DOD reports no denial-of-service code on its servers

DOD reports no denial-of-service code on its servers

By Bill Murray

GCN Staff

After a weeklong review, Defense Department systems administrators have reported that no DOD servers were used as unwitting hosts in the recent spate of denial-of-service attacks.

At the behest of the Space Command's Joint Task Force for Computer Network Defense, DOD organizations last month checked thousands of servers for the Trojan horse code used to mount service-denial attacks. By the Feb. 17 deadline, DOD sysadmins reported that they had not found any of the troublesome code residing on Defense systems, said Air Force Maj. Perry Nouis, a spokesman for the command at Peterson Air Force Base, Colo.

'There's no indication that any of our systems were used in the attacks,' which early last month brought down some of the Web's most-trafficked sites, Nouis said. 'I haven't seen any messages that say such a tool was confirmed' as found, he said.

Check this out

The joint task force on Feb. 10 ordered DOD sysadmins to check all their servers for denial-of-service tools and report within the week, said Rear Adm. Craig Quigley, a Pentagon spokesman.

Before DOD security chiefs demanded the review, there had been reports that some of the Trojan horse programs used in the so-called zombie attacks were found on Defense systems [GCN, Feb. 21, Page 1].

Alan Paller, research director at the SANS Institute of Bethesda, Md., said he has months-old systems review logs from one DOD installation that turned up at least one infected server after the installation scanned its systems using an FBI application.

'It's a huge amount of work' to check for denial-of-service tools, Paller said, adding that the FBI software is the only program that can conduct such a check effectively.

Air Force Maj. Michael Birmingham, a spokesman for the systems security task force, said he was not aware of any such tools ever residing on DOD servers.

DOD officials would not disclose the methods used in the department's recent systems reviews. 'As far as the tactics and techniques are concerned, we don't get into that,' Birmingham said.

Discussing the reviews in detail might give hackers 'ways to circumvent them,' and it's up to service computer emergency response teams to give instructions to network operations center and systems administrators on how to conduct such checks, he said. 'That's where the rubber meets the road.'

DOD mandated the reviews because senior brass wanted to be sure Defense servers weren't being used to stage such attacks, Quigley said.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.