-Caveat Lector- <A HREF="http://www.ctrl.org/"> </A> -Cui Bono?- ========== ANSIR EMAIL National Infrastructure Protection Center (NIPC) Information Systems Alert 00-034. This Awareness of National Security Issues and Response (ANSIR) communication is intended for corporate security professionals and others who have requested to receive unclassified national security advisories. This communication is not a press release and should not be furnished to those who are not direct recipients of ANSIR Program disseminations or republished in any public format without the authorization of the FBI. Media requests should be directed to the local FBI field office media representative. The NIPC is a Department of Justice (DOJ) and Federal Bureau of Investigation (FBI) initiative to deter, detect and respond to unlawful acts involving computer intrusions and to other cyber and physical threats that could adversely impact the critical infrastructures of the United States. With interagency and private sector participation, the NIPC joins, leverages and supports the jurisdictions, expertise and resources of the FBI, DOJ and the United States Attorney offices throughout the nation and the capabilities and resources provided by other federal government agencies, state and local governments, and the private sector, in order to fulfill its mission. NIPC Alert 00-034 and re-issue of National Infrastructure Protection Center Information System Alert NIPC Alert 99-029 originally issued 12/6/99; Unclassified Beginning on 7 February 2000, a number of high-profile Denial of Service (DOS) attacks temporarily disabled significant electronic commerce Internet web sites. These cyber attacks targeted companies sites like Yahoo.com, Amazon.com, CNN.com, Buy.com, Ebay.com, Stamps.com, Exodus.com, E-trade.com, and Zdnet.com; reported victims have apparently recovered from the attacks within a few hours. Public reporting cites coordinated, Distributed Denial of Service (DDOS) attacks originating from multiple points on the Internet. The FBI is now investigating a number of these attacks; in view of these events the NIPC is re-issuing its original alert describing the DDOS exploit. Additional information can also be found on the NIPC web page at www.nipc.gov and at the Carnegie Mellon Computer Emergency Response Team Coordination Center (CERT/CC) web page at www.cert.org. Beginning in the fall of 1999, the FBI/NIPC became aware of several instances where intruders installed DDOS tools on various computer systems to create large host networks capable of launching significant coordinated packet flooding denial of service attacks. Installation was accomplished primarily through compromises exploiting known Sun RPC vulnerabilities. These multiple denial of service tools include Trin00, Tribe Flood Network (or TFN, TFN2k, and Stacheldraht,) and were reported on different civilian, university and U.S. Government systems. The FBI continues investigation of many of these incidents, and was and is highly concerned about the scale and significance of these incidents, for the following reasons: A.) Many of the targets are universities or other sites with high bandwidth Internet connections, representing a possibly significant threat to Internet traffic. B.) The known cases involve real and substantial financial loss. C) The activity ties back to significant numbers and locations of domestic and overseas Internet Protocol (IP) addresses. D) The technical vulnerabilities used to install these denial of service tools are widespread, well-known and readily accessible on most networked systems throughout the Internet. E) The tools appear to be undergoing active development, testing and deployment on the Internet. F) The activity often stops once system owners start filtering for Trinoo/TFN and related activity. Possible motives for this malicious activity range from exploit demonstration, to exploration or reconnaissance, to preparation for widespread denial of service attacks. NIPC was concerned that these tools could have been prepared for employment during the Y2K period, and remains concerned this activity could continue targeting other significant commercial, government or national sites. NIPC requests that all computer network owners and organizations rapidly examine their systems for evidence of these distributed denial of service tools, in order to be able to quickly implement corrective measures (specific technical instructions are available from CERT/CC, SANS, NIPC, or other sources). These checks should be done to both check and clear systems of Trinoo/TFN, and related threats, and to support law enforcement efforts investigating these exploits. Recipients are asked to report significant or suspected criminal activity to their local FBI office NIPC or ANSIR Coordinator, computer emergency response support and other law enforcement agencies, as appropriate. The NIPC web site is located at www.nipc.gov. ================================================================= Kadosh, Kadosh, Kadosh, YHVH, TZEVAOT FROM THE DESK OF: <[EMAIL PROTECTED]> *Mike Spitzer* <[EMAIL PROTECTED]> ~~~~~~~~ <[EMAIL PROTECTED]> The Best Way To Destroy Enemies Is To Change Them To Friends Shalom, A Salaam Aleikum, and to all, A Good Day. ================================================================= <A HREF="http://www.ctrl.org/">www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are not allowed. Substance�not soap-boxing! These are sordid matters and 'conspiracy theory'�with its many half-truths, misdirections and outright frauds�is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRL gives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://home.ease.lsoft.com/archives/CTRL.html http:[EMAIL PROTECTED]/ ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
