DDOS related by Dave Dittrich

Last modified: Thu Mar 29 10:57:36 PDT 2012

Distributed Denial of Service (DDoS) Attacks/tools

• What's new in DDoS?
  • Nothing, really. (Some people are just late to the party. ;)
  • Anonymous threatens reflected/amplified attack on the DNS Root name servers
    • Threat by Anonymous to take down the Internet by a reflected DDoS attack against the DNS root name servers, Pastebin posting, February 12, 2012
    • Could a DDoS Attack Against the Roots Succeed?">, but Cricket Liu, March 13, 2012
    • Mitigating DNS Denial of Service Attacks, DNS OARC
    • What is a distributed reflected DDoS attack?
      • Distributed reflected DoS attacks go back to 2001. See the sections below for information on DRDoS examples and background and fundamental problems.
      • Security Experts Warn of Devastating Web Attack, ISN, March 21, 2006
      • The Worrisome Threat of DNS DDoS Amplification Attacks, The Security Skeptic [This article was originally published in the ENISA Quarterly, 6 June 2006. It is no longer available from ENISA.]
    • Have the root servers been attacked before?
      • Distributed denial of service attacks on root nameservers, Wikipedia
      • Events of 21-Oct-2002, by Paul Vixie, Gerry Sneeringer, and Mark Schleifer, November 24, 2002
      • Nameserver DoS Attack October 2002, CAIDA
      • Global Root Server System Stands Firm Against DDoS Attack, by K-ROOT, February, 2007
      • February 2007 Root Server Attacks - A Qualitative Report, by Danny McPherson, Arbor Networks Security Blog, June 9, 2007
      • ICANN Fact Sheet: Root server attack on 6 February 2007, ICANN, March 1, 2007
  • Wikileaks attacks, counter-attacks, counter-counter-attacks...
    • Cyberattack Against Wikileaks was Weak, by Kevin Poulsen, Wired Threatlevel blog, November 2010
    • Operation Payback cripples MasterCard site in revenge for WikiLeaks ban, by Esther Addley and Josh Halliday, The Guardian, December 8, 2010
    • Continuing pro-Wikileaks DDOS actions, Anonymous takes down PayPal.com, by Xeni Jardin, Boingboing.net, December 8, 2010
    • How pro-WikiLeaks hackers wage cyberwar without hijacking your computer, by Mark Clayton, The Christian Science Monitor, December 9, 2010
    • "Anonymous": How dangerous is hacker network defending WikiLeaks?, by Mark Clayton, The Christian Science Monitor, December 9, 2010
    • Hackers wage global "cyberwar" in defense of WikiLeaks, by Stephen Kurczy, The Christian Science Monitor, December 9, 2010
    • Wikileaks: Anonymous stops dropping DDoS bombs, starts dropping science, by Sean Bonner, BoingBoing, December 9, 2010
    • WikiLeaks battle: a new amateur face of cyber war?, by Peter Apps, Reuters, December 10, 2010
    • Operation Payback is Becoming a Complete Failure, by John Danz, December 10, 2010
    • Are the Anonymous "Operation Payback" attacks a form of "civil disobedience?" Read these carefully, then you decide.
      • Retributive justice, Wikipedia
      • Incitement, Wikepedia
      • Civil Disobedience, Wikipedia
• Some General Subjects/Themes
  • Distributed Reflected DNS attacks (and some background)
    • Randal Vaughn and Gadi Evron released an analysis of DNS Amplification Attacks (which use distributed reflection and amplification) on March 17, 2006
    • VeriSign reports a "new DDoS attack" in an article published March 17, 2006
    • CERT/CC publishes a document discussing DNS recursion problems and some solutions for preventing becoming a reflector in early 2006.
    • NANOG Thread "DNS deluge for x.p.ctrc.cc" from February 2006
    • Distributed reflected DDoS attacks are covered on pages 19-20, 45, 51-52, and 297 in Internet Denial of Service: Attack and Defense Mechanisms, published in 2005
    • Vern Paxson wrote a paper, An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks, warning of these kinds of attacks in June 2001
    • A DNS reflection attack on Register.com was publicly discussed in a thread on the UNISOG mailing list in January 2001. This attack, which forged requests for the MX records of AOL.com (to amplify the attack) lasted about a week before it could be traced back to all attacking hosts and shut off. It used a large list of DNS servers at least a year old (at the time of the attack.)
    • The Honeynet Project Reverse Challenge, done in July 2002, involved analysis of a piece of malware that was [not?] surprisingly a DDoS agent. It implemented several DNS related attacks, including a reflection attack.
    • One of the fundamental issues in distributed reflected attacks is the ability of an attacker to spoof source addresses on packets. Documents describing this problem, and suggested fixes, are found in the Mitigation section of this page below, some going back to 2000.
    • Mitigating DNS Denial of Service Attacks, DNS OARC
  • Estonia claims to be under cyberwarfare DDoS attack from Russia?
    • Kremlin Kids: We Launched the Estonian Cyber War, by Noah Shachtman, Danger Room blog, Wired.com, March 11, 2009
    • Kremlin-backed youths launched Estonian cyberwar, says Russian official, by Dan Goodin, The Register, March 11, 2009
    • Estonia and Russia: A cyber-riot, The Economist, May 10, 2007
    • Estonia urges firm EU, NATO response to new form of warfare: cyber-attacks, Sydney Morning Herald, May 16, 2007
    • Cyber Assaults on Estonia Typify a New Battle Tactic, by Peter Finn, Washington Post Foreign Service, May 19, 2007
    • Estonian DDoS Attacks - A summary to date, by Jose Nazario, ArborSERT blog, May 21, 2007
    • When cyberattacks are politically motivated, by Robert Vamosi, Special to CNET News.com, May 29, 2007 [Interview with Jose Nazario of Arbor Networks]
    • After Computer Siege in Estonia, War Fears Turn to Cyberspace, by Mark Landler and John Markoff, The New York Times, May 29, 2007
    • Cyberwar is breaking out of sci-fi genre, Pavla Kozkov, Czech Business Weekly, June 11, 2007
  • The "Botmaster Underground" case
    • FBI agents bust 'Botmaster', Reuters News Service, November 4, 2005
    • 'Botmaster' pleads guilty to computer crimes, Reuters, January 24, 2006 [Teen admits to controlling somewhere near 500,000 computers, must return $60,000 cash, computer equipment, and a BMW he bought with proceeds from renting the botnet.
    • eWeek blog entry about the case
    • U.S. Department of Justice press release.
    • Lee Graham Walker, Axel Gembe CHARGED in Operation Cyberslam, Outlook Series, October 6, 2008
    • U.S. v. James Jeanson Ancheta (federal indictment)
    • 20-year-old 'botmaster' faces years behind bars, Reuters, May 9, 2006
    • This was not the first case of DDoS-for-hire in the U.S., however. That was another case in 2005.
