Denial of Service (DoS) Attack Resources

Last updated: 17 July  05:30  EDT
Contact info: See Our Contact Page

Used by permission. Kevin Siers, North Carolina -- Editorial cartoons from the Charlotte Observer - Visit Kevin's archices.

Law Enforcement Contacts:

NIPC (National Infrstructure Protection Center)

U.S. Department of Justice, Computer Crime and Intellectual Property  Section (CCIPS)

Technical Information:

CERT® (Computer Emergency Response Team at CMU)

Cisco Systems: Distributed Denial of Service (DDoS) News Flash, February 9, 2000

Cisco Systems: Internet Security Advisories

Cisco Systems: Characterizing and Tracing Packet Floods Using Cisco Routers

Cisco Systems Product Security Incident Response (PSIRT)

Cisco Systems: "Essential IOS" - Features Every ISP Should Consider

Cisco Flow Logs and Intrusion Detection at the Ohio State University

Craig Huegen's very useful web page on minimizing the effects of DoS attacks:

Dave Dittrich's (University of Washington) analysis of the recent DDoS attack tools

"Documenting Special Use IPv4 Address Blocks that have been registered with IANA",
draft-manning-dsua-03.txt, Bill Manning, 1 May 2000.

DoD CERT Online

Federal Computer Incident Response Capability (FedCIRC) (International Computer Security Association)

JMU WinTrin00 report

Know your enemy: Script Kiddies

Mitre's Cyber Resource Centre

Network World Fusion Research: Denial of Service attack resources

Packet Storm

Smurf Amplifier Registry (SAR)

RFC1918: "Address Allocation for Private Internets", Y. Rekhter, B. Moskowitz,
D. Karrenberg, G. J. de Groot, E. Lear, February 1996.

RFC1948: "Defending Against Sequence Number Attacks", S. Bellovin, May 1996.

RFC2196: "Site Security Handbook", B. Fraser, September 1997.

RFC2350 (BCP21): "Expectations for Computer Security Incident Response", N. Brownlee,
E. Guttman, June 1998.

RFC2644 (BCP34): "Changing the Default for Directed Broadcasts in Routers",
D. Senie, August 1999.

RFC2827 (BCP38): "Network Ingress Filtering: Defeating Denial of Service Attacks which
employ IP Source Address Spoofing", P. Ferguson, D. Senie, May 2000.
(Obsoletes RFC 2267)

The SANS Institute: "Handling A Distributed Denial of Service Trojan Infection: Step-by-Step."

"Security Expectations for Internet Service Providers", draft-ietf-grip-isp-expectations-03.txt,
T. Killalea, February 2000.

"Security Checklist for Internet Service Provider (ISP) Consumers", draft-ietf-grip-user-02.txt,
T. Hansen, June 1999.

"Site Security Handbook Addendum for ISP's", draft-ietf-grip-ssh-add-00.txt, T. Debeaupuis,
August 1999.

Pertinent mailing lists:

The North American Network Operators Group

Cisco NSP (Network Service Provider) list, hosted by Nether.Net
To subscribe to this list, send a message to, with "subscribe"
in the message body.

Cisco User's Mailing List, a.k.a. "Cisco@Spot"
The Cisco mailing list is maintained by David Wood of the University of Colorado.
To subscribe to this list, send your request to, with
"subscribe" in the message body. Searchable archives of this mailing list can be found

The CERT® Advisory Mailing List

The Firewalls Digest mailing list
Originally hosted for many years by Great Circle  Associates, it is now hosted by Global Networking and
Computing. Searchable archives of this mailing list can also be found at

To subscribe to this list, send your request to,  with "subscribe bugtraq" in
the message body.

Questions or comments on this page: See Our Contact Page
Entry Page