Distributed Denial of Service (DDoS) Attacks/tools

• Analyses and talks on attack tools
  • X-DCC (IRC "warez" bots often combined with DDoS)
    • CanSecWest talk on disassembling malware networks by Dave Dittrich, May 2002 (see xdcc-analysis.txt for analysis)
    • XDCC - An .EDU Admin's Nightmare, by TonikGin, Sept. 11 2002
  • Invited Talk, "DDoS: Is There Really a Threat?," USENIX Security Symposium, August 16, 2000
  • The DoS Project's "trinoo" distributed denial of service attack tool, by David Dittrich
  • RAZOR analysis of WinTrinoo
  • Report of Windows version of trinoo DDOS tool by Gary Flynn, James Madison University
  • The "Tribe Flood Network" distributed denial of service attack tool, by David Dittrich
  • The "stacheldraht" distributed denial of service attack tool, by David Dittrich
  • TFN2K - An Analysis, by Jason Barlow and Woody Thrower, Axent Security Team
  • An analysis of the ``Shaft'' distributed denial of service tool, by Sven Dietrich, Neil Long, and David Dittrich
    [BUGTRAQ followup post by Richard Wash] (PDF Version from Information Security Bulletin magazine)
  • "Analyzing Ditributed Denial of Service Attack Tools: The Shaft Case" (PDF), by Sven Dietrich, Neil Long, and David Dittrich, Presented at LISA 2000 (GZIP PostScript)
  • The "mstream" distributed denial of service attack tool, by David Dittrich, George Weaver, Sven Dietrich, and Neil Long
  • Analysis of the "Power" bot, by David Dittrich
  • GT Bot (Global Threat), by Lockdown Corp.
  • kaiten.c (no analysis, just code)
  • knight.c (no analysis, just code)
  • Notes of talk given at CERT Distributed-Systems Intruder Tools Workshop, November 2, 1999
  • Steve Bellovin's NANOG presentation on DDOS Attacks, February 7, 2000
  • Presentation at DDoS BoF, NANOG Meeting, February 7, 2000

• Defensive Tools
  • RID, by David Brumley
  • NATIONAL INFRASTRUCTURE PROTECTION CENTER; TRINOO/Tribal Flood Net/tfn2k detection tool
  • BindView's Zombie Zapper
  • Index of Distributed Tools at Packet Storm
  • dds -- a trinoo/TFN/stacheldraht agent scanner (C source code) by Dave Dittrich, Marcus Ranum, George Weaver, David Brumley, and others. [In BETA testing.] (Use RID instead.)
  • gag -- a stacheldraht agent scanner (C source code) by Dave Dittrich, Marcus Ranum, and others. (Use RID instead.)
  • Ramenfind (Identification and cleanup tool for the Ramen worm, which was modified to install DDoS agents in February 2001.)
  • IP Source Tracking on Cisco 12000 Series Internet Routers (PDF version), Cisco Systems

• Advisories
  • ADVISORY 00-055: "Trinity v3/Stacheldraht 1.666" Distributed Denial of Service Tools, NIPC, October 13, 2000
  • CERTŪ Incident Note IN-2000-05 "mstream" Distributed Denial of Service Tool, May 2, 2000
  • CERTŪ Advisory CA-2000-01 Denial-of-Service Developments
  • Sun Bulletin #00193, Distributed Denial-of-Service Tools, January 5, 2000