      • THE CASE OF THE HIRED HACKER: Entrepreneur and Hacker Arrested for Online Sabotage, FBI.gov headline story, April 18, 2005
      • Duo charged over DDoS for hire scam, by John Leyden, The Register, March 22, 2005
      • Michigan Man Arrested for Using New Jersey Juvenile to Launch Destructive "DDOS for Hire" Computer Attacks on Competitors, US Department of Justice press release, March 18, 2005
• Books related to DDoS
  • Internet Denial of Service: Attack and Defense Mechanisms, by Jelena Mirkovic, Sven Dietrich, David Dittrich and Peter Reiher, Prentice Hall PTR, ISBN 0131475738 (Errata and related material)
  • Malware: Fighting Malicious Code, by Ed Skoudis and Lenny Zeltser, Prentice Hall PTR ISBN 0131014056, November, 2003
  • The Tao of Network Security Monitoring, by Richard Bejtlich, Addison-Wesley, ISBN 0321246772, July, 2004
  • Defense and Detection Strategies against Internet Worms, by Jose Nazario, ISBN 1580535372, 2004
  • The Art of Computer Virus Research and Defense, by Peter Szor, Addison Wesley in collaboration with Symantec Press, ISBN 0321304543, February, 2005
• Analyses and talks on attack tools
  • The DoS Project's "trinoo" distributed denial of service attack tool, by David Dittrich
  • RAZOR analysis of WinTrinoo
  • Report of Windows version of trinoo DDOS tool by Gary Flynn, James Madison University
  • The "Tribe Flood Network" distributed denial of service attack tool, by David Dittrich
  • The "stacheldraht" distributed denial of service attack tool, by David Dittrich
  • TFN2K - An Analysis, by Jason Barlow and Woody Thrower, Axent Security Team
  • "Trinity" Distributed Denil of Service Attack Tool, by Michael Marchesseau, September 11, 2000
  • Notes of talk given at CERT Distributed-Systems Intruder Tools Workshop, November 2, 1999
  • An analysis of the "Shaft" distributed denial of service tool, by Sven Dietrich, Neil Long, and David Dittrich
    [BUGTRAQ followup post by Richard Wash] (PDF Version from Information Security Bulletin magazine)
  • Analysis of a Shaft Node and Master, by Rick Wash and Jose Nazario, March 26, 2000
  • "Analyzing Ditributed Denial of Service Attack Tools: The Shaft Case" (PDF), by Sven Dietrich, Neil Long, and David Dittrich, Presented at LISA 2000 (GZIP PostScript)
  • Steve Bellovin's NANOG presentation on DDOS Attacks, February 7, 2000
  • Presentation at DDoS BoF, NANOG Meeting, February 7, 2000
  • The "mstream" distributed denial of service attack tool, by David Dittrich, George Weaver, Sven Dietrich, and Neil Long
  • Invited Talk, "DDoS: Is There Really a Threat?," USENIX Security Symposium, August 16, 2000
  • Analysis of the "Power" bot, by David Dittrich
  • GT Bot (Global Threat), by Lockdown Corp.
  • kaiten.c (no analysis, just code)
  • knight.c (no analysis, just code)
  • X-DCC (IRC "warez" bots often combined with DDoS)
    • CanSecWest talk on disassembling malware networks by Dave Dittrich, May 2002 (see xdcc-analysis.txt for analysis)
    • XDCC - An .EDU Admin's Nightmare, by TonikGin, Sept. 11 2002
  • ocxdll.exe / mIRC Trojan Analysis, by Kyle Lai, September 5, 2002
  • Honeynet Project Reverse Challenge binary ([not?] surprisingly, this is a DDoS agent)
  • Robert Graham's analysis of the Blaster worm
  • sdbot command reference
  • rxbot command reference
  • Inside the Slammer Worm, by David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford, and Nicholas Weaver, IEEE Security & Privacy (Vol 1 No 4)
  • Phatbot Trojan Analysis, by LURHQ
• Fundamental problems
  • Attribution
    • Techniques for Cyber Attack Attribution, by David A. Wheeler, Institute for Defense Analyses, October 2003
  • Source Address Forgery
    • F-08: Internet Address Spoofing and Hijacked Session Attacks, DoE CIAC, January 23, 1995
    • CERT Advisory CA-1995-01 IP Spoofing Attacks and Hijacked Terminal Connections, January 23, 1995
    • IP Spoofing Demystified, Phrack magazine, Issue 48, Article 14, June 1996
    • CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks, September 19, 1996
    • Help Defeat Denial of Service Attacks: Step-by-Step, SANS, March 23, 2000
    • BCP 38, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing," by Paul Ferguson and Daniel Senie, May 2000
    • SAVE: Source Address Validity Enforcement Protocol, by Jun Li, Jelena Mirkovic, Mengqiu Wang, Peter Reiher, and Lixia Zhang, 2001
    • SAC004, "Securing the Edge," by Paul Vixie, October 17, 2002
    • Changing IP to Eliminate Source Forgery, by Donald Cohen, K. Narayanaswamy, Fred Cohen
• Defensive Tools
  • RID, by David Brumley
  • National Infrastructure Protection Center; Trinoo/Tribal Flood Net/Stacheldraht/tfn2k detection tool
  • BindView's Zombie Zapper
  • Index of Distributed Tools at Packet Storm
  • dds -- a trinoo/TFN/stacheldraht agent scanner (C source code) by Dave Dittrich, Marcus Ranum, George Weaver, David Brumley, and others. [In BETA testing.] (Use RID instead.)
  • gag -- a stacheldraht agent scanner (C source code) by Dave Dittrich, Marcus Ranum, and others. (Use RID instead.)
  • Ramenfind (Identification and cleanup tool for the Ramen worm, which was modified to install DDoS agents in February 2001.)
