://www.cisco.com/warp/public/707/22.html
http://www.cisco.com/warp/public/707/sec_incident_response.shtml
http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip
- Know your enemy: Script Kiddies
http://www.enteract.com/~lspitz/enemy.html
- Flow Logs and Intrusion Detection at the Ohio State University
http://www.usenix.org/publications/login/1999-9/osu.html
- Achtung LAWyers!
http://www.techweb.com/wire/story/TWB20000211S0014
- The size of the internet: 72,000,000 domains/hosts.
http://www.isc.org/ds/
- Sources (tararengkyu ka):
Steve Bellovin
Paul Ferguson
Valdis Kletnieks
April Marine
Michael H. Warfield
tabe,
--
- Rahmat M. Samik-Ibrahim -- VLSM-TJT -- http://rms46.vlsm.org/ -
- Always select ShutDown from the StartMenu - M$Windows after crash