Denial of Service (DoS) Attack Resources

Last updated: 17 July 2000  05:30  EDT
Contact info:  ferguson@employees.org or dts@senie.com


Used by permission. Kevin Siers, North Carolina -- Editorial cartoons from the Charlotte Observer - Visit Kevin's archices.




Law Enforcement Contacts:

NIPC (National Infrstructure Protection Center)
http://www.nipc.gov/

NIPC: TRINOO/Tribal Flood Net (TFN)/tfn2k stuff
http://www.fbi.gov/nipc/trinoo.htm

U.S. Department of Justice, Computer Crime and Intellectual Property  Section (CCIPS)
http://www.cybercrime.gov/
 

Technical Information:

CERTŪ (Computer Emergency Response Team at CMU)
http://www.cert.org/

Cisco Systems: Distributed Denial of Service (DDoS) News Flash, February 9, 2000
http://www.cisco.com/warp/public/707/newsflash.html

Cisco Systems: Internet Security Advisories
http://www.cisco.com/warp/public/707/advisory.html

Cisco Systems: Characterizing and Tracing Packet Floods Using Cisco Routers
http://www.cisco.com/warp/public/707/22.html

Cisco Systems Product Security Incident Response (PSIRT)
http://www.cisco.com/warp/public/707/sec_incident_response.shtml

Cisco Systems: "Essential IOS" - Features Every ISP Should Consider
http://www.cisco.com/public/cons/isp/documents/IOSEssentialsPDF.zip

Cisco Flow Logs and Intrusion Detection at the Ohio State University
http://www.usenix.org/publications/login/1999-9/osu.html

Craig Huegen's very useful web page on minimizing the effects of DoS attacks:
http://users.quadrunner.com/chuegen/smurf.cgi

Dave Dittrich's (University of Washington) analysis of the recent DDoS attack tools
http://www.washington.edu/People/dad/

"Documenting Special Use IPv4 Address Blocks that have been registered with IANA",
draft-manning-dsua-08.txt, Bill Manning, 1 May 2000.

DoD CERT Online
http://www.assist.mil/

Federal Computer Incident Response Capability (FedCIRC)
http://www.fedcirc.gov/

ICSA.net (International Computer Security Association)
http://www.icsa.net/

JMU WinTrin00 report
http://www.jmu.edu/info-security/engineering/issues/wintrino.htm

Know your enemy: Script Kiddies
http://www.enteract.com/~lspitz/enemy.html

Mitre's Cyber Resource Centre
http://www.mitre.org/research/cyber/

netscan.org
http://www.netscan.org/

Network World Fusion Research: Denial of Service attack resources
http://www.nwfusion.com/research/dos.html

Packet Storm
http://packetstorm.securify.com/

Smurf Amplifier Registry (SAR)
http://www.powertech.no/smurf/

RFC1918: "Address Allocation for Private Internets", Y. Rekhter, B. Moskowitz,
D. Karrenberg, G. J. de Groot, E. Lear, February 1996.
http://www.ietf.org/rfc/rfc1918.txt

RFC1948: "Defending Against Sequence Number Attacks", S. Bellovin, May 1996.
http://www.ietf.org/rfc/rfc1948.txt

RFC2196: "Site Security Handbook", B. Fraser, September 1997.
http://www.ietf.org/rfc/rfc2196.txt
 

RFC2350 (BCP21): "Expectations for Computer Security Incident Response", N. Brownlee,
E. Guttman, June 1998.
http://www.ietf.org/rfc/rfc2350.txt

RFC2644 (BCP34): "Changing the Default for Directed Broadcasts in Routers",
D. Senie, August 1999.
http://www.ietf.org/rfc/rfc2644.txt

RFC2827 (BCP38): "Network Ingress Filtering: Defeating Denial of Service Attacks which
employ IP Source Address Spoofing", P. Ferguson, D. Senie, May 2000.
(Obsoletes RFC 2267)
http://www.ietf.org/rfc/rfc2827.txt

The SANS Institute: "Handling A Distributed Denial of Service Trojan Infection: Step-by-Step."
http://www.sans.org/y2k/DDoS.htm

"Security Expectations for Internet Service Providers", draft-ietf-grip-isp-expectations-03.txt,
T. Killalea, February 2000.
http://www.ietf.org/internet-drafts/draft-ietf-grip-isp-expectations-03.txt

"Security Checklist for Internet Service Provider (ISP) Consumers", draft-ietf-grip-user-02.txt,
T. Hansen, June 1999.
http://www.ietf.org/internet-drafts/draft-ietf-grip-user-02.txt

"Site Security Handbook Addendum for ISP's", draft-ietf-grip-ssh-add-00.txt, T. Debeaupuis,
August 1999.
http://www.ietf.org/internet-drafts/draft-ietf-grip-ssh-add-00.txt

SecurityFocus.com
http://www.securityfocus.com/
 
 

Pertinent mailing lists:

The North American Network Operators Group
http://www.nanog.org/mailinglist.html

Cisco NSP (Network Service Provider) list, hosted by Nether.Net
To subscribe to this list, send a message to cisco-nsp-request@puck.nether.net, with "subscribe"
in the message body.

Cisco User's Mailing List, a.k.a. "Cisco@Spot"
The Cisco mailing list is maintained by David Wood of the University of Colorado.
To subscribe to this list, send your request to  cisco-request@spot.colorado.edu, with
"subscribe" in the message body. Searchable archives of this mailing list can be found
at http://www.nexial.com/mailinglists/

The CERTŪ Advisory Mailing List
http://www.cert.org/contact_cert/certmaillist.html

The Firewalls Digest mailing list
http://lists.gnac.net/firewalls/
Originally hosted for many years by Great Circle  Associates, it is now hosted by Global Networking and
Computing. Searchable archives of this mailing list can also be found at http://www.nexial.com/mailinglists/

BUGTRAQ
To subscribe to this list, send your request to listserv@lists.securityfocus.com,  with "subscribe bugtraq" in
the message body.
 
 
 



 
Questions or comments on this page: ferguson@employees.org or dts@senie.com