Skip to main content /TECH with /TECH

Denial-of-service warning issued by FBI


(IDG) -- Web site administrators are being advised by the FBI's cybercrime division to be extra vigilant for evidence of distributed denial-of-service (DDOS) attacks that have recently hit Web sites.

In an advisory issued this weekend by the FBI's National Infrastructure Protection Center (NIPC), the agency said it has received information about "ongoing attempts to disrupt Web access to several sites."

Related Stories
Visit an IDG site

The NIPC advisory came after a DDOS attack on the White House Web site on Friday. That attack lasted from about 8 a.m. EDT to about 11:15 a.m., causing so many automated requests for information that the servers were overloaded.

In a related note, the NIPC warned last month of an expected upswing in attacks against U.S. servers by Chinese hackers, given an increase in political tensions between the two countries.

The latest attacks cited by the NIPC have been seen on several networks, using data fragmented into large User Datagram Protocol (UDP) packets for transmission. The UDPs are directed at the commonly used Port 80.

The attackers are apparently using this method to try to bypass standard port protocol blocking techniques, according to the NIPC.

To detect whether such attacks have occurred, network administrators are being advised to inspect firewall logs and other means for evidence of fragmented UDP packets directed at Port 80. Such inbound packets mean a denial of service to the network may be under way. Outbound UDP packets mean there's a high likelihood that the network is already compromised by hacker DDOS software.

A special utility to detect DDOS software is available from the NIPC.

A spokeswoman for the NIPC today refused to comment on the advisory.

Ric Steinberger, technology director at Atomic Tangerine Inc., the former in Seattle, said such attacks have been common for years.

Steinberger said he believes the NIPC issued this latest advisory in direct response to the DDOS attack at the White House Web site. "The NIPC needs to issue alerts when one or more federal Web sites have been attacked in this way," he said.

Most private business sites probably have Web servers equipped with firewalls that are capable of halting these types of attacks, he said. Government sites, however, are usually more vulnerable because their staffs are paid less and don't have access to the latest software and hardware defenses, he said.

Authorities investigating White House Web attack
May 7, 2001
Microsoft security flaw can lead to Web attack
April 18, 2001
New tools address denial-of-service threat
April 17, 2001
One year after DoS attacks, vulnerabilities remain
February 8, 2001
EU unveils plan to fight cybercrime
January 31, 2001
Center to be established for cyber-security
January 16, 2001
Attacks on IRC network hurt other Web services
January 10, 2001
Feds warn about rise in attacks against e-commerce sites
December 7, 2000
Exchange bug could be exploited for denial-of-service attacks
November 6, 2000

Investigators seek clues on White House DoS attack
IP Insecurity
No easy defense vs. denial-of-service attacks
Senator wants to aid cyber security by secrecy
(The Industry Standard)
German government calls for hacker warning system
U.S. hackers retaliate against Chinese attacks
(The Industry Standard)
U.S.-China cyberwar: Fact or fear-mongering?
U.S., Chinese hackers continue Web defacements

National Infrastructure Protection Center

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


4:30pm ET, 4/16

Back to the top