Distributed Denial of Service (DDoS) Attacks/tools

• Books on DDoS
  • Internet Denial of Service: Attack and Defense Mechanisms, by Jelena Mirkovic, Sven Dietrich, David Dittrich and Peter Reiher, Prentice Hall PTR, ISBN 0-13-147573-8 (Estimated Availability: 12/10/2004)

• Analyses and talks on attack tools
  • The DoS Project's "trinoo" distributed denial of service attack tool, by David Dittrich
  • RAZOR analysis of WinTrinoo
  • Report of Windows version of trinoo DDOS tool by Gary Flynn, James Madison University
  • The "Tribe Flood Network" distributed denial of service attack tool, by David Dittrich
  • The "stacheldraht" distributed denial of service attack tool, by David Dittrich
  • TFN2K - An Analysis, by Jason Barlow and Woody Thrower, Axent Security Team
  • Notes of talk given at CERT Distributed-Systems Intruder Tools Workshop, November 2, 1999
  • An analysis of the "Shaft" distributed denial of service tool, by Sven Dietrich, Neil Long, and David Dittrich
    [BUGTRAQ followup post by Richard Wash] (PDF Version from Information Security Bulletin magazine)
  • "Analyzing Ditributed Denial of Service Attack Tools: The Shaft Case" (PDF), by Sven Dietrich, Neil Long, and David Dittrich, Presented at LISA 2000 (GZIP PostScript)
  • Steve Bellovin's NANOG presentation on DDOS Attacks, February 7, 2000
  • Presentation at DDoS BoF, NANOG Meeting, February 7, 2000
  • The "mstream" distributed denial of service attack tool, by David Dittrich, George Weaver, Sven Dietrich, and Neil Long
  • Invited Talk, "DDoS: Is There Really a Threat?," USENIX Security Symposium, August 16, 2000
  • Analysis of the "Power" bot, by David Dittrich
  • GT Bot (Global Threat), by Lockdown Corp.
  • kaiten.c (no analysis, just code)
  • knight.c (no analysis, just code)
  • X-DCC (IRC "warez" bots often combined with DDoS)
    • CanSecWest talk on disassembling malware networks by Dave Dittrich, May 2002 (see xdcc-analysis.txt for analysis)
    • XDCC - An .EDU Admin's Nightmare, by TonikGin, Sept. 11 2002
  • ocxdll.exe / mIRC Trojan Analysis, by Kyle Lai, September 5, 2002
  • Honeynet Project Reverse Challenge binary ([not?] surprisingly, this is a DDoS agent)
  • Robert Graham's analysis of the Blaster worm
  • Inside the Slammer Worm, by David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford, and Nicholas Weaver, IEEE Security & Privacy (Vol 1 No 4)
  • Phatbot Trojan Analysis, by LURHQ

• Defensive Tools
  • RID, by David Brumley
  • National Infrastructure Protection Center; Trinoo/Tribal Flood Net/Stacheldraht/tfn2k detection tool
  • BindView's Zombie Zapper
  • Index of Distributed Tools at Packet Storm
  • dds -- a trinoo/TFN/stacheldraht agent scanner (C source code) by Dave Dittrich, Marcus Ranum, George Weaver, David Brumley, and others. [In BETA testing.] (Use RID instead.)
  • gag -- a stacheldraht agent scanner (C source code) by Dave Dittrich, Marcus Ranum, and others. (Use RID instead.)
  • Ramenfind (Identification and cleanup tool for the Ramen worm, which was modified to install DDoS agents in February 2001.)
  • IP Source Tracking on Cisco 12000 Series Internet Routers (PDF version), Cisco Systems

• Advisories
  • ADVISORY 00-055: "Trinity v3/Stacheldraht 1.666" Distributed Denial of Service Tools, NIPC, October 13, 2000
  • CERTŪ Incident Note IN-2000-05 "mstream" Distributed Denial of Service Tool, May 2, 2000
  • CERTŪ Advisory CA-2000-01 Denial-of-Service Developments
  • Sun Bulletin #00193, Distributed Denial-of-Service Tools, January 5, 2000

• Mitigation information
  • Start by reading these documents:
    • Results of the [CERT sponsored] Distributed-Systems Intruder Tools Workshop [PDF version]
    • Managing the Threat of Denial of Service, by Allen Householder, Art Manion, Linda Pesante, and George Weaver (CERT/CC) in collaboration with Rob Thomas, October 2001
    • Consensus Roadmap for Defeating Distributed Denial of Service Attacks, A Project of the Partnership for Critical Infrastructure Security
    • Help Defeat Denial of Service Attacks: Step-by-Step, SANS Institute
    • Denial of Service (DoS) Attack Resources, by Paul Ferguson
  • SYN flood protection
    • TCP/IP stack tuning on end systems, by Rob Thomas
    • Hardening the TCP/IP stack to SYN attacks, by Mariusz Burdach, SecurityFocus, September 10, 2003
    • Solaris 2.x - Tuning Your TCP/IP Stack and More
    • Countering SYN Flood Denial-of-Service Attacks, by Ross Oliver, Tech Mavens, August 29, 2001
  • Advice for server administrators
    • Protect the required and often attacked services, e.g. DNS., by Rob Thomas
  • Advice for network providers
    • Characterizing and Tracing Packet Floods Using Cisco Routers, Cisco Systems Inc.