  • IP Source Tracking on Cisco 12000 Series Internet Routers (PDF version), Cisco Systems
• Advisories
  • CERT Incident Note 99-07 Distributed Denial of Service Tools, November 18, 1999
  • NIPC ADVISORY 00-055: "Trinity v3/Stacheldraht 1.666" Distributed Denial of Service Tools, October 13, 2000
  • CERT Incident Note IN-2000-05 "mstream" Distributed Denial of Service Tool, May 2, 2000
  • CERT Advisory CA-2000-01 Denial-of-Service Developments
  • Sun Bulletin #00193, Distributed Denial-of-Service Tools, January 5, 2000
• Mitigation information
  • Start by reading these documents:
    • Distributed Denial of Service Attacks, by Bennett Todd, Linuxsecurity.com, February 18, 2000
    • Results of the [CERT sponsored] Distributed-Systems Intruder Tools Workshop [PDF version]
    • Managing the Threat of Denial of Service, by Allen Householder, Art Manion, Linda Pesante, and George Weaver (CERT/CC) in collaboration with Rob Thomas, October 2001
    • Consensus Roadmap for Defeating Distributed Denial of Service Attacks, A Project of the Partnership for Critical Infrastructure Security
    • Help Defeat Denial of Service Attacks: Step-by-Step, SANS Institute
    • Denial of Service (DoS) Attack Resources, by Paul Ferguson
    • BCP 38, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing," by Paul Ferguson and Daniel Senie, May 2000
    • SAC004, "Securing the Edge," by Paul Vixie, October 17, 2002
  • SYN flood protection
    • TCP/IP stack tuning on end systems, by Rob Thomas
    • Hardening the TCP/IP stack to SYN attacks, by Mariusz Burdach, SecurityFocus, September 10, 2003
    • Solaris 2.x - Tuning Your TCP/IP Stack and More
    • Countering SYN Flood Denial-of-Service Attacks, by Ross Oliver, Tech Mavens, August 29, 2001
  • Advice for server administrators
    • Protect the required and often attacked services, e.g. DNS., by Rob Thomas
  • Advice for network providers
    • Mitigating DNS Denial of Service Attacks, DNS OARC
    • Characterizing and Tracing Packet Floods Using Cisco Routers, Cisco Systems Inc.
    • "Essential IOS" - Features Every ISP Should Consider, Cisco Systems Inc.
    • ISP security (from an operations perspective), NANOG Tutorial by Barry Raveendran Greene (Cisco), Christopher L. Morrow and Brian W. Gemberling (UUNET) [Mentioned in USENIX 2005 tutorial]
    • Protect the border and the border routers (also ported to Juniper and Riverstone), by Rob Thomas
    • Protect your BGP peering and RIBs (also ported to Juniper and Riverstone), by Rob Thomas
    • Monitor DoS attacks with NetFlow on your VIPs, by Rob Thomas
    • Track the source of spoofed packets, by Rob Thomas
    • Filtering ICMP and minimum ICMP messages, by Rob Thomas
    • Null routing traffic and tracking DoS attacks, by Chris Morrow
    • Blocking Code Red Worm with Cisco IOS NBAR, 4 August 2001
    • Using Network-Based Application Recognition and Access Control Lists for Blocking the "Code Red" Worm at Network Ingress Points, Cisco Tech Note
    • A DDOS defeating technique based on routing, BUGTRAQ posts by Fernando Schapachnik, February 20, 2000
    • Path MTU Discovery and Filtering ICMP, by Marc Slemko
    • RFC 2267 -- Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, by Paul Fergussen and Daniel Senie
    • RFC 2644 -- Changing the Default for Directed Broadcasts in Routers, by Daniel Senie
    • Distributed Denial of Service (DDoS) News Flash, Cisco Systems Inc.
    • Policing and Shaping Overview, Cisco whitepaper on rate limiting
  • General advice
    • DDoS Attack Mitigation, BUGTRAQ posts by Elias Levy, 11 Feb 2000
    • Incident Handling Step by Step: Unix Trojan Programs, SANS Institute
    • Smurf attacks by Craig A. Huegen
    • Tune your firewalls and end systems, by Rob Thomas
• Legal implications
  • SANS Webcast on Legal Liability for Security Breaches - and Minimum Standards of Due Care with Mark Rasch and Hal Pomeranz, February 26, 2003
  • Distributed Denial-of-Service Attacks, Contributory Negligence and Downstream Liability, by M. E. Kabay, PhD, CISSP
  • DDoS Class Action lawsuit web site
• Related Papers, Essays, Legislative Proposals, and Research
  • Denial of Service Attacks and Challenges in Broadband Wireless Networks, by Shafiullah Khan, Kok-Keong Loo, Tahir Naeem, and Mohammad Abrar Khan, International Journal of Computer Science and Network Security, Vol. 8, No. 7, pp. 1-6, July 2008
  • Breeding Internet Superbugs, by Paul Vixie, July 31, 2006
  • Trends in Denial of Service Attacks, by Jose Nazario, Arbor Networks, Usenix 2003 Work-in-Progress report
  • Extortion Worms: Internet Worms that Discourage Disinfection, by Tim Freeman, February 12, 2002
  • Untraceable Email Cluster Bombs: On Agent-Based Distributed Denial of Service, by Markus Jakobsson and Filippo Menczer, May 23, 2003
  • How to 0wn the Internet in Your Spare Time, by Stuart Staniford, Vern Paxson, and Nicholas Weaver, 2002
  • Taxonomies of Distributed Denial of Service Networks, Attacks, Tools, and Countermeasures, by Ruby B. Lee, Princeton University
  • Distributed Denial of Service, talk by John Ioannidis, April 2002
  • Hop Count Filtering: An Effective Defense Against Spoofed Traffic, by Cheng Jin, Haining Wang, and Kang G. Shin
  • A Taxonomy of DDoS Attacks and DDoS Defense Mechanisms, by Jelena Mirkovic, Janice Martin and Peter Reiher, UCLA Computer Science Department, Technical report #020018
  • D-WARD: DDoS Network Attack Recognition and Defense home page (Peter Reiher, Gregory Prier, Scott Michael, and Jun Li)
  • Computer Crime, by Ronald B. Standler, 2002 (section on DDoS and Mafiaboy case)
  • An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks, by Vern Paxson, June 2001
  • UNISOG thread on Register.com DNS Reflector DoS attack, January 2001
  • "Cyber Threat Trends and US Network Security," Statement for the Record for the Joint Economic Committee, Lawrence K. Gershwin, National Intelligence Officer for Science and Technology, 21 June, 2001
  • CenterTrack, Robert Stone (a defunct research project that attempted to track DoS attacks at UUnet)
  • The Strange Tale of the Distributed Denial of Service Attacks Against GRC.COM, by Steve Gibson, June 2, 2001(My responses to Steve Gibson's initial claims and his later claims of discovering a "new" reflection attack.)
