Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Hey, looks like MS got .NET to work!!

Hey, looks like MS got .NET to work!!

From: <dgoulet_at_vicr.com>
Date: Tue, 08 May 2001 07:35:18 -0700
Message-ID: <F001.002FC0EE.20010508071724@fatcity.com> 









Whitehouse.gov was laid low by distributed-denial-of-service 
attacks over the weekend. The FBI's National Infrastructure 
Protection Center issued a warning Saturday stating that there 
are ongoing attempts to disrupt Web access to several sites. It 
is not known if the attacks are related to threats by Chinese 
hackers to disrupt U.S. sites.



The advisory states that the attackers are sending large, 
fragmented User Datagram Protocol (UDP) packets directed at port 
80. This technique reportedly is intended to circumvent standard 
port- and protocol-blocking techniques. 



The FBI is advising administrators to check firewall logs to see 
if they're receiving fragmented UDP packets aimed at port 80. If 
so, the network may be under attack. Outbound packets of the same 
nature may indicate that the network has been infected with DDOS 
tools known as zombies and is being used as a launch pad for 
these attacks against other systems.



The FBI has published a tool called Find DDOS to help 
administrators determine if systems have been infected by a DDOS 
agent. The tool is available at 


www.nipc.gov/warnings/advisories/2000/00-55.htm . 
    


Jim Magdych, a security research manager at Network Associates 
Inc., says, "Configuring routers and firewalls to limit certain 
types of traffic--both incoming and outgoing--can help. 
Rate-limiting can be employed to drop excess packets at the 
network perimeter." Restricting outbound traffic can help prevent 
a network from being used to attack others, or at least provide a 
good indication of when it is occurring. Says Magdych, "You 
should contact your ISP immediately to report an attack in 
progress." - George V. Hulme



For more information on this topic, read
Anti-U.S. Hacking Escalates


http://update.informationweek.com/cgi-bin4/flo?y=eDeG0BdFGA0V20Nir0Aq



-- 



Please see the official ORACLE-L FAQ: http://www.orafaq.com


-- 



Author: 


  INET: dgoulet_at_vicr.com


Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------


To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Tue May 08 2001 - 09:35:18 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US