    • "Essential IOS" - Features Every ISP Should Consider, Cisco Systems Inc.
    • ISP security (from an operations perspective), NANOG Tutorial by Barry Raveendran Greene (Cisco), Christopher L. Morrow and Brian W. Gemberling (UUNET)
    • Protect the border and the border routers (also ported to Juniper and Riverstone), by Rob Thomas
    • Protect your BGP peering and RIBs (also ported to Juniper and Riverstone), by Rob Thomas
    • Monitor DoS attacks with NetFlow on your VIPs, by Rob Thomas
    • Track the source of spoofed packets, by Rob Thomas
    • Filtering ICMP and minimum ICMP messages, by Rob Thomas
    • Null routing traffic and tracking DoS attacks, by Chris Morrow
    • Blocking Code Red Worm with Cisco IOS NBAR, 4 August 2001
    • Using Network-Based Application Recognition and Access Control Lists for Blocking the "Code Red" Worm at Network Ingress Points, Cisco Tech Note
    • A DDOS defeating technique based on routing, BUGTRAQ posts by Fernando Schapachnik, February 20, 2000
    • Path MTU Discovery and Filtering ICMP, by Marc Slemko
    • RFC 2267 -- Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, by Paul Fergussen and Daniel Senie
    • RFC 2644 -- Changing the Default for Directed Broadcasts in Routers, by Daniel Senie
    • Distributed Denial of Service (DDoS) News Flash, Cisco Systems Inc.
    • Policing and Shaping Overview, Cisco whitepaper on rate limiting
  • General advice
    • DDoS Attack Mitigation, BUGTRAQ posts by Elias Levy, 11 Feb 2000
    • Incident Handling Step by Step: Unix Trojan Programs, SANS Institute
    • Smurf attacks by Craig A. Huegen
    • Tune your firewalls and end systems, by Rob Thomas

• Legal implications
  • SANS Webcast on Legal Liability for Security Breaches - and Minimum Standards of Due Care with Mark Rasch and Hal Pomeranz, February 26, 2003
  • Distributed Denial-of-Service Attacks, Contributory Negligence and Downstream Liability, by M. E. Kabay, PhD, CISSP
  • DDoS Class Action lawsuit web site

• Related Papers, Essays, Legislative Proposals, and Research
  • Trends in Denial of Service Attacks, by Jose Nazario, Arbor Networks, Usenix 2003 Work-in-Progress report
  • Extortion Worms: Internet Worms that Discourage Disinfection, by Tim Freeman, February 12, 2002
  • Untraceable Email Cluster Bombs: On Agent-Based Distributed Denial of Service, by Markus Jakobsson and Filippo Menczer, May 23, 2003
  • How to 0wn the Internet in Your Spare Time, by Stuart Staniford, Vern Paxson, and Nicholas Weaver, 2002
  • Taxonomies of Distributed Denial of Service Networks, Attacks, Tools, and Countermeasures, by Ruby B. Lee, Princeton University
  • Distributed Denial of Service, talk by John Ioannidis, April 2002
  • Hop Count Filtering: An Effective Defense Against Spoofed Traffic, by Cheng Jin, Haining Wang, and Kang G. Shin
  • A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms, by Jelena Mirkovic, Janice Martin and Peter Reiher, UCLA Computer Science Department, Technical report #020018
  • D-WARD: DDoS Network Attack Recognition and Defense home page (Peter Reiher, Gregory Prier, Scott Michael, and Jun Li)
  • Computer Crime, by Ronald B. Standler, 2002 (section on DDoS and Mafiaboy case)
  • An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks, by Vern Paxson, June 2001
  • UNISOG thread on Register.com DNS Reflector DoS attack, January 2001
  • "Cyber Threat Trends and US Network Security," Statement for the Record for the Joint Economic Committee, Lawrence K. Gershwin, National Intelligence Officer for Science and Technology, 21 June, 2001
  • CenterTrack, Robert Stone (a defunct research project that attempted to track DoS attacks at UUnet)
  • The Strange Tale of the Distributed Denial of Service Attacks Against GRC.COM, by Steve Gibson, June 2, 2001(My responses to Steve Gibson's initial claims and his later claims of discovering a "new" reflection attack.)