  • CERIAS Attack Traceback Summit Proceedings (PDF version)
  • Inferring Internet Denial-of-Service Activity, by David Moore, Geoffrey M. Voelker and Stefan Savage, University of California, San Diego
  • On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack, by Kihong Park and Heejo Lee, Network Systems Lab and CERIAS, Purdue Univerisity
  • MULTOPS: a data structure for denial-of-service attack detection (PDF), by Thomer M. Gil (PostScript version)
  • Guidelines for Evidence Collection and Archiving , Dominique Brezinski and Tom Killalea (Internet Draft)
  • Draft Convention on Cyber-Crime, Council of Europe (See also Cybercrime Solution Has Bugs, by Declan McCullagh, Wired News, May. 3, 2000)
  • Source code to mstream, a DDoS tool, VULN-DEV post by Anonymous, April 29, 2000
  • THE WAR ON HACKERS, by Gary Lawrence Murphy
  • Distributed Denial Of Service Attacks (DDOS), by David Anderson, MIT
  • Theories on new DoS Attacks v.1, by J. Oquendo
  • On Magic, IRC Wars, and DDoS, by Robert Graham
  • Client-side Distributed Denial-of-Service: Valid campaign tactic or terrorist act?, by the electrohippies collective
  • Spaf's Summary of White House meeting, February 19, 2000
  • DDoS Whitepaper by Bennett Todd (readable overview intended for non-techies)
  • Crypto-Gram, by Bruce Schneier, February 15, 2000
  • Current Events on The Net: Fact, Fiction, or Hype?, by Richard Forno
  • DDoS FAQ, by Kurt Seifried
  • 10 Proposed 'first-aid' security measures against Distributed Denial Of Service attacks, by Mixter
  • "Tribe Flood Network 3000": A theoretical review of what exactly Distributed DOS tools are, how they can be used, what more dangerous features can be implemented in the future, and starting points on establishing Network Intrusion Detection Rules for DDOS, by Mixter
  • Protecting Against the Unknown -- A guide to improving network security to protect the Internet against future forms of security hazards, by Mixter
  • Have Script, Will Destory (Lessons in DoS), by Brian Martin, Attrition.org
  • Practical Network Support for IP Traceback, by Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, Department of Computer Science and Engineering, University of Washington
  • ICMP Traceback Messages (IETF draft proposal), by Steven Bellovin
  • Advanced and Authenticated Marking Schemes for IP Traceback, by Dawn X. Song and Adrian Perrig
  • Host Identity Payload, Internet Draft, Robert Moskowitz, ICSA.net
  • Host Identity Payload -- Architecture, Internet Draft, Robert Moskowitz, ICSA.net
  • Host Identity Payload -- Implementation, Internet Draft, Robert Moskowitz, ICSA.net
  • Purgatory 101: Learning to cope with the SYNs of the Internet, by NightAxis and Rain Forrest Puppy
  • Distributed Attacks and the Way To Deal With Them, by Tim Yardley
  • Strategies for Defeating Distributed Attacks, by Simple Nomad
  • Hacktivism: Civil Disobedience, Cyberterrorism or Silly Posturing?, vigilante.com
• Vendors marketing products in the DDoS space
  (DISCLAIMER: Inclusion here does not imply I believe these products are or are not good solutions. These companies simply claim to have some kind of "solution" to the issues of DDoS.)
  • Network level defenses (detect, stop floods)
    • Arbor Networks
    • Mazu Networks
    • Captus Networks
    • CS3
    • Riverhead Networks
    • Reactive Network Solutions
  • Host level defenses (detect, stop handler/agent installation)
    • Entercept
    • Tripwire
  • Augmented Intrusion Detection (detect)
    • Oneka
    • Recourse Technologies
  • Managed Security Services (react)
    • TrustWave
    • Solsoft
    • Aprisma
  • Work in progress research
    • Shai
  • Notes from Lockheed Martin conference on DDoS vendor solutions, December 20, 2001
• Selected news reports/interviews/panel discussions
  (in reverse chronological order)
  • Activists Launch Hack Attacks on Tehran Regime, by Noah Shachtman, Wired.com, June 15, 2009
  • DDoS attack damaged public civil service for the first time, by Jang, Dong-joon, Kim, In-soon, Korea IT News, March 10, 2009
  • Techwatch weathers DDoS extortion attack: Botnet blackmail, by John Leyden, The Register, January 30, 2009
  • Internet Attacks Grow More Potent, by John Markoff, November 9, 2008 [One slight correction: The first major distributed reflected DDoS attack, as noted elsewhere on this page, occured in 2001 against Register.com.]
  • Before the Gunfire, Cyberattacks, by John Markoff, New York Times, August 12, 200
  • Feds: Teen made computers 'zombies', by Jared Miller, Star-Tribune capital bureau, June 27, 2008
  • Radio Free Europe DDOS attack latest by hactivists, by Elinor Mills, News Blog, May 1, 2008
  • SlideShare Slammed with DDOS Attacks from China, by Mark Hendrickson, TechCrunch Blog, April 23, 2008 [We didn't pay this person to advertise out book. Honestly.]
  • DDOS Danger For Online Gambling Sites, Online-Casinos.com, February 20, 2008
  • Quebec police bust alleged hacker ring, by Jan Ravensbergen, Canwest News Service, February 20, 2008
  • 'Ragtag' Russian army shows the new face of DDoS attacks: Semi-organized people just as dangerous as botnets, by Dan Goodin, The Register, January 4, 2008
  • Making malware unprofitable: economics key to slowing hackers down, by John Timmer, Ars Technica, November 20, 2007
  • Security Pro Admits to Hijacking PCs for Profit, blog post by Brian Krebs, November 10, 2007
  • Is IT losing the battle against DNS attacks?, by Michael Cooney, Network World, July 18, 2007
  • Fast flux foils bot-net takedown, by Robert Lemos, SecurityFocus, July 7, 2007
  • Anti-spam sites weather DDoS assault, by John Leyden, The Register, June 11, 2007
  • Cyberwar is breaking out of sci-fi genre, Pavla Kozkov, Czech Business Weekly, June 11, 2007
  • After Computer Siege in Estonia, War Fears Turn to Cyberspace, by Mark Landler and John Markoff, The New York Times, May 29, 2007
  • When cyberattacks are politically motivated, by Robert Vamosi, Special to CNET News.com, May 29, 2007 [Interview with Jose Nazario of Arbor Networks]
  • Estonian DDoS Attacks - A summary to date, by Jose Nazario, ArborSERT blog, May 21, 2007
  • Cyber Assaults on Estonia Typify a New Battle Tactic, by Peter Finn, Washington Post Foreign Service, May 19, 2007
  • Estonia urges firm EU, NATO response to new form of warfare: cyber-attacks, Sydney Morning Herald, May 16, 2007
  • Estonia and Russia: A cyber-riot, The Economist, May 10, 2007
  • Biggest threat to Internet could be a massive virtual blackout, by Andrew Noyes, National Journal's Technology Daily, April 5, 2007
  • GoDaddy whacked by DDoS attack, by Kevin Murphy, Computer Business Review Online, March 12, 2007
  • National Bolsheviks ousted from Runet, by CNews.ru, February 26, 2007
  • Phish fighters floored by DDoS assault, by John Leyden, TheRegister.co.uk, February 20, 2007
  • 2006: E-security in Vietnam shaken by crimes, VietNamNet Bridge, January 16, 2007
  • CafePress wilts under DDoS assault, by John Leyden, The Register, December 22, 2006
  • Analysis: Websites struggling for legal recourse for DoS attacks, by Matt Whipp, PC Pro News (UK), November 23, 2006
  • Florida man charged in botnet attack on Akamai, by Caroline McCarthy, CNET News.com, October 24, 2006
  • National Australia Bank hit by DDoS attack, by Munir Kotadia, ZDNet Australia, October 20, 2006
  • Airline foils hackers with latest high-tech defences, by Bill Goodwin, Computer Weekly, September 27, 2006
  • 20-year-old 'botmaster' faces years behind bars, Reuters, May 9, 2006
  • Blue Security attack linked to blog crashes, by Tom Espiner, ZDNet (UK), May 4, 2006
  • Cyberattack knocks millions of blogs offline, by Joris Evers, CNET News.com, May 3, 2006
  • 'Second Life' fending off denial-of-service attacks, by Daniel Terdiman, CNET News.com, May 1, 2006
  • Sun Grid hit by network attack, by Stephen Shankland, CNET News.com, March 22, 2006
  • 'Botmaster' pleads guilty to computer crimes, Reuters, January 24, 2006 [Teen admits to controlling somewhere near 500,000 computers, must return $60,000 cash, computer equipment, and a BMW he bought with proceeds from renting the botnet. See also this eWeek blog entry and U.S. Department of Justice press release.]