• Mitigation information
  • ISP security (from an operations perspective), NANOG Tutorial by Barry Raveendran Greene (Cisco), Christopher L. Morrow and Brian W. Gemberling (UUNET)
  • Results of the [CERT sponsored] Distributed-Systems Intruder Tools Workshop [PDF version]
  • Protect the border and the border routers (also ported to Juniper and Riverstone), by Rob Thomas
  • Protect your BGP peering and RIBs (also ported to Juniper and Riverstone), by Rob Thomas
  • Protect the required and often attacked services, e.g. DNS., by Rob Thomas
  • Monitor DoS attacks with NetFlow on your VIPs, by Rob Thomas
  • Track the source of spoofed packets, by Rob Thomas
  • Filtering ICMP and minimum ICMP messages, by Rob Thomas
  • Tune your firewalls and end systems, by Rob Thomas
  • Null routing traffic and tracking DoS attacks, by Chris Morrow
  • Blocking Code Red Worm with Cisco IOS NBAR, 4 August 2001
  • Using Network-Based Application Recognition and Access Control Lists for Blocking the "Code Red" Worm at Network Ingress Points, Cisco Tech Note
  • Incident Handling Step by Step: Unix Trojan Programs, SANS Institute
  • Consensus Roadmap for Defeating Distributed Denial of Service Attacks, A Project of the Partnership for Critical Infrastructure Security
  • Help Defeat Denial of Service Attacks: Step-by-Step, SANS Institute
  • DDoS Attack Mitigation, BUGTRAQ posts by Elias Levy, 11 Feb 2000
  • A DDOS defeating technique based on routing, BUGTRAQ posts by Fernando Schapachnik, February 20, 2000
  • Smurf attacks by Craig A. Huegen
  • Path MTU Discovery and Filtering ICMP, by Marc Slemko
  • RFC 2267 -- Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing, by Paul Fergussen and Daniel Senie
  • RFC 2644 -- Changing the Default for Directed Broadcasts in Routers, by Daniel Senie
  • "Essential IOS" - Features Every ISP Should Consider, Cisco Systems Inc.
  • Distributed Denial of Service (DDoS) News Flash, Cisco Systems Inc.
  • Characterizing and Tracing Packet Floods Using Cisco Routers, Cisco Systems Inc.
  • Policing and Shaping Overview, Cisco whitepaper on rate limiting
  • Denial of Service (DoS) Attack Resources, by Paul Ferguson

• Related Papers, Essays, Legislative Proposals, and Research
  • Computer Crime, by Ronald B. Standler, 2002 (section on DDoS and Mafiaboy case)
  • An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks, by Vern Paxson, June 2001
  • UNISOG thread on Register.com DNS Reflector DoS attack, January 2001
  • "Cyber Threat Trends and US Network Security," Statement for the Record for the Joint Economic Committee, Lawrence K. Gershwin, National Intelligence Officer for Science and Technology, 21 June, 2001
  • CenterTrack, Robert Stone (a defunct research project that attempted to track DoS attacks at UUnet)
  • The Strange Tale of the Distributed Denial of Service Attacks Against GRC.COM, by Steve Gibson, June 2, 2001(My responses to Steve Gibson's initial claims and his later claims of discovering a "new" reflection attack.)
