Global Incident Analysis Center (malicious net activity-hackattack) : LUSENET : TimeBomb 2000 (Y2000) : One Thread

Threat Level Yellow 02/23/2000

We have been getting reports recently of renewed attacks. GIAC has posted a defensive steps document based on the Consensus Roadmap developed by the Partnership for Critical Infrastructure Security. Since the ddos threat is probably with us for the longhaul we need to take appropriate countermeasures to reduce the impact of the threat. With the communities help we can get control of this problem. Thank you!

-- Stephen Northcutt


Resisting the Effects of Distributed Denial of Service Attacks (V.1)

The recent distributed denial of service attacks and reports have forced GIAC to move to a yellow alert status. The discovery of trinoo like agents on Windows operating systems further increases the risk. This document lists specific steps that GIAC recommends to help us restore a condition green. These steps are based on the roadmap document developed by SANS/CERT and a number of other organizations. As always GIAC is a community effort, we request comments and suggestions on the best way to accomplish these tasks! Please help us help you!

-------------------- Welcome to GIAC, our mission is to provide up-to-date reports of malicious activity on the net submitted by your international community of system administrators and analysts. We welcome detects of intrusions, odd log file entries, encryption failures, or other security related information.

Three gifts SANS gives to the community are the weekly digest of patches and summaries of traces, the monthly Windows NT Digest of new security holes, patches, and other administrative imperatives, and the weekly digest of the 25 top news stories in secret. We'd be happy to send you any or all, just send an email to with one or more of the following in the subject: Network Security Digest, NT Digest, or Newsbites.

-- mush (discovery@shields.up), February 23, 2000


Thank you for this post mush!

-- Dee (, February 23, 2000.

Moderation questions? read the FAQ