  • Blackmailers try to black out Million Dollar Homepage, by Dawn Kawamoto, CNET News.com, January 18, 2006
  • FBI agents bust 'Botmaster', Reuters News Service, November 4, 2005
  • 'Bot herders' may have controlled 1.5 million PCs, by Joris Evers, CNET News.com, October 21, 2005 [Note: This article doesn't say how the 1.5 million count was obtained, which could mean it is overstated by an order of magnitude or more. There are many reasons why counting things like IP addresses in logs, bot nicks, etc. can be way off the mark, such as DHCP lease times, moving from wired to wireless or dialup networks, etc.]
  • Cops smash 100,000 node botnet: Largest zombie army ever detected, by Tom Sanders, vnunet.com, October 10, 2005 [Note: Actually, several botnets have been reported to be much larger than 100,000. E.g., see Thwarting the Zombies, by Dennis Fisher, eWeek, March 31, 2003, which quotes CERT/CC as saying they have tracked a botnet of 140,000 hosts]
  • Hackers Admit to Wave of Attacks, by Kevin Poulson, Wired, September 8, 2005
  • Teenager jailed for Web attacks, by Graeme Wearden, ZDNet UK, August 17, 2005
  • Stalking the Internet, an army on the rise, by Stephen Labaton, The New York Times, June 24, 2005
  • THE CASE OF THE HIRED HACKER: Entrepreneur and Hacker Arrested for Online Sabotage, FBI.gov headline story, April 18, 2005
  • Rootkit Web sites fall to DDoS attack, by Paul Roberts, IDG News Service, April 11, 2005
  • Duo charged over DDoS for hire scam, by John Leyden, The Register, March 22, 2005
  • Michigan Man Arrested for Using New Jersey Juvenile to Launch Destructive "DDOS for Hire" Computer Attacks on Competitors, US Department of Justice press release, March 18, 2005
  • Dutch hackers sentenced for attack on government sites: Teens were unhappy about cabinet," by Jan Libbenga, The Register, March 16, 2005
  • BitTorrent servers under attack, by Robert Lemos, CNET News.com, December 2, 2004
  • Antispam screensaver downs two sites in China, by Dan Ilett, ZDNet News (UK), December 2, 2004
  • Lycos Europe denies attack on zombie army, by Dan Ilett, ZDNet News (UK), December 1, 2004,
  • Experts fret over online extortion attempts: 'Bot' armies capable of toppling big sites, some say, by Bob Sullivan, MSNBC, November 10, 2004
  • Lawmaker: Beware of cyber-Pearl Harbor, Reuters, November 5, 2004
  • Online payment firm in DDoS drama, by John Leyden, November 3, 2004
  • Child porn threat to betting site, BBC News, October 27, 2004
  • Dutch government sites attacked, correspondents in Amsterdam, Australian IT, October 6, 2004
  • WorldPay struggles under DDoS attack (again), by John Leyden, The Register, October 4, 2004
  • Zombie armies behind cyberscrime sprees, by Dan Illet, ZDNet (UK), October 1, 2004
  • Update: Credit card firm hit by DDoS attack, by Jaikumar Vijayan, Computerworld, September 22, 2004
  • Attacks disrupt some credit card transactions, by Rob Lemos, CNET News.com, September 22, 2004
  • Extortion Online: Technology can help fight the growing cyberextortion threat, but experts say not enough companies are prepared, by George V. Hulme, InformationWeek, September 13, 2004
  • FBI busts alleged DDoS Mafia, by Kevin Poulsen, SecurityFocus, August 26, 2004 [ Indictment against Paul G. Ashley, Jonathan David Hall, Joshua James Schichtel, Richard Roby, and Lee Graham Walker]
  • Police say Russian hackers are increasing threat, by Oliver Bullough, Reuters, July 28, 2004
  • DoubleClick blacks out from Web attack, by Jim Hu, CNET News.com, July 27, 2004
  • MyDoom.M virus slams search sites, by Byron Acohido and Jon Swarz, USA Today, July 26, 2004
  • British cybercops nab alleged blackmailers, by Graeme Wearden and Andy McCue, ZDNet (UK), July 21, 2004
  • Scotland Yard and the case of the rent-a-zombies, Reuters, July 7, 2004
  • 'Zombie' PCs caused Web outage, Akamai says, by Robert Lemos and Jim Hu, CNET News.com, June 16, 2004
  • Business allegedly attacked via Web: FBI investigates area owner's extortion claim, by Caroline Lynch, The Courier-Journal, May 10, 2004
  • Alarm Grows of Bot Software, by Rob Lemos, CNET News.com, April 30, 2004
  • Bookies suffer online onslaught, by Mark Ward, BBC News Online, March 19, 2004 (Netcraft graphs of UK betting sites)
  • Hackers Embrace P2P Concept: Experts Fear 'Phatbot' Trojan Could Lead to New Wave of Spam or Denial-of-Service Attacks, by Brian Krebs, washingtonpost.com, March 17, 2004
  • Mydoom lesson: Take proactive steps to prevent DDoS attacks, by Jaikumar Vijayan, February 6, 2004
  • The FBI Called Again, by simul, Kuro5hin.org (targetted by DDoS attacks), February 4, 2004
  • Super Bowl fuels gambling sites' extortion fears, by Paul Roberts, IDG News Service, January 28, 2004
  • Attack on SCO sites at an end, by Rob Lemos, CNET News.com, December 12, 2003
  • New computer virus variant floods Web sites of anti-spam activists, by Anick Jesdanun, The Associated Press, December 3, 2003
  • E-commerce targeted by blackmailers, by BBC News, November 26, 2003
  • Dutch blogsites fight cyberwar against spammer, by Jan Libbenga, The Register, November 24, 2003
  • ISPs take on DDoS Attacks, by Denise Pappalardo, Network World, November 19, 2003
  • Zombie machines fueling new cybercrime wave, by Bernhard Warner, computerworld.com, November 17, 2003