  • CERIAS Attack Traceback Summit Proceedings (PDF version)
  • Inferring Internet Denial-of-Service Activity, by David Moore, Geoffrey M. Voelker and Stefan Savage, University of California, San Diego
  • On the Effectiveness of Probabilistic Packet Marking for IP Traceback under Denial of Service Attack, by Kihong Park and Heejo Lee, Network Systems Lab and CERIAS, Purdue Univerisity
  • MULTOPS: a data structure for denial-of-service attack detection (PDF), by Thomer M. Gil (PostScript version)
  • Guidelines for Evidence Collection and Archiving <draft-ietf-grip-prot-evidence-01.txt>, Dominique Brezinski and Tom Killalea (Internet Draft)
  • Draft Convention on Cyber-Crime, Council of Europe (See also Cybercrime Solution Has Bugs, by Declan McCullagh, Wired News, May. 3, 2000)
  • Source code to mstream, a DDoS tool, VULN-DEV post by Anonymous, April 29, 2000
  • THE WAR ON HACKERS, by Gary Lawrence Murphy
  • Distributed Denial Of Service Attacks (DDOS), by David Anderson, MIT
  • Theories on new DoS Attacks v.1, by J. Oquendo
  • On Magic, IRC Wars, and DDoS, by Robert Graham
  • Client-side Distributed Denial-of-Service: Valid campaign tactic or terrorist act?, by the electrohippies collective
  • Spaf's Summary of White House meeting, February 19, 2000
  • DDoS Whitepaper by Bennett Todd (readable overview intended for non-techies)
  • Crypto-Gram, by Bruce Schneier, February 15, 2000
  • Current Events on The Net: Fact, Fiction, or Hype?, by Richard Forno
  • DDoS FAQ, by Kurt Seifried
  • 10 Proposed 'first-aid' security measures against Distributed Denial Of Service attacks, by Mixter
  • "Tribe Flood Network 3000": A theoretical review of what exactly Distributed DOS tools are, how they can be used, what more dangerous features can be implemented in the future, and starting points on establishing Network Intrusion Detection Rules for DDOS, by Mixter
  • Protecting Against the Unknown -- A guide to improving network security to protect the Internet against future forms of security hazards, by Mixter
  • Have Script, Will Destory (Lessons in DoS), by Brian Martin, Attrition.org
  • Practical Network Support for IP Traceback, by Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson, Department of Computer Science and Engineering, University of Washington
  • ICMP Traceback Messages (IETF draft proposal), by Steven Bellovin
  • Advanced and Authenticated Marking Schemes for IP Traceback, by Dawn X. Song and Adrian Perrig
  • Host Identity Payload, Internet Draft, Robert Moskowitz, ICSA.net
  • Host Identity Payload -- Architecture, Internet Draft, Robert Moskowitz, ICSA.net
  • Host Identity Payload -- Implementation, Internet Draft, Robert Moskowitz, ICSA.net
  • Purgatory 101: Learning to cope with the SYNs of the Internet, by NightAxis and Rain Forrest Puppy
  • Distributed Attacks and the Way To Deal With Them, by Tim Yardley
  • Strategies for Defeating Distributed Attacks, by Simple Nomad

