Search /
Docfinder:

RESEARCH CENTERS

Applications
Careers
Convergence
Data Center
LANs
Net/Systems Mgmt.
NOSes
Outsourcing
Routers/Switches
Security
Service Providers
Small/Med.Business
Storage
WAN Services
Web/e-commerce
Wireless/Mobile

SITE RESOURCES

Daily News
Newsletters
This Week in NW
Tests/Reviews
Buyer's Guides
Opinion
Forums
Special Issues
How to/Primers
Case Studies
Network Life
Encyclopedia
IT Briefings

TODAY'S NEWS

•	Avaya lays out roadmap for unified software management
•	Sidecar app for iOS, Android seeks to give smartphone voice calls overdue respect
•	Medical firm avoids Exchange nightmare with outside help
•	Cross-browser worm spreads via Facebook, security experts warn
•	Chrome streaks past Internet Explorer to become world's top browser
•	Linux kernel 3.4 released
•	Windows RT management could be a key to success for Windows 8 tablets
•	Windows 8 Update: Windows 8 wows AT&T Mobility
•	Google-Motorola Mobility merger will be done this week
•	Survey: BYOD sparks enterprise investment in Unified Communication and Collaboration
•	Privacy advocates fear CISPA
•	Big cable companies pooling Wi-Fi hotspot resources
•	How to avoid 5 common email management mistakes
•	Android remote access app shootout
•	More breaking news

/

Denial-of-service attacks

By Steve Blass
Network World, 02/21/00

Do I need to worry about the recent Internet distributed denial-of-service (DDOS) attacks being used in my organization's intranet?

The recent denial-of-service attacks are thought to be based on three software packages - TFN, Trin00 and Stacheldraht, which use "zombie modules" installed on servers to launch attacks against a single site.

For your intranet, you should be worried about two things - protecting your net from DDOS attacks, and protecting your servers from being used against other sites. Protecting your net requires intrusion-detection capabilities and active traffic control. Protecting your servers requires sound system security and active monitoring. While the majority of these attack tools run on Solaris and Linux systems, some run under other Unix operating systems and Windows platforms.

Review the CERT advisory at www.cert.org/advisories/CA-2000-01.html to understand how to deal with the threat. Information is also available at www.fbi.gov/nipc/welcome.htm, http://staff.washington.edu/dittrich/misc/stacheldraht.analysis, and http://xforce.iss.net/alerts/advise40.php3. You can find software for scanning servers for TFN, Trin00 and Stacheldraht at www.fbi.gov/nipc/trinoo.htm. A Perl script called "gag" that detects Stacheldraht attacks is available at the washington.edu link mentioned above. Also, Sun has patches for holes exploited by hackers installing zombies at www.sunsolve.com.

RELATED LINKS

As a network architect at Change at Work in Houston, Blass understands the strain of developing and managing networks. Send your problems to dr.internet@changeatwork.com

Ask Dr. Internet archive
Past columns.

NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!

New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE

Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.