Are government servers responsible for DOS attacks?

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Are government servers responsible for DOS attacks? BY Diane Frank 02/10/2000 - 15:00 EST MORE INFO

Denial-of-service attacks are when a system is rendered unusable for legitimate users because a resource is "hogged," damaged or destroyed. Denial-of-service attacks may be caused deliberately or accidentally.

Three common forms of network denial-of-service attacks are service overloading, message flooding and signal grounding. Although they are difficult to prevent, many denial-of-service attacks can be hindered by restricting access to critical accounts, resources and files.

(From the National Institute of Standards and Technology's Computer Security Resource Clearinghouse)

Network Associates CyberCop Zombie scan

Carnegie Mellon University CERT advisories

Network Associates Inc. Thursday released two updates to its information security products free of charge that will detect and remove the underlying vulnerability behind this week's cyberattacks on commercial Internet sites, a vulnerability that possibly turned federal agencies into launching points for the attacks.

A security gap in Solaris and Linux-based servers that allows hackers to place malicious code on a server without the administrator's knowledge is responsible for the series of denial-of-service attacks this week against the Yahoo, eBay, ETrade and Buy.com World Wide Web sites. The attacking code, in the form of an agent, is placed on many machines, which then send multiple requests to the victim's server, essentially flooding the system and forcing administrators to shut it down.

While federal sites have not yet been attacked in such a manner, many officials are concerned that agency systems are unwittingly hosting these agents and are therefore participating in the attack. The FBI, Commerce Department and the Federal Computer Incident Response Capability are working with agencies to determine whether their systems are hosting the agents, and the FBI's National Infrastructure Protection Center has posted a tool that agencies can download and run on their systems to detect the code.

Following the first attacks earlier this week, Network Associates started working on updates to its VirusScan and CyberCop products and services, said Peter Watkins, president and chief executive officer of Network Associates. The company is now offering all of these updates, including a free one-time scan and report, for download through their Web site.

The CyberCop Zombie scan is an extension of the Network Associates' new myCIO.com managed security services offerings. Although now part of the CyberCop ASaP vulnerability scanning service, users can perform a free, one-time CyberCop Zombie scan that will check a system for the agent and the vulnerability. If anything is found, it will be reported back to the system administrator via e-mail, along with the method to remove the agent and the patch to fix the vulnerability, said Zach Nelson, CEO of myCIO.com.

Network Associates has also added the scan for this vulnerability to its VirusScan product, which can be downloaded as an update and will run along with the rest of the checks whenever a scan is scheduled.

http://www.fcw.com/fcw/articles/2000/0207/web-servers-02-10-00.asp

-- Martin Thompson (mthom1927@aol.com), February 11, 2000

Answers

(Check this out - "Attack programs have been found on some government computers, although investigators could not say whether any government computers were used in this week's attacks...." Remember the hoopla when Americans and Congress were upset because Y2k conversion tasks were being performed by some people who didn't have appropriate security clearances? Just a thought!)

Feds Look For Damaged PCs in Denial-of-Service Attacks

February 9, 2000

By William Jackson, Government Computer News

Federal chief information officers and systems administrators are on the alert for compromised computers that could be used as staging grounds for distributed denial-of-service attacks, which hit several prominent Internet commerce sites this week.

The General Services Administration's Office of Information Security alerted agencies shortly before Attorney General Janet Reno today announced an FBI investigation of the attacks. Attack programs have been found on some government computers, although investigators could not say whether any government computers were used in this week's attacks.

The distributed denial-of-service attacks use as many as thousands of compromised third-party computers on which a hacker has installed programs to flood a single target site with messages, making it unavailable for legitimate use [GCN, Jan. 10, Page 3].

Ron Dick, chief of computer investigations and operations at the FBI's National Infrastructure Protection Center, said attack programs began to show up on compromised computers last year during year 2000 preparations.

Government officials and security experts said the key to defending against the attacks is to prevent intruders from installing malicious programs on unsecured computers. Two software tools for searching out the attack programs on networks and on individual hosts are downloadable from and from the University of Washington site, at .

Reported by Government Computer News, http://www.washtech.com/news/govtit/276-1.html

``````````

Posted at: The Washington Post, Washington D.C.

http://www.washtech.com/news/govtit/276-1.html

-- Lee Maloney (leemaloney@hotmail.com), February 11, 2000.


Moderation questions? read the FAQ