  • CERIAS Attack Traceback Summit Proceedings (PDF version)
  • Inferring Internet Denial-of-Service Activity, by David Moore, Geoffrey M. Voelker and Stefan Savage, University of California, San Diego
  • On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack, by Kihong Park and Heejo Lee, Network Systems Lab and CERIAS, Purdue Univerisity
  • MULTOPS: a data structure for denial-of-service attack detection (PDF), by Thomer M. Gil (PostScript version)
  • Guidelines for Evidence Collection and Archiving <draft-ietf-grip-prot-evidence-01.txt>, Dominique Brezinski and Tom Killalea (Internet Draft)
  • Draft Convention on Cyber-Crime, Council of Europe (See also Cybercrime Solution Has Bugs, by Declan McCullagh, Wired News, May. 3, 2000)
  • Source code to mstream, a DDoS tool, VULN-DEV post by Anonymous, April 29, 2000
  • THE WAR ON HACKERS, by Gary Lawrence Murphy
  • Distributed Denial Of Service Attacks (DDOS), by David Anderson, MIT
  • Theories on new DoS Attacks v.1, by J. Oquendo
  • On Magic, IRC Wars, and DDoS, by Robert Graham
  • Client-side Distributed Denial-of-Service: Valid campaign tactic or terrorist act?, by the electrohippies collective
  • Spaf's Summary of White House meeting, February 19, 2000
  • DDoS Whitepaper by Bennett Todd (readable overview intended for non-techies)
  • Crypto-Gram, by Bruce Schneier, February 15, 2000
  • Current Events on The Net: Fact, Fiction, or Hype?, by Richard Forno
  • DDoS FAQ, by Kurt Seifried
  • 10 Proposed 'first-aid' security measures against Distributed Denial Of Service attacks, by Mixter
  • "Tribe Flood Network 3000": A theoretical review of what exactly Distributed DOS tools are, how they can be used, what more dangerous features can be implemented in the future, and starting points on establishing Network Intrusion Detection Rules for DDOS, by Mixter
  • Protecting Against the Unknown -- A guide to improving network security to protect the Internet against future forms of security hazards, by Mixter
  • Have Script, Will Destory (Lessons in DoS), by Brian Martin, Attrition.org
  • Practical Network Support for IP Traceback, by Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, Department of Computer Science and Engineering, University of Washington
  • ICMP Traceback Messages (IETF draft proposal), by Steven Bellovin
  • Advanced and Authenticated Marking Schemes for IP Traceback, by Dawn X. Song and Adrian Perrig
  • Host Identity Payload, Internet Draft, Robert Moskowitz, ICSA.net
  • Host Identity Payload -- Architecture, Internet Draft, Robert Moskowitz, ICSA.net
  • Host Identity Payload -- Implementation, Internet Draft, Robert Moskowitz, ICSA.net
  • Purgatory 101: Learning to cope with the SYNs of the Internet, by NightAxis and Rain Forrest Puppy
  • Distributed Attacks and the Way To Deal With Them, by Tim Yardley
  • Strategies for Defeating Distributed Attacks, by Simple Nomad
  • Hacktivism: Civil Disobedience, Cyberterrorism or Silly Posturing?, vigilante.com

• Vendors marketing products in the DDoS space
  (DISCLAIMER: Inclusion here does not imply I believe these products are or are not good solutions. These companies simply claim to have some kind of "solution" to the issues of DDoS.)