  • East European gangs in online protection racket, by John Leyden, The Register, November 12, 2003
  • High-Tech Gangsters Who Shoot on Site, by Chris Nuttall, Financial Times, November 12, 2003
  • Crime gangs extort money with hacking threat, by Chris Nuttall, Financial Times of London, November 11 2003
  • 'DDoS' Attacks Still Pose Threat to Internet, by David McGuire, washingtonpost.com, November 4, 2003
  • Virtual girlfriend 'inspired Internet attack', by Munir Kotadia, Special to CNETAsia, October 13 2003
  • 11,000 IP addresses found on accused hacker's PC, by Munir Kotadia, ZDNet UK, October 8, 2003
  • 'Revenge' hack downed US port systems, by Andy McCue, silicon.com, October 7, 2003
  • Cloaking Device Made for Spammers, by Brian McWilliams, October 9, 2003 [reports one group controlling 450,000 bots]
  • Sobig linked to DDoS attacks on anti-spam sites, by John Leyden, September 25, 2003
  • Teenager arrested in 'Blaster' Internet attack, by Jeordan Legon, CNN, August 29, 2003
  • Hackers cut off SCO Web site, by Martin LaMonica, CNET News.com, August 25, 2003
  • Porn Purveyors Getting Squeezed, by Noah Shachtman, Wired News, July 10, 2003
  • DDoS attack hits clickbank and spamcop.net, by Mirko Zorz, June 25, 2003
  • Rise of the Spam Zombies, by Kevin Poulson, Security Focus, April 27, 2003
  • The Palestinian-Israel: cyberwar, by Patrick D. Allen and Chris C. Demchak, Military Review, March-April, 2003,
  • Thwarting the Zombies, by Dennis Fisher, eWeek, March 31, 2003 [quotes CERT/CC as saying they have tracked a botnet of 140,000 hosts]
  • Al-Jazeera hobbled by DDOS attack: News site targeted for second day, by, Paul Roberts, Infoworld, March 26, 2003
  • DDoS attack cripples Uecomm's AU links, by Patrick Gray, ZDNet Australia, March 20, 2003
  • Thousands 'trojaned' through net shares: CERT, by Patrick Gray, ZDNet Australia, March 12, 2003
  • Worm could be clearing path for DDoS attack, by Patrick Gray, ZDNet Australia, March 10, 2003
  • US and UK arrests in computer worm probe, by John Leyden, March 6, 2003
  • Could Attack on DALnet Spell End for IRC?, by Thor Olavsrud, internetnews.com, January 24, 2003
  • Attacks Fell on Online Community, by Justin Jaffe, Wired News, January 27, 2003
  • DDOS attack 'really, really tested' UltraDNS, by ComputerWire, The Register, November 26, 2002
  • Future Hacking: How Vulnerable is the Net?, by James Maguire, NewsFactor Network, November 4, 2002
  • Attack On Internet Called Largest Ever, by David McGuire and Brian Krebs, washingtonpost.com, October 22, 2002
  • RIAA Web site disabled by attack, by Declan McCullagh, Special to ZDNet News, July 30, 2002
  • ISP run out of business by DOS attacks, geeknews.com, July 23, 2002
  • News Sites Under 'Syn' Attack: Computers in Asia Flooding Sites, Blocking Access, by Paul Eng, ABCNEWS.com, June 14, 2002
  • Good News/Bad News in DoS Struggle, by Jim Carr, Network Magazine, July 7, 2002
  • Cert warns of automated attacks, by James Middleton, vnunet.com, April 9, 2002
  • Scottish ISP floored as DDoS attacks escalate, by John Leyden, The Register, April 9, 2002
  • Denial-of-Service Attacks Still a Threat, by Jaikumar Vijayan, Computer World, April 08, 2002
  • Internet User Sentenced in Federal Court for Using the Internet to Make Threats (DDoS attacks were also involved in this case, although the death threats were the main thrust of prosecutors.)
  • How CloudNine Wound Up in Hell, Reuters (via Wired.com), February 1, 2002
  • Hack Shuts Down British ISP, by Dennis Fischer, eWEEK, January 22, 2002 (Cloud Nine British ISP)
  • Arrested Goner Creators Left Obvious Online Trail, By Brian McWilliams, Newsbytes, December 9, 2001
  • 'Mafiaboy' hacker jailed, BBC News, September 13, 2001
  • DDoS protection racket targets bookies, by John Leyden, The Register, November 26, 2001
  • Cyber-raid hobbles web users, By Michael Foreman, The New Zealand Herald, September 10, 2001
  • Mafiaboy must be jailed, says social worker, by Michelle MacAfee, The Canadian Press, June 19, 2001
  • College: A Cracker's Best Friend, by Michelle Delio, Wired.com, February 28, 2001
  • DoS Attack Storms Weather Channel's Routers, by Rutrell Yasin, InternetWeek, May 24, 2001
  • Hackers storm White House Web site, by Robert Lemos, ZDNet News, May 4, 2001
  • Warning Issued Against Fast-Spreading Hacking Worm, kdh@koreatimes.co.kr, The Korea Times, April 24, 2001
  • Microsoft Web Sites Attacked, by Ariana Eunjung Cha and David Streitfield, Washington Post, January 26, 2001
  • IRC Attack Linked to DoS Threat, by Michelle Delio, Wired, January 12, 2001
  • FBI Targets 7 Hackers In Planned New Year's Eve Virus Attack, by Brian Krebs, Newsbytes, January 11, 2001
  • Lynnwood teen one of several targets of FBI probe, KING 5 News (Seattle), January 10, 2001
  • IRC: Attack From Killer 'HaX0rZ', by Michelle Delio, Wired, January 9, 2001
  • Romanian hacker bombs chat network, by Will Knight, ZDNet UK, January 9, 2001
  • Four Israeli hackers suspected of planning New Year's Eve attack , by Assaf Zohar, Israel's Business Arena, January 3, 2001
  • 2001: Killer hack attacks, by Scott Berinato, eWEEK (via ZDNet UK), December 20, 2000
  • The Year of the Killer Hackers, by Scott Berinato, eWEEK, December 18, 2000
