In midst of probe, FBI experiences denial-of-services attacks firsthand

In midst of probe, FBI experiences denial-of-services attacks firsthand

By Shruti Dat' and

Christopher J. Dorobek

GCN Staff

While the FBI was investigating a flood of distributed denial-of-service attacks, its own Web site was down for more than three hours on Feb. 18 after hackers overwhelmed it with hits.

The denial-of-service attack on www.fbi.gov followed similar attacks on major commercial sites, including those of Yahoo Inc., eBay Inc. and Amazon.com Inc. [GCN, Feb. 21, Page 1].

To help government and industry organizations combat such attacks, the Project for the Partnership for Critical Infrastructure Security, a public-private security group, has published a new guidebook. The group said it would update the report, Consensus Roadmap for Defeating Distributed Denial-of-Service Attacks, as needed.

All groups that use the Internet should take steps to protect the global network because repeated attacks will damage the Internet's credibility as a communications medium, said Alan Paller, director of research at the SANS Institute of Bethesda, Md.

'What's new is that this can do big damage. It can damage the trust we have in the Internet,' he said last month at the Virtual Government conference in Washington.

Because of the nature of the recent attacks, a coordinated security effort is required, Paller said. During a recent security summit, President Clinton stressed that the federal government must lead by example, Paller said.

The security guidebook, published last month, comprises the work of several security organizations, including the Computer Emergency Response Team at Carnegie Mellon University and the SANS Institute. Agencies received copies at the Virtual Government conference.

The document lists immediate steps that agencies can take to reduce the risk of specific threats. It also includes some longer-term security recommendations.

The document is available on the Web at www.sans.org/ddos_roadmap.htm.

The SANS Institute will create an e-mail distribution list for providing updates. To get on the list, send an e-mail message to info@sans.org with 'ddos roadmap' in the subject line.

inside gcn

  • ARL seeks private cloud to modernize IT infrastructure

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above