  • Network level defenses (detect, stop floods)
    • Arbor Networks
    • Mazu Networks
    • Captus Networks
    • CS3
    • Riverhead Networks
    • Reactive Network Solutions
  • Host level defenses (detect, stop handler/agent installation)
    • Entercept
    • Tripwire
  • Augmented Intrusion Detection (detect)
    • Oneka
    • Recourse Technologies
  • Managed Security Services (react)
    • TrustWave
    • Solsoft
    • Aprisma
  • Work in progress research
    • Shai
  • Notes from Lockheed Martin conference on DDoS vendor solutions, December 20, 2001

• Selected news reports/interviews/panel discussions
  (in reverse chronological order)
  • BitTorrent servers under attack, by Robert Lemos, CNET News.com, December 2, 2004
  • Antispam screensaver downs two sites in China, by Dan Ilett, ZDNet News (UK), December 2, 2004
  • Lycos Europe denies attack on zombie army, by Dan Ilett, ZDNet News (UK), December 1, 2004,
  • Experts fret over online extortion attempts: 'Bot' armies capable of toppling big sites, some say, by Bob Sullivan, MSNBC, November 10, 2004
  • Lawmaker: Beware of cyber-Pearl Harbor, Reuters, November 5, 2004
  • Online payment firm in DDoS drama, by John Leyden, November 3, 2004
  • Child porn threat to betting site, BBC News, October 27, 2004
  • Dutch government sites attacked, correspondents in Amsterdam, Australian IT, October 6, 2004
  • WorldPay struggles under DDoS attack (again), by John Leyden, The Register, October 4, 2004
  • Zombie armies behind cyberscrime sprees, by Dan Illet, ZDNet (UK), October 1, 2004
  • Update: Credit card firm hit by DDoS attack, by Jaikumar Vijayan, Computerworld, September 22, 2004
  • Attacks disrupt some credit card transactions, by Rob Lemos, CNET News.com, September 22, 2004
  • Extortion Online: Technology can help fight the growing cyberextortion threat, but experts say not enough companies are prepared, by George V. Hulme, InformationWeek, September 13, 2004
  • FBI busts alleged DDoS Mafia, by Kevin Poulsen, SecurityFocus, August 26, 2004 [ Indictment against Paul G. Ashley, Jonathan David Hall, Joshua James Schichtel, Richard Roby, and Lee Graham Walker]
  • Police say Russian hackers are increasing threat, by Oliver Bullough, Reuters, July 28, 2004
  • DoubleClick blacks out from Web attack, by Jim Hu, CNET News.com, July 27, 2004
  • MyDoom.M virus slams search sites, by Byron Acohido and Jon Swarz, USA Today, July 26, 2004
  • British cybercops nab alleged blackmailers, by Graeme Wearden and Andy McCue, ZDNet (UK), July 21, 2004
  • Scotland Yard and the case of the rent-a-zombies, Reuters, July 7, 2004
  • 'Zombie' PCs caused Web outage, Akamai says, by Robert Lemos and Jim Hu, CNET News.com, June 16, 2004
  • Business allegedly attacked via Web: FBI investigates area owner's extortion claim, by Caroline Lynch, The Courier-Journal, May 10, 2004
  • Bookies suffer online onslaught, by Mark Ward, BBC News Online, March 19, 2004 (Netcraft graphs of UK betting sites)
  • Hackers Embrace P2P Concept: Experts Fear 'Phatbot' Trojan Could Lead to New Wave of Spam or Denial-of-Service Attacks, by Brian Krebs, washingtonpost.com, March 17, 2004
  • Mydoom lesson: Take proactive steps to prevent DDoS attacks, by Jaikumar Vijayan, February 6, 2004
  • The FBI Called Again, by simul, Kuro5hin.org (targetted by DDoS attacks), February 4, 2004
  • Super Bowl fuels gambling sites' extortion fears, by Paul Roberts, IDG News Service, January 28, 2004
  • Attack on SCO sites at an end, by Rob Lemos, CNET News.com, December 12, 2003
  • New computer virus variant floods Web sites of anti-spam activists, by Anick Jesdanun, The Associated Press, December 3, 2003
  • E-commerce targeted by blackmailers, by BBC News, November 26, 2003
  • Dutch blogsites fight cyberwar against spammer, by Jan Libbenga, The Register, November 24, 2003
  • ISPs take on DDoS Attacks, by Denise Pappalardo, Network World, November 19, 2003
  • Zombie machines fueling new cybercrime wave, by Bernhard Warner, computerworld.com, November 17, 2003
  • East European gangs in online protection racket, by John Leyden, The Register, November 12, 2003
  • High-Tech Gangsters Who Shoot on Site, by Chris Nuttall, Financial Times, November 12, 2003
