NIPC warns against increased DDoS attacks

There is a high probability that the US is being targeted for distributed denial of service attacks by cyberprotestors, according...

There is a high probability that the US is being targeted for distributed denial of service attacks by cyberprotestors, according to a warning issued on 2 November by the FBI's cybersecurity arm.

Denial of service (DoS) attacks are those in which a target computer system is flooded with false requests for information to the point that it is unable to respond to legitimate requests, so it denies them service. Distributed denial of service (DDoS) attacks use multiple computers worldwide to launch their attacks and are harder to combat.

DDoS attacks knocked high-profile sites such as Amazon, Yahoo, and eBay offline over the course of a week in February 2000.

Online protests, both for and against the US, have been frequent since September 11, but have largely been limited to Web site defacements, the NIPC said. Although the DDoS activity that has gone on so far has been minimal, and mostly limited to attacks between protest groups, protestors have indicated that US infrastructure will be a target, the NIPC said. But it also said that businesses and organisations unrelated to the September 11 attacks could be targets.

The NIPC cautioned organisations to "take a defensive posture and remain vigilant". The centre also referred systems administrators to a list of best security practices offered by the government-funded security research body CERT/CC.

One company that tracks DoS and DDoS activity, SecurityFocus, has not seen much evidence that such an attack is imminent. SecurityFocus monitors corporate networks in more than 138 countries to determine and predict attack trends and patterns.

Although SecurityFocus had detected a 3% rise in the rate of communication between master computers that would control DDoS attacks and the systems used to launch the attacks, this is not a significant increase, said Arthur Wong, the company's chief executive. The master computers are ostensibly operated by hackers and would use systems called zombies to launch the attacks.

The cyberprotest groups mentioned by the NIPC have been active, but their activities have so far been small scale, Wong said. "Since September, there hasn't been a lot of significant [attack] traffic," he said. This may signal that people are beginning to be more reluctant to launch frivolous attacks, although at the same time Wong cautioned that this means that "when you do get attacks, they're going to be more serious".

Even if attacks are not an immediate threat, organisations should heed the NIPC's advice and take steps to better secure their systems, Wong said.

Further information
The best security practices from CERT are available at

Read more on Antivirus, firewall and IDS products