  • 'Mafiaboy' Trying To Stare Down Prosecutors, by Kevin Johnson, USA TODAY, December 5, 2000
  • 'Mafiaboy' to plead guilty to hacking major Web sites, by Linda Rosencrance, Computerworld, November 07, 2000
  • U.S. may face net-based holy war, by Dan Verton, Computerworld, November 13, 2000
  • Abroad at Home: The cyberwars of the Middle East have come to Washington, by John Lancaster, Washington Post, November 3, 2000 (defaced web site)
  • Lucent says Mideast hackers attacked Web site, by Erich Luening, CNET News.com, November 2, 2000,
  • Mideast hackers may strike U.S. sites, FBI warns, by Erich Luening, CNET News.com, November 2, 2000
  • Security experts: Denial-of-service attacks still a big threat, by Patrick Thibodeau, Computerworld, October 20, 2000
  • 'Pecked to Death by a Duck' -- Hacktivists Chat up the World Bank, by Sarah Ferguson, The Village Voice, October 18, 2000
  • Interpol orders immediate cybercrime action, by Will Knight, ZDNet UK, October 11, 2000
  • Internet giants confer on denial-of-service attacks, by Paul Festa, CNET News.com, September 26, 2000
  • Web sites unite to fight denial-of-service war, by Ellen Messmer, Network World, September 25, 2000
  • New Technology Tracks, Kills DoS Attacks At ISP Level, by Cynthia Flash, TechWeb News, September 14, 2000
  • New denial-of-service attack tool uses chat programs, by Ellen Messmer, CNN, September 6, 2000
  • New Web attack tools exploit chat technology, by Evan Hansen, CNET News.com, September 5, 2000
  • Surfing the Tsunami: A large Southeastern university IS team fights off a massive distributed denial of-service attack and lives to tell about it., by DDoS Survivor, Network World, August 28, 2000
  • University researcher traces response to DDOS attacks, by Ann Harrison, Computerworld, August 18, 2000 [Corrections to Computerworld article]
  • New Public-Private Venture Meant to Combat Cybercrime, by Paul Nowell, The Associated Press, August 11, 2000
  • 250 Linux servers infected by denial-of-service program, the Korea Herald, August 1, 2000
  • Lack of funding threatens cybersecurity project, by Elinor Abreu, The Industry Standard, July 31, 2000
  • Wanna know how BT.com was hacked?, by Kieren McCarthy, The Register, July 25, 2000
  • BT hacked: revenge for crap service, by Kieren McCarthy, The Register, July 21, 2000
  • Hackers Plant Attack File in Home Computers, by Chet Dembeck, E-Commerce Times, June 9, 2000
  • Hackers Said Poised for Attack, by D. Ian Hopper, AP, June 9, 2000
  • Online boasting leaves trail -- FBI: Teen a schoolboy by day, brazen hacker by night, by Kevin Johnson, M.J. Zuckerman and Deborah Solomon, USA TODAY, June 7, 2000
  • Experts lecture feds on cybersecurity, by Diane Frank, Federal Computer Week, May 24, 2000
  • Beware of the security zealot, by Lewis Z. Koch, Inter@ctive Week, May 23, 2000
  • New Denial-of-Service Software Found "in the Wild", by Steven Bonisteel, Newsbytes, May 3, 2000
  • Hackers release new DoS tool -- Stakes high in cat-and-mouse game with security experts, by Bob Sullivan, MSNBC, May 2, 2000 [Corrections to MSNBC article]
  • Cybercrime Solution Has Bugs, by Declan McCullagh, Wired News, May. 3, 2000
  • Expert warns of powerful new hacker tool, by Stephen Shankland, CNET News.com, May 1, 2000
  • Probe of Hacker Net a Second Suspect: His Father, by Steven Pearlstein and David A. Vise, Washington Post, April 21, 2000
  • DoS Attacks: What Really Happened, by Bob Sullivan, MSNBC, April 19, 2000
  • `Mafiaboy' Arrested -- Canadian Teen Charged In Web Attacks, by Jonathan Dube and Brian Ross, ABCnews.com, April 19, 2000
  • Hackers can claim copyright on tools, by David Hellaby, AustralianIT, April 18, 2000
  • U.S. Treasury Chief Warns of Cyber Threats, by Jim Wolf, Reuters, April 18, 2000
  • How to Fight Cyber Thugs -- Before it's Too Late, editorial by Jesse Berst, ZDNet AnchorDesk, April 3, 2000
  • Hacker attack costs rise -- FBI, CSI: Verifiable losses due to poor security top $265M in 1999, CNNfn, March 22, 2000
  • DDOS attacks' ultimate lesson: Secure that infrastructure, by Deborah Radcliff, Securityportal.com, March 20, 2000
  • DoS Attack Shuts Down Brazilian Government Site, By Steve Gold, Newsbytes March 18, 2000
  • Ihug hit by hackers, by Adam Gifford, The New Zealand Herald, March 15, 2000
  • Get more secure - or else!, by Lisa M. Bowman, ZDNet|UK|, March 15, 2000
  • Asleep at the switch? -- How the government failed to stop the world's worst Internet attack, by M.J. Zuckerman, USA TODAY, March 9, 2000
    [Note: When I was interviewed by Mike, I hadn't researched the timing of events very thoroughly, so he was working with my rough recollections. I've since tried to put together my own timeline on DDoS events]
  • Web attacks: Cure worse than woes? Trend Micro's anti-viral OfficeScan - which also checks for DoS vulnerabilities - is a prime vehicle for foul play, by Steven J. Vaughan-Nichols, Sm@rt Reseller, ZDNN, March 8, 2000
  • DoS attacks: A problem of the information age Q&A with security guru Dave Dittrich, by J.S. Kelly, SunWorld Online, March 2000
    [Note: I was unable to provide feedback to J.S. Kelly in time, so some of the transcribed answers are not quite what I said. I'll try to clarify more as I find time. See also the Slashdot and other RealAudio interviews for answers to similar questions.]
  • Hatch Won't Hatch Clinton Net Security Idea, by Robert MacMillan, Newsbytes, March 3, 2000
  • Getting Hacked Could Lead to Getting Sued, by Ritchenya A. Shepherd, American Lawyer Media News Service, March 2, 2000
  • Hacker plan: take down the Net -- Associates tell feds Coolio started last month's Web attacks; teen's New England home searched, computers confiscated, by Bob Sullivan, MSNBC, March 1, 2000
  • CIOs Need to Be Held Accountable for Security, by L. Taylor, TechnologyEvaluation.com, February 28th, 2000
  • FBI: Internet Attack Motive Unknown, by Ted Bridis, AP, February 29, 2000
  • Senate Judiciary Committee hearing on Internet Denial of Service Attacks and the Federal Response, February 29, 2000
    • Testimony of Eric Holder, Deputy Attorney General, Department of Justice
    • Testimony of Dan Rosensweig, President and CEO, ZDNet
    • Testimony of "Mudge", @Stake
  • Locking Out the Hackers -- How to safeguard the Web, News: Analysis & Commentary, Business Week, February 28, 2000
  • FBI site hit in latest hacker attacks -- Microsoft, brokerage among victims, but damage is short-lived, MSNBC staff and wire reports, February 25, 2000
  • Web attacks? The ISPs strike back!, by Robert Lemos, ZDNet News, February 23, 2000
  • New hacker software could spread by email, by John Borland, CNET News.com, February 23, 2000
  • Cyber Crime -- First Yahoo! Then eBay. The Net's vulnerability threatens e-commerce--and you, Cover Story, BusinessWeek magazine, February 21, 2000
  • Web attacks: Are ISPs doing enough? Not according to many broadband customers and security experts, by Robert Lemos, ZDNet News, February 21, 2000
  • Internet News Radio interview with David Dittrich (University of Washington) and Brian Martin (aka "jericho" of Attrition.org), February 23, 2000
  • Warding off DDoS Attacks: Tools and services help keep servers from being turned into zombies, by Jim Kerstetter, PC Week Online, February 21, 2000
  • Hacker's Web Weapons Test-Fired on Chat Sites, by Ariana Eunjung Cha, Washington Post, February 19, 2000
  • Dot-Com firms are hacking each other -- expert, by Thomas C. Greene, The Register, February 18, 2000
  • NPR's Diane Rehm show (Real Audio), panel discussion on Internet Security with Jeffrey Hunker (National Security Council), James Adams (iDefense.com), David Dittrich (University of Washington) and Elias Levy (SecurityFocus.com)
  • Slashdot interview
  • Universities likely to remain Net security risks, by John Borland, CNETNews.com, February 15, 2000
  • German programmer "Mixter" addresses cyberattacks, by Stephen Shankland, CNET News.com, February 14, 2000
  • Hacker discloses new Internet attack software , by Stephen Shankland, CNET News.com, February 14, 2000
  • Hacker hunters follow lead to Germany -- Web site attackers exploited Stanford computers, CNN.com, February 13, 2000
  • Hacker probe widens as Canada attacked, by John Greenwood, National Post (with files from Bloomberg News and Dow Jones), February 12, 2000
  • Doing Away with DoS, by Michelle Finley, Wired, February 10, 2000
  • DoS: Defense Is the Best Offense, by Chris Oakes, Wired, February 10, 2000
  • ZDNet Special Report: It's War! Web Under Attack
    [An over-hyped headline, but aggregates several stories]
  • Hack leads point to California university, by John Borland and Jeff Pelline, CNET News.com, February 11, 2000
  • The making of weapons -- underground, by Stephen Shankland, Michael Kanellos, and Mike Yamamoto, CNET News.com, February 9, 2000
  • Hacker tools may come from single source, by Stephen Shankland, Michael Kanellos, and Mike Yamamoto Staff, CNET News.com, February 9, 2000
  • Hackers disrupt Web sites, Seattle Post-Intelligencer, February 9, 2000
  • Was Yahoo Smurfed or Trinooed?, by Declan McCullagh, Wired News, February 8, 2000
  • Yahoo on Trail of Site Hackers, Rueters News Service, February 8, 2000
  • Yahoo brought to standstill, BBC News, February 8, 2000
  • Internet attack slows Web to a crawl -- Assault on Oz.net affects entire area, by Dan Richman, Seattle Post-Intelligencer, January 18, 2000
  • DoS attack programs find warm, safe place on Solaris, by Nora Mikes, SunWorld Magazine, January 2000
  • Experts Warn of Multipronged E-Mail Assaults: New Software Allows Vandals to Overwhelm Computers , by David Noack, APBNews.com, December 27, 1999
  • CERT warns of networked denial of service attacks, by Ann Harrison, Computerworld, December 23, 1999
    [Corrections to Computerworld article]
  • Malicious programs lie in wait, FBI warns, by Bruce V. Bigelow, San Diego Union Tribune, December 15, 1999
    [Corrections to San Diego Union Tribune article]
  • Computer security teams brace for attacks by Stephen Shankland, Staff Writer, CNET News.com, December 20, 1999
    [Corrections to CNET News.com article]
  • Net hackers develop destructive new tools, by M.J. Zuckerman, USA TODAY, December 7, 1999
    [Corrections to USA Today article]
  • Cyberterrorism hype, by Johan J. Ingles-le Nobel, Janes Intelligence Review, October 21, 1999
  • Cyber Attacks -- Both Old and New, by Robert Lemos, ZDNet News, October 20, 1999
  • "Smurf" attack hits Minnesota, by Paul Festa, CNET News.com, March 17, 1998
  • Hackers attack NASA, Navy, by Paul Festa, Staff Writer, CNET News.com, March 4, 1998 (Not DDoS, but still a large DoS attack that affected tens or hundreds of thousands of hosts across the country.)
• History of Denial of Service and its use against Internet Relay Chat (IRC) networks
  • Internet Relay Chat (IRC) History, by Jarkko Oikarinen
  • An IRC Tutorial
  • Bots, Drones, Zombies, Worms and other things that go bump in the night., by Lockdown Corp.
  • Definition of "channel takeover", Valinor IRC glossary
  • Hacking IRC - The Definitive Guide
  • rEfnet Old News (look for "TakeOver" and "split")
  • Why EFnet Sucks, by Mixter
  • Bots Are Hot!, by Andrew Leonard, Wired magazine, April 1996
  • Romanian Cracker Takes Down the Undernet, by Kristi Coale, Wired News, January 14, 1997
  • Out of Band Bug Kicks Users Off Networks, by Mark Joseph Edwards, Wired News, May 12, 1997
  • Smurfing Cripples ISPs, by James Glave, Wired News, January 7, 1998
  • CIAC-2318: "IRC On Your Dime? What You Really Need to Know About Internet Relay Chat (PDF), (PostScript), CIAC, Dept. of Energy, June 1998
  • Denial of Service Attack Information, by Craig A. Huegen (1998)
• Sociological aspects of DoS and DDoS
  • Anti-Social Behavior Online Poses Challenge, GameMarketWatch.com, August 9, 2003
  • The Bad Boys of Cyberspace: Deviant Behavior in Online Multimedia Communities and Strategies for Managing it, Suler, J.R. and Phillips, W., 1998
• Humor
  • Cartoon Explanation of SYN/ACK DoS, imgur
  • Hacker Attacks! by all of the top editorial cartoonists
  
  

  ---

  Dave Dittrich