  • Crime gangs extort money with hacking threat, by Chris Nuttall, Financial Times of London, November 11 2003
  • 'DDoS' Attacks Still Pose Threat to Internet, by David McGuire, washingtonpost.com, November 4, 2003
  • Virtual girlfriend 'inspired Internet attack', by Munir Kotadia, Special to CNETAsia, October 13 2003
  • 11,000 IP addresses found on accused hacker's PC, by Munir Kotadia, ZDNet UK, October 8, 2003
  • 'Revenge' hack downed US port systems, by Andy McCue, silicon.com, October 7, 2003
  • Cloaking Device Made for Spammers, by Brian McWilliams, October 9, 2003
  • Sobig linked to DDoS attacks on anti-spam sites, by John Leyden, September 25, 2003
  • Teenager arrested in 'Blaster' Internet attack, by Jeordan Legon, CNN, August 29, 2003
  • Hackers cut off SCO Web site, by Martin LaMonica, CNET News.com, August 25, 2003
  • Porn Purveyors Getting Squeezed, by Noah Shachtman, Wired News, July 10, 2003
  • DDoS attack hits clickbank and spamcop.net, by Mirko Zorz, June 25, 2003
  • Rise of the Spam Zombies, by Kevin Poulson, Security Focus, April 27, 2003
  • The Palestinian-Israel: cyberwar, by Patrick D. Allen and Chris C. Demchak, Military Review, March-April, 2003,
  • Thwarting the Zombies, by Dennis Fisher, eWeek, March 31, 2003 [quotes CERT/CC as saying they have tracked a botnet of 140,000 hosts]
  • Al-Jazeera hobbled by DDOS attack: News site targeted for second day, by, Paul Roberts, Infoworld, March 26, 2003
  • DDoS attack cripples Uecomm's AU links, by Patrick Gray, ZDNet Australia, March 20, 2003
  • Thousands 'trojaned' through net shares: CERT, by Patrick Gray, ZDNet Australia, March 12, 2003
  • Worm could be clearing path for DDoS attack, by Patrick Gray, ZDNet Australia, March 10, 2003
  • US and UK arrests in computer worm probe, by John Leyden, March 6, 2003
  • Could Attack on DALnet Spell End for IRC?, by Thor Olavsrud, internetnews.com, January 24, 2003
  • Attacks Fell on Online Community, by Justin Jaffe, Wired News, January 27, 2003
  • DDOS attack 'really, really tested' UltraDNS, by ComputerWire, The Register, November 26, 2002
  • Future Hacking: How Vulnerable is the Net?, by James Maguire, NewsFactor Network, November 4, 2002
  • Attack On Internet Called Largest Ever, by David McGuire and Brian Krebs, washingtonpost.com, October 22, 2002
  • RIAA Web site disabled by attack, by Declan McCullagh, Special to ZDNet News, July 30, 2002
  • ISP run out of business by DOS attacks, geeknews.com, July 23, 2002
  • News Sites Under 'Syn' Attack: Computers in Asia Flooding Sites, Blocking Access, by Paul Eng, ABCNEWS.com, June 14, 2002
  • Good News/Bad News in DoS Struggle, by Jim Carr, Network Magazine, July 7, 2002
  • Cert warns of automated attacks, by James Middleton, vnunet.com, April 9, 2002
  • Scottish ISP floored as DDoS attacks escalate, by John Leyden, The Register, April 9, 2002
  • Denial-of-Service Attacks Still a Threat, by Jaikumar Vijayan, Computer World, April 08, 2002
  • Internet User Sentenced in Federal Court for Using the Internet to Make Threats (DDoS attacks were also involved in this case, although the death threats were the main thrust of prosecutors.)
  • How CloudNine Wound Up in Hell, Reuters (via Wired.com), February 1, 2002
  • Hack Shuts Down British ISP, by Dennis Fischer, eWEEK, January 22, 2002 (Cloud Nine British ISP)
  • Arrested Goner Creators Left Obvious Online Trail, By Brian McWilliams, Newsbytes, December 9, 2001
  • 'Mafiaboy' hacker jailed, BBC News, September 13, 2001
  • DDoS protection racket targets bookies, by John Leyden, The Register, November 26, 2001
  • Cyber-raid hobbles web users, By Michael Foreman, The New Zealand Herald, September 10, 2001
  • Mafiaboy must be jailed, says social worker, by Michelle MacAfee, The Canadian Press, June 19, 2001
  • College: A Cracker's Best Friend, by Michelle Delio, Wired.com, February 28, 2001
  • DoS Attack Storms Weather Channel's Routers, by Rutrell Yasin, InternetWeek, May 24, 2001
  • Hackers storm White House Web site, by Robert Lemos, ZDNet News, May 4, 2001
  • Warning Issued Against Fast-Spreading Hacking Worm, kdh@koreatimes.co.kr, The Korea Times, April 24, 2001
  • Microsoft Web Sites Attacked, by Ariana Eunjung Cha and David Streitfield, Washington Post, January 26, 2001
  • IRC Attack Linked to DoS Threat, by Michelle Delio, Wired, January 12, 2001
  • FBI Targets 7 Hackers In Planned New Year's Eve Virus Attack, by Brian Krebs, Newsbytes, January 11, 2001
  • Lynnwood teen one of several targets of FBI probe, KING 5 News (Seattle), January 10, 2001
  • IRC: Attack From Killer 'HaX0rZ', by Michelle Delio, Wired, January 9, 2001
  • Romanian hacker bombs chat network, by Will Knight, ZDNet UK, January 9, 2001
  • Four Israeli hackers suspected of planning New Year's Eve attack , by Assaf Zohar, Israel's Business Arena, January 3, 2001
  • 2001: Killer hack attacks, by Scott Berinato, eWEEK (via ZDNet UK), December 20, 2000
  • The Year of the Killer Hackers, by Scott Berinato, eWEEK, December 18, 2000
  • 'Mafiaboy' Trying To Stare Down Prosecutors, by Kevin Johnson, USA TODAY, December 5, 2000
  • 'Mafiaboy' to plead guilty to hacking major Web sites, by Linda Rosencrance, Computerworld, November 07, 2000
  • U.S. may face net-based holy war, by Dan Verton, Computerworld, November 13, 2000
  • Abroad at Home: The cyberwars of the Middle East have come to Washington, by John Lancaster, Washington Post, November 3, 2000 (defaced web site)
  • Lucent says Mideast hackers attacked Web site, by Erich Luening, CNET News.com, November 2, 2000,
  • Mideast hackers may strike U.S. sites, FBI warns, by Erich Luening, CNET News.com, November 2, 2000
  • Security experts: Denial-of-service attacks still a big threat, by Patrick Thibodeau, Computerworld, October 20, 2000
  • 'Pecked to Death by a Duck' -- Hacktivists Chat up the World Bank, by Sarah Ferguson, The Village Voice, October 18, 2000
  • Interpol orders immediate cybercrime action, by Will Knight, ZDNet UK, October 11, 2000
  • Internet giants confer on denial-of-service attacks, by Paul Festa, CNET News.com, September 26, 2000
  • Web sites unite to fight denial-of-service war, by Ellen Messmer, Network World, September 25, 2000
  • New Technology Tracks, Kills DoS Attacks At ISP Level, by Cynthia Flash, TechWeb News, September 14, 2000
  • New denial-of-service attack tool uses chat programs, by Ellen Messmer, CNN, September 6, 2000
  • New Web attack tools exploit chat technology, by Evan Hansen, CNET News.com, September 5, 2000
  • Surfing the Tsunami: A large Southeastern university IS team fights off a massive distributed denial of-service attack and lives to tell about it., by DDoS Survivor, Network World, August 28, 2000
  • University researcher traces response to DDOS attacks, by Ann Harrison, Computerworld, August 18, 2000 [Corrections to Computerworld article]
  • New Public-Private Venture Meant to Combat Cybercrime, by Paul Nowell, The Associated Press, August 11, 2000
  • 250 Linux servers infected by denial-of-service program, the Korea Herald, August 1, 2000
  • Lack of funding threatens cybersecurity project, by Elinor Abreu, The Industry Standard, July 31, 2000
  • Wanna know how BT.com was hacked?, by Kieren McCarthy, The Register, July 25, 2000
  • BT hacked: revenge for crap service, by Kieren McCarthy, The Register, July 21, 2000
  • Hackers Plant Attack File in Home Computers, by Chet Dembeck, E-Commerce Times, June 9, 2000
  • Hackers Said Poised for Attack, by D. Ian Hopper, AP, June 9, 2000
  • Online boasting leaves trail -- FBI: Teen a schoolboy by day, brazen hacker by night, by Kevin Johnson, M.J. Zuckerman and Deborah Solomon, USA TODAY, June 7, 2000
  • Experts lecture feds on cybersecurity, by Diane Frank, Federal Computer Week, May 24, 2000
  • Beware of the security zealot, by Lewis Z. Koch, Inter@ctive Week, May 23, 2000
  • New Denial-of-Service Software Found "in the Wild", by Steven Bonisteel, Newsbytes, May 3, 2000
  • Hackers release new DoS tool -- Stakes high in cat-and-mouse game with security experts, by Bob Sullivan, MSNBC, May 2, 2000 [Corrections to MSNBC article]
  • Cybercrime Solution Has Bugs, by Declan McCullagh, Wired News, May. 3, 2000
  • Expert warns of powerful new hacker tool, by Stephen Shankland, CNET News.com, May 1, 2000
  • Probe of Hacker Net a Second Suspect: His Father, by Steven Pearlstein and David A. Vise, Washington Post, April 21, 2000
  • DoS Attacks: What Really Happened, by Bob Sullivan, MSNBC, April 19, 2000
  • `Mafiaboy' Arrested -- Canadian Teen Charged In Web Attacks, by Jonathan Dube and Brian Ross, ABCnews.com, April 19, 2000
