I know this is off topic for a SuSE mailer, but this is a real PITA especially to the victims (i.e., the website owners and users of the internet). All help is appreciated. Kev -----Original Message----- From: The SANS Institute [mailto:sans@sans.org] Sent: 29 March 2000 08:23 To: Kevin Jackson Subject: SANS Flash: Urgent Request For Help In Stopping DOS Attacks To: Kevin Jackson (SD420772) From: Alan Paller, Research Director, The SANS Institute This is an urgent request for your cooperation to slow down the wave of denial of service attacks? As you may know, denial of service (DOS) attacks are virulent and still very dangerous. These are the attacks responsible for the many outages reported recently in the press and others that have been kept more secret. DOS attacks are a source of opportunities for extortion and a potential vehicle for nation-states or anyone else to cause outages in the computer systems used by business, government, and academia. DOS attacks, in a nutshell, comprise a world-wide scourge that has already been unleashed and continues to grow in sophistication and intensity. One effective defense for these attacks is widely available and is neither expensive nor difficult to implement, but requires Internet-wide action; that's why we're writing this note to request your cooperation. The defense involves straightforward settings on routers that stop key aspects of these attacks and, in doing that, reduce their threat substantially. These settings will not protect you from being attacked, but rather will stop any of the computers in your site from being used anonymously in attacking others. In other words, these settings help protect your systems from being unwitting assistants in DOS attacks, by eliminating the anonymity upon which such attacks rely. If everyone disables the vehicles for anonymity in these attacks, the attacks will be mitigated or may cease entirely for large parts of the net. The simple steps can be found at the SANS website at the URL http://www.sans.org/dosstep/index.htm and will keep your site from contributing to the DOS threat. Tools will soon be publicly posted to determine which organizations have and have not protected their users and which ones have systems that still can be used as a threat to the rest of the community. More than 100 organizations in the SANS community have tested the guidelines, which were drafted by Mark Krause of UUNET with help from security experts at most of the other major ISPs and at the MITRE organization. The testing has improved them enormously. (A huge thank-you goes to the people who did the testing.) We hope you, too, will implement these guidelines and reduce the global threat of DOS attacks. We also urge you to ask your business partners and universities and schools with which you work to implement these defenses. And if you use a cable modem or DSL connection, please urge your service provider to protect you as well. As in all SANS projects, this is a community-wide initiative. If you can add to the guidelines to cover additional routers and systems, we welcome your participation. Alan Alan Paller Director of Research SANS Director of Research sansro@sans.org 301-951-0102 -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/