Denial-of-service warning put out by FBI agency

Web site administrators are being advised by the U.S. Federal Bureau of Investigation (FBI)'s cybercrime division to be extra vigilant for evidence of distributed denial-of-service (DDOS) attacks that have recently hit Web sites.

In an advisory issued this weekend by the FBI's National Infrastructure Protection Center (NIPC), the agency said it has received information about "ongoing attempts to disrupt Web access to several sites."

The NIPC advisory came after a DDOS attack on the White House Web site on Friday. That attack lasted from about 8 a.m. EDT to about 11:15 a.m., causing so many automated requests for information that the servers were overloaded.

In a related note, the NIPC warned last month of an expected upswing in attacks against U.S. servers by Chinese hackers, given an increase in political tensions between the two countries.

The latest attacks cited by the NIPC have been seen on several networks, using data fragmented into large User Datagram Protocol (UDP) packets for transmission. The UDPs are directed at the commonly used Port 80.

The attackers are apparently using this method to try to bypass standard port protocol blocking techniques, according to the NIPC.

To detect whether such attacks have occurred, network administrators are being advised to inspect firewall logs and other means for evidence of fragmented UDP packets directed at Port 80. Such inbound packets mean a denial of service to the network may be under way. Outbound UDP packets mean there's a high likelihood that the network is already compromised by hacker DDOS software.

A special utility to detect DDOS software is available from the NIPC.

A spokeswoman for the NIPC Monday refused to comment on the advisory.

Ric Steinberger, technology director at Atomic Tangerine Inc., the former SecurityPortal.com in Seattle, said such attacks have been common for years.

Steinberger said he believes the NIPC issued this latest advisory in direct response to the DDOS attack at the White House Web site. "The NIPC needs to issue alerts when one or more federal Web sites have been attacked in this way," he said.

Most private business sites probably have Web servers equipped with firewalls that are capable of halting these types of attacks, he said. Government sites, however, are usually more vulnerable because their staffs are paid less and don't have access to the latest software and hardware defenses, he said.

Join the newsletter!

Error: Please check your email address.

More about atomic tangerineFBIFederal Bureau of InvestigationNIPCPrivate BusinessSecurityPortal

Show Comments
[]