The Denial of Service Defense (DOS Defense) activities within the Internet Community has been a consistent theme since the 1996 PANIX attacks. Private Industry collaborates and leads these activities with Government and Academic participation. What follows are some places people who are new to the Anti-DOS world can catch up with policies and practices used throughout the industry.
Background Materials on Operational Security Techniques, Practices, and DOS Defense
- New York’s Panix Service Is Crippled by Hacker Attack (1996) New York Times Article
- US National Security Telecommunication Advisory Committee (NSTAC) 2001 Input to the National Plan – An Assessment of the Industry’s Role in National Level Information Sharing, Analysis, and Dissemination Capabilities for Addressing Cyber Crises.
- US’s National Strategy to Secure Cyberspace (2003)
- DDoS Mitigation via Regional Cleaning Centers – RR04-ATL-013177 (Sprint) 2004
- Politically Motivated Denial of Service Attacks by Jose NAZARIO
- 20 Years of DOS Attacks (2016)
Archives and Organizations
There is a range of organizations which are centers of thinking, excellence, and operations for Internet Security. These organizations have archives of paper, best practices, and theoretical analysis.
- CyberGreen – CyberGreen helps CSIRTs focus their remediation efforts on the most important risks; to help understand where improvements can be made and how, together, we can achieve a more sustainable, secure, and resilient cyber ecosystem.
- Forum of Incident Response and Security Teams (FIRST) – The idea of FIRST goes back until 1989, only one year after the CERT(r) Coordination Center was created after the infamous Internet worm. Since 1990, when FIRST was founded, its members have resolved an almost continuous stream of security-related attacks and incidents including handling thousands of security vulnerabilities affecting nearly all of the millions of computer systems and networks throughout the world connected to the ever-growing Internet. FIRST has an annual and regional meeting with over a decade of materials used by the Industry.
- NATO Cooperative Cyber Defence Centre of Excellence (CCDCOC) – The NATO Cooperative Cyber Defence Centre of Excellence is a multinational and interdisciplinary hub of cyber defense expertise. The Tallinn-based international military organization focuses on technology, strategy, operations, and law.
- National Cyber-Forensics & Training Alliance (NCFTA) – One Team, One Goal – Companies, Government, And Academia Working Together To Neutralize Cyber Crime – The National Cyber-Forensics & Training Alliance (NCFTA) is a non-profit corporation founded in 2002, focused on identifying, mitigating, and neutralizing cybercrime threats globally. The NCFTA operates by conducting real-time information sharing and analysis with Subject Matter Experts (SME) in the public, private, and academic sectors. Through these partnerships, the NCFTA proactively identifies cyber threats in order to help partners take preventive measures to mitigate those threats. The NCFTA has a proven track record and has long been identified as the model for private/public partnerships. Today, the NCFTA model, best practices, and lessons learned are being leveraged and emulated in countries around the world. Our membership is constantly growing both nationally and internationally across private industry, law enforcement, government, and academia. Collaboration with partners has resulted in countless criminal and civil investigations having been initiated, that otherwise may not have been addressed. To date, the NCFTA has provided intelligence which has aided in the successful prosecution of hundreds of cybercriminals worldwide. Furthermore, the NCFTA has produced more than 800 cyber threat intelligence reports over in the past three years alone to support our various initiatives and partners.
- Online Trust Alliance (OTA) – Online Trust Alliance is an initiative within the Internet Society (ISOC), a global non-profit with the mission to promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world. OTA’s mission is to enhance online trust, user empowerment and innovation through convening multi-stakeholder initiatives, developing and promoting best practices, ethical privacy practices, and data stewardship.
Examples of Private-to-Private Collaboration on DOS and Operator’s Security
Estonia 2007 Attacks
- HACKERS TAKE DOWN THE MOST WIRED COUNTRY IN EUROPE – 2007 WIRED Magazine. First public highlighting of the Private-to-Private Collaboration for collected DOS defense with reference to the Vetted.
- Doing Battle in Cyberspace: How an Attack on Estonia Changed the Rules of the Game – Over the last 10 years, conventional warfare has been turned on its head by a rise in cyber attacks, forcing countries to grapple with hard questions, as Stephanie MacLellan and Naomi O’Leary report
WireX Take Down (2017)
- The WireX Botnet: How Industry Collaboration Disrupted a DDoS Attack – 28 Aug 2017 by Jaime Cochran
- Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet – 28 Aug 2017 by Brian Krebs
- WireX DDoS Botnet: An Army of Thousands of Hacked Android SmartPhones – 28 Aug 2017 Mohit Kumar
- Down to the WireXDown to the WireXRoland Dobbins – 28 Aug 2017 by Roland Dobbins
Academic Papers on DOS, Operational Security, and Resiliency
- Alliance Formation for DDoS Defense (2003)
- D-WARD: A Source-End Defense Against Flooding Denial-of-Service Attacks – Jelena Mirkovic and Peter Reiher (2003)
- Distributed Denial of Service Attacks – The Internet Protocol Journal – Volume 7, Number 4 by Charalampos Patrikakis, Michalis Masikos, and Olga Zouraraki National Technical University of Athens (2004)
- Breaking the DDoS Attack Chain by Bryan Harris, Eli Konikoff, Phillip Petersen – August 2013
National and Internation Security Planning & Activities
Each country has a responsibility to protect their citizens and public interest from the security threats on today’s hyper-connected Internet. This network has replaced telecommunications networks so that we all have one network. This section collects materials from each of the countries.
Japan
- Japanese Cybersecurity Strategy (2015) – Three Year Plan
- Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC)
- Japan’s New Cybersecurity Strategy: Security Without Thwarting Economic Growth – November 02, 2015 – Blog Post by Guest Blogger for Adam Segal
- Japan’s Approach to International Strategy on Cyber Security Cooperation (2015) – by Yoko Nitta
- Japan Network Security Association – (JNSA) – The goal of NPO Japan Network Security Association (JNSA) is to promote standardization related to network security, and to contribute to greater technological standards in the field, enhancing the public welfare through awareness, education, research and information-dissemination activities related to network security. At present, the Association is comprised of many different working groups carrying out different facets of the Association’s charter