[13399] in bugtraq

home help back first fref pref prev next nref lref last post

Announce: BOF on Distributed DoS, San Jose 1/18/00

daemon@ATHENA.MIT.EDU (David Kennedy CISSP)
Mon Jan 17 21:16:07 2000

Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id:  <3.0.5.32.20000116023757.03f0d0d0@pop.fuse.net>
Date:         Sun, 16 Jan 2000 02:37:57 -0500
Reply-To: David Kennedy CISSP <david.kennedy@ACM.ORG>
From: David Kennedy CISSP <david.kennedy@ACM.ORG>
X-To:         Firewalls <firewalls@lists.gnac.net>,
              firewall-wizards@nfr.net, CISSP Forum <cisspforum@egroups.com>,
              NT Bugtraq List <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>,
              BUGTRAQ <bugtraq@securityfocus.com>, nanog@merit.edu
To: BUGTRAQ@SECURITYFOCUS.COM

The purpose of this message is to solicit participation in birds of a
feather (BOF) session to discuss the Distributed Denial of Service (DDOS)
problem.

WHO: Everyone interested in aggressively addressing a category of attack
threatening Internet-connected systems.

WHAT: We (ICSA.net ) are offering to put together at least two BOF's to
discuss DDOS attacks in the trin00, TFN, TNF2K, TFNTK,
stacheldraht...family.

WHEN & WHERE: The first BOF session will be Tuesday January 18, 2000 from 7
to 9 pm at Hyatt Saint Claire Hotel, Ballroom Lobby Level.  Refreshments
will be served.  This BOF session coincides with the RSA conference but the
BOF is located across the street from the Convention Center and is open to
all interested parties.

The second BOF will coincide with the North American Network Operator's
Group conference (Feb 6-8, 2000 at the Doubletree Hotel, San Jose CA).  The
date and precise location of the BOF are being determined.

WHY: The goals are two-fold initially, awareness of the problem and see if
the collection of smarts at a BOF can suggest effective ways of dealing
with these attacks other than "hoping" the clue-challenged secure their
systems before the trojans are installed.

relevant URL's:
http://www.rsasecurity.com/rsa2000/main.html
http://www.nanog.org/mtg-0002/

Tentative Agenda:

Introduciton:
The Problem:	
	Technical Review of Attack tools 	
	Trends/  Implications/ Characteristics

Possble Mitigations:
	Scanning for Master / Slaves		
	ISP Egress /Ingress Filtering		
	Potential Protocol Changes  HIP
	Open discussion			
	Next Steps					

Noteworthy Participants:

	Dave Dittrich
	Steve Crocker
	Paul Krumviede
	Bob Moskowitz
	Jon McCown

Organizations that will participate include:

	MCI
	ISS
	Bindview
	Security Focus
	Secure Computing Corp Intrusion Services
	IT Security Services


--
Regards,

Dave Kennedy CISSP
Director of Research Services, ICSA.net http://www.icsa.net
Protect what you connect.
Look both ways before crossing the Net.

home help back first fref pref prev next nref lref last post