[tforum] UtahSAINT Action Requested

Troy Jessup tj@uen.org
Tue, 31 May 2005 23:52:10 -0600


This is a multi-part message in MIME format.

------=_NextPart_000_001C_01C5663B.C55C6EC0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

UtahSAINT, and Others,

 

            Over the past few weeks, we have experienced many Denial Of
Service attacks on the Network.  As we discussed on the Security Call this
morning, we need everyone on the network to implement Anti-Spoofing filters
on their Internet Access Points.  Many of the recent DoS attacks have used
Spoofed addresses making them harder to track down, and we need to begin to
eliminate the ability for miscreants to use our networks to source random
traffic.  We are working on tracking down the infected machines, and expect
to have them narrowed down soon, but the process can be much faster or
prevented entirely if these filters are installed at your network access
points.

 

            Anti-Spoofing Filters can be installed in most router and
firewall ACLs.   The basis of this process is to do the following:

 

            You want to Deny all traffic coming into your network which is
NOT destined for an address that is behind your network access point.

 

            More importantly, You need to block all OUTBOUND traffic that
does not have a source IP address which exists on your network.

 

            If you need any help with this process, please contact the UEN
network operations Center or the UEN Security Office.  This basic security
procedure will be critical for everyone connecting to the GL3 Network due to
the capability of a single network to generate so much traffic on the
backbone.

 

            If you already have these filters already in place at either
your firewall or router, or when you implement these filters, please respond
to this email with the basic information about which entity you are and the
status of your implementation.  It is not necessary to give details of the
specific filter(s).

 

 

--TROY

 

            

 


------=_NextPart_000_001C_01C5663B.C55C6EC0
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
 name=3D"City"/>
<o:SmartTagType =
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"
 name=3D"place"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:Arial;
	color:windowtext;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
	{page:Section1;}
-->
</style>

</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>UtahSAINT, and Others,<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp; Over
the past few weeks, we have experienced many Denial Of Service attacks =
on the
Network.&nbsp; As we discussed on the Security Call this morning, we =
need
everyone on the network to implement Anti-Spoofing filters on their =
Internet
Access Points.&nbsp; Many of the recent DoS attacks have used Spoofed =
addresses
making them harder to track down, and we need to begin to eliminate the =
ability
for miscreants to use our networks to source random traffic.&nbsp; We =
are
working on tracking down the infected machines, and expect to have them
narrowed down soon, but the process can be much faster or prevented =
entirely if
these filters are installed at your network access =
points.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp; Anti-Spoofing
Filters can be installed in most router and firewall ACLs.&nbsp;&nbsp; =
The
basis of this process is to do the =
following:<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp; You
want to Deny all traffic coming into your network which is NOT destined =
for an
address that is behind your network access =
point.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp; More
importantly, You need to block all OUTBOUND traffic that does not have a =
source
IP address which exists on your network.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp; If
you need any help with this process, please contact the UEN network =
operations
Center or the UEN Security Office.&nbsp; This basic security procedure =
will be
critical for everyone connecting to the GL3 Network due to the =
capability of a
single network to generate so much traffic on the =
backbone.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp; If
you already have these filters already in place at either your firewall =
or
router, or when you implement these filters, please respond to this =
email with
the basic information about which entity you are and the status of your
implementation.&nbsp; It is not necessary to give details of the =
specific
filter(s).<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>--<st1:City w:st=3D"on"><st1:place =
w:st=3D"on">TROY</st1:place></st1:City><o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp; <o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><o:p>&nbsp;</o:p></span></font></p>

</div>

</body>

</html>

------=_NextPart_000_001C_01C5663B.C55C6EC0--