  • Hackers can claim copyright on tools, by David Hellaby, AustralianIT, April 18, 2000
  • U.S. Treasury Chief Warns of Cyber Threats, by Jim Wolf, Reuters, April 18, 2000
  • How to Fight Cyber Thugs -- Before it's Too Late, editorial by Jesse Berst, ZDNet AnchorDesk, April 3, 2000
  • Hacker attack costs rise -- FBI, CSI: Verifiable losses due to poor security top $265M in 1999, CNNfn, March 22, 2000
  • DDOS attacks' ultimate lesson: Secure that infrastructure, by Deborah Radcliff, Securityportal.com, March 20, 2000
  • DoS Attack Shuts Down Brazilian Government Site, By Steve Gold, Newsbytes March 18, 2000
  • Ihug hit by hackers, by Adam Gifford, The New Zealand Herald, March 15, 2000
  • Get more secure - or else!, by Lisa M. Bowman, ZDNet|UK|, March 15, 2000
  • Asleep at the switch? -- How the government failed to stop the world's worst Internet attack, by M.J. Zuckerman, USA TODAY, March 9, 2000
    [Note: When I was interviewed by Mike, I hadn't researched the timing of events very thoroughly, so he was working with my rough recollections. I've since tried to put together my own timeline on DDoS events]
  • Web attacks: Cure worse than woes? Trend Micro's anti-viral OfficeScan - which also checks for DoS vulnerabilities - is a prime vehicle for foul play, by Steven J. Vaughan-Nichols, Sm@rt Reseller, ZDNN, March 8, 2000
  • DoS attacks: A problem of the information age Q&A with security guru Dave Dittrich, by J.S. Kelly, SunWorld Online, March 2000
    [Note: I was unable to provide feedback to J.S. Kelly in time, so some of the transcribed answers are not quite what I said. I'll try to clarify more as I find time. See also the Slashdot and other RealAudio interviews for answers to similar questions.]
  • Hatch Won't Hatch Clinton Net Security Idea, by Robert MacMillan, Newsbytes, March 3, 2000
  • Getting Hacked Could Lead to Getting Sued, by Ritchenya A. Shepherd, American Lawyer Media News Service, March 2, 2000
  • Hacker plan: take down the Net -- Associates tell feds Coolio started last month's Web attacks; teen's New England home searched, computers confiscated, by Bob Sullivan, MSNBC, March 1, 2000
  • CIOs Need to Be Held Accountable for Security, by L. Taylor, TechnologyEvaluation.com, February 28th, 2000
  • FBI: Internet Attack Motive Unknown, by Ted Bridis, AP, February 29, 2000
  • Senate Judiciary Committee hearing on Internet Denial of Service Attacks and the Federal Response, February 29, 2000
    • Testimony of Eric Holder, Deputy Attorney General, Department of Justice
    • Testimony of Dan Rosensweig, President and CEO, ZDNet
    • Testimony of "Mudge", @Stake
  • Locking Out the Hackers -- How to safeguard the Web, News: Analysis & Commentary, Business Week, February 28, 2000
  • FBI site hit in latest hacker attacks -- Microsoft, brokerage among victims, but damage is short-lived, MSNBC staff and wire reports, February 25, 2000
  • Web attacks? The ISPs strike back!, by Robert Lemos, ZDNet News, February 23, 2000
  • New hacker software could spread by email, by John Borland, CNET News.com, February 23, 2000
  • Cyber Crime -- First Yahoo! Then eBay. The Net's vulnerability threatens e-commerce--and you, Cover Story, BusinessWeek magazine, February 21, 2000
  • Web attacks: Are ISPs doing enough? Not according to many broadband customers and security experts, by Robert Lemos, ZDNet News, February 21, 2000
  • Internet News Radio interview with David Dittrich (University of Washington) and Brian Martin (aka "jericho" of Attrition.org), February 23, 2000
  • Warding off DDoS Attacks: Tools and services help keep servers from being turned into zombies, by Jim Kerstetter, PC Week Online, February 21, 2000
  • Hacker's Web Weapons Test-Fired on Chat Sites, by Ariana Eunjung Cha, Washington Post, February 19, 2000
  • Dot-Com firms are hacking each other -- expert, by Thomas C. Greene, The Register, February 18, 2000
  • NPR's Diane Rehm show (Real Audio), panel discussion on Internet Security with Jeffrey Hunker (National Security Council), James Adams (iDefense.com), David Dittrich (University of Washington) and Elias Levy (SecurityFocus.com)
  • Slashdot interview
  • Universities likely to remain Net security risks, by John Borland, CNETNews.com, February 15, 2000
  • German programmer "Mixter" addresses cyberattacks, by Stephen Shankland, CNET News.com, February 14, 2000
  • Hacker discloses new Internet attack software , by Stephen Shankland, CNET News.com, February 14, 2000
  • Hacker hunters follow lead to Germany -- Web site attackers exploited Stanford computers, CNN.com, February 13, 2000
  • Hacker probe widens as Canada attacked, by John Greenwood, National Post (with files from Bloomberg News and Dow Jones), February 12, 2000
  • Doing Away with DoS, by Michelle Finley, Wired, February 10, 2000
  • DoS: Defense Is the Best Offense, by Chris Oakes, Wired, February 10, 2000
  • ZDNet Special Report: It's War! Web Under Attack
    [An over-hyped headline, but aggregates several stories]
  • Hack leads point to California university, by John Borland and Jeff Pelline, CNET News.com, February 11, 2000
  • The making of weapons -- underground, by Stephen Shankland, Michael Kanellos, and Mike Yamamoto, CNET News.com, February 9, 2000
  • Hacker tools may come from single source, by Stephen Shankland, Michael Kanellos, and Mike Yamamoto Staff, CNET News.com, February 9, 2000
  • Hackers disrupt Web sites, Seattle Post-Intelligencer, February 9, 2000
  • Was Yahoo Smurfed or Trinooed?, by Declan McCullagh, Wired News, February 8, 2000
  • Yahoo on Trail of Site Hackers, Rueters News Service, February 8, 2000
  • Yahoo brought to standstill, BBC News, February 8, 2000
  • Internet attack slows Web to a crawl -- Assault on Oz.net affects entire area, by Dan Richman, Seattle Post-Intelligencer, January 18, 2000
  • DoS attack programs find warm, safe place on Solaris, by Nora Mikes, SunWorld Magazine, January 2000
  • Experts Warn of Multipronged E-Mail Assaults: New Software Allows Vandals to Overwhelm Computers , by David Noack, APBNews.com, December 27, 1999
  • CERT warns of networked denial of service attacks, by Ann Harrison, Computerworld, December 23, 1999
    [Corrections to Computerworld article]
  • Malicious programs lie in wait, FBI warns, by Bruce V. Bigelow, San Diego Union Tribune, December 15, 1999
    [Corrections to San Diego Union Tribune article]
  • Computer security teams brace for attacks by Stephen Shankland, Staff Writer, CNET News.com, December 20, 1999
    [Corrections to CNET News.com article]
  • Net hackers develop destructive new tools, by M.J. Zuckerman, USA TODAY, December 7, 1999
    [Corrections to USA Today article]
  • Cyberterrorism hype, by Johan J. Ingles-le Nobel, Janes Intelligence Review, October 21, 1999
  • Cyber Attacks -- Both Old and New, by Robert Lemos, ZDNet News, October 20, 1999
  • "Smurf" attack hits Minnesota, by Paul Festa, CNET News.com, March 17, 1998
  • Hackers attack NASA, Navy, by Paul Festa, Staff Writer, CNET News.com, March 4, 1998 (Not DDoS, but still a large DoS attack that affected tens or hundreds of thousands of hosts across the country.)

• History of Denial of Service and its use against Internet Relay Chat (IRC) networks
  • Internet Relay Chat (IRC) History, by Jarkko Oikarinen
  • An IRC Tutorial
  • Bots, Drones, Zombies, Worms and other things that go bump in the night., by Lockdown Corp.
  • Definition of "channel takeover", Valinor IRC glossary
  • Hacking IRC - The Definitive Guide
  • rEfnet Old News (look for "TakeOver" and "split")
  • Why EFnet Sucks, by Mixter
  • Bots Are Hot!, by Andrew Leonard, Wired magazine, April 1996
  • Romanian Cracker Takes Down the Undernet, by Kristi Coale, Wired News, January 14, 1997
  • Out of Band Bug Kicks Users Off Networks, by Mark Joseph Edwards, Wired News, May 12, 1997
  • Smurfing Cripples ISPs, by James Glave, Wired News, January 7, 1998
  • CIAC-2318: "IRC On Your Dime? What You Really Need to Know About Internet Relay Chat (PDF), (PostScript), CIAC, Dept. of Energy, June 1998
  • Denial of Service Attack Information, by Craig A. Huegen (1998)

• Sociological aspects of DoS and DDoS
  • Anti-Social Behavior Online Poses Challenge, GameMarketWatch.com, August 9, 2003
  • The Bad Boys of Cyberspace: Deviant Behavior in Online Multimedia Communities and Strategies for Managing it, Suler, J.R. and Phillips, W., 1998

• Humor
  • Hacker Attacks! by all of the top editorial cartoonists (updated regularly)

  ---

  Dave Dittrich <dittrich @ u dot washington dot edu>