Folks: This message was circulated by Jay Garden, who have a talk last week to the GOVIS security forum (inaugural meeting in fact) on the recent spate of DOS attacks. I pass it on for your interest, information and possible action. Frank March Specialist Advisor, IT Policy Group Ministry of Economic Development, PO Box 1473, Wellington, NZ Ph: (+64 4) 474 2908; Fax: (+64 4) 471 2658
-----Original Message----- From: Jay Garden (GCSB) [SMTP:jay(a)gcsb.govt.nz] Sent: Friday, 31 March 2000 11:21 To: GOVIS Security Forum Subject: Fw: SANS Flash: Urgent Request For Help In Stopping DOS Attacks
Please action as you see fit. Cheers, Jay.
To: Jay Garden (SD070339) Sent: Wednesday, March 29, 2000 6:37 PM From: Alan Paller, Research Director, The SANS Institute
This is an urgent request for your cooperation to slow down the wave of denial of service attacks?
As you may know, denial of service (DOS) attacks are virulent and still very dangerous. These are the attacks responsible for the many outages reported recently in the press and others that have been kept more secret. DOS attacks are a source of opportunities for extortion and a potential vehicle for nation-states or anyone else to cause outages in the computer systems used by business, government, and academia. DOS attacks, in a nutshell, comprise a world-wide scourge that has already been unleashed and continues to grow in sophistication and intensity.
One effective defense for these attacks is widely available and is neither expensive nor difficult to implement, but requires Internet-wide action; that's why we're writing this note to request your cooperation.
The defense involves straightforward settings on routers that stop key aspects of these attacks and, in doing that, reduce their threat substantially. These settings will not protect you from being attacked, but rather will stop any of the computers in your site from being used anonymously in attacking others. In other words, these settings help protect your systems from being unwitting assistants in DOS attacks, by eliminating the anonymity upon which such attacks rely. If everyone disables the vehicles for anonymity in these attacks, the attacks will be mitigated or may cease entirely for large parts of the net.
The simple steps can be found at the SANS website at the URL http://www.sans.org/dosstep/index.htm and will keep your site from contributing to the DOS threat. Tools will soon be publicly posted to determine which organizations have and have not protected their users and which ones have systems that still can be used as a threat to the rest of the community.
More than 100 organizations in the SANS community have tested the guidelines, which were drafted by Mark Krause of UUNET with help from security experts at most of the other major ISPs and at the MITRE organization. The testing has improved them enormously. (A huge thank-you goes to the people who did the testing.)
We hope you, too, will implement these guidelines and reduce the global threat of DOS attacks.
We also urge you to ask your business partners and universities and schools with which you work to implement these defenses. And if you use a cable modem or DSL connection, please urge your service provider to protect you as well.
As in all SANS projects, this is a community-wide initiative. If you can add to the guidelines to cover additional routers and systems, we welcome your participation.
Alan
Alan Paller Director of Research SANS Director of Research sansro(a)sans.org 301-951-0102
To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog