AXENT : SWAT : Distributed Denial of Service (DDoS)

10 January, 2000

Distributed Denial of Service (DDoS)

A number of Distributed Denial of Service (DDoS) attack tools have been made generally available. Consequently, DDoS attacks are growing in popularity. DDoS attackers gain and exploit access to systems, turning them into attack agents.

Nearly any system can act as an attack agent, and practically any system on the Internet can be effectively flooded with a DDoS attack, so the availability of any given system can be affected by the security of other systems on the Internet.

DDoS attacks can be detected, but cannot currently be directly prevented. The best countermeasure currently available is to prevent your systems from being used as attack agents.

Updates:
Jan 28, 2000: NetRecon 3.0 Security Update 1 detects TFN, trinoo, and stacheldraht.

AXENT Countermeasures:

NetProwler can detect some DDoS activity. Check the NetProwler Security Update page for the latest signatures.
NetRecon and ESM are being updated to detect the presence of DDoS tools.
Maintain backup copies of critical files and monitor for changes. When a change is detected, restore the originals.

Additional Resources:

Last modified on: Thursday, 15-May-08 04:36:47