• Vendors marketing products in the DDoS space
  (DISCLAIMER: Inclusion here does not imply I believe these products are or are not good solutions. These companies simply claim to have some kind of "solution" to the issues of DDoS.)
  • Network level defenses (detect, stop floods)
    • Arbor Networks
    • Mazu Networks
    • Captus Networks
    • Asta Networks
    • CS3
    • Riverhead Networks
  • Host level defenses (detect, stop handler/agent installation)
    • Entercept
    • Tripwire
  • Augmented Intrusion Detection (detect)
    • Oneka
    • Recourse Technologies
  • Managed Security Services (react)
    • TrustWave
    • Solsoft
    • Aprisma
  • Work in progress research
    • Shai
  • Notes from Lockheed Martin conference on DDoS vendor solutions, December 20, 2001

• Selected news reports/interviews/panel discussions
  (in reverse chronological order)
  • DDOS attack 'really, really tested' UltraDNS, by ComputerWire, The Register, November 26, 2002
  • Attack On Internet Called Largest Ever, by David McGuire and Brian Krebs, washingtonpost.com, October 22, 2002
  • RIAA Web site disabled by attack, by Declan McCullagh, Special to ZDNet News, July 30, 2002
  • News Sites Under 'Syn' Attack: Computers in Asia Flooding Sites, Blocking Access, by Paul Eng, ABCNEWS.com, June 14, 2002
  • Cert warns of automated attacks, by James Middleton, vnunet.com, April 9, 2002
  • Scottish ISP floored as DDoS attacks escalate, by John Leyden, The Register, April 9, 2002
  • Denial-of-Service Attacks Still a Threat, by Jaikumar Vijayan, Computer World, April 08, 2002
  • Internet User Sentenced in Federal Court for Using the Internet to Make Threats (DDoS attacks were also involved in this case, although the death threats were the main thrust of prosecutors.)
  • Arrested Goner Creators Left Obvious Online Trail, By Brian McWilliams, Newsbytes, December 9, 2001
  • 'Mafiaboy' hacker jailed, BBC News, September 13, 2001
  • Cyber-raid hobbles web users, By Michael Foreman, The New Zealand Herald, September 10, 2001
  • Mafiaboy must be jailed, says social worker, by Michelle MacAfee, The Canadian Press, June 19, 2001
  • College: A Cracker's Best Friend, by Michelle Delio, Wired.com, February 28, 2001
  • DoS Attack Storms Weather Channel's Routers, by Rutrell Yasin, InternetWeek, May 24, 2001
  • Hackers storm White House Web site, by Robert Lemos, ZDNet News, May 4, 2001
  • Warning Issued Against Fast-Spreading Hacking Worm, kdh@koreatimes.co.kr, The Korea Times, April 24, 2001
  • Microsoft Web Sites Attacked, by Ariana Eunjung Cha and David Streitfield, Washington Post, January 26, 2001
  • IRC Attack Linked to DoS Threat, by Michelle Delio, Wired, January 12, 2001
  • FBI Targets 7 Hackers In Planned New Year's Eve Virus Attack, by Brian Krebs, Newsbytes, January 11, 2001
  • Lynnwood teen one of several targets of FBI probe, KING 5 News (Seattle), January 10, 2001
  • IRC: Attack From Killer 'HaX0rZ', by Michelle Delio, Wired, January 9, 2001
  • Romanian hacker bombs chat network, by Will Knight, ZDNet UK, January 9, 2001
  • Four Israeli hackers suspected of planning New Year's Eve attack , by Assaf Zohar, Israel's Business Arena, January 3, 2001
  • 2001: Killer hack attacks, by Scott Berinato, eWEEK (via ZDNet UK), December 20, 2000
  • The Year of the Killer Hackers, by Scott Berinato, eWEEK, December 18, 2000
  • 'Mafiaboy' Trying To Stare Down Prosecutors, by Kevin Johnson, USA TODAY, December 5, 2000
  • 'Mafiaboy' to plead guilty to hacking major Web sites, by Linda Rosencrance, Computerworld, November 07, 2000
  • U.S. may face net-based holy war, by Dan Verton, Computerworld, November 13, 2000
  • Abroad at Home: The cyberwars of the Middle East have come to Washington, by John Lancaster, Washington Post, November 3, 2000 (defaced web site)
  • Lucent says Mideast hackers attacked Web site, by Erich Luening, CNET News.com, November 2, 2000,
  • Mideast hackers may strike U.S. sites, FBI warns, by Erich Luening, CNET News.com, November 2, 2000
  • Security experts: Denial-of-service attacks still a big threat, by Patrick Thibodeau, Computerworld, October 20, 2000
  • 'Pecked to Death by a Duck' -- Hacktivists Chat up the World Bank, by Sarah Ferguson, The Village Voice, October 18, 2000
  • Interpol orders immediate cybercrime action, by Will Knight, ZDNet UK, October 11, 2000
  • Internet giants confer on denial-of-service attacks, by Paul Festa, CNET News.com, September 26, 2000
  • Web sites unite to fight denial-of-service war, by Ellen Messmer, Network World, September 25, 2000
  • New Technology Tracks, Kills DoS Attacks At ISP Level, by Cynthia Flash, TechWeb News, September 14, 2000
  • New denial-of-service attack tool uses chat programs, by Ellen Messmer, CNN, September 6, 2000
  • Surfing the Tsunami: A large Southeastern university IS team fights off a massive distributed denial of-service attack and lives to tell about it., by DDoS Survivor, Network World, August 28, 2000
  • University researcher traces response to DDOS attacks, by Ann Harrison, Computerworld, August 18, 2000 [Corrections to Computerworld article]
  • New Public-Private Venture Meant to Combat Cybercrime, by Paul Nowell, The Associated Press, August 11, 2000
  • 250 Linux servers infected by denial-of-service program, the Korea Herald, August 1, 2000
  • Lack of funding threatens cybersecurity project, by Elinor Abreu, The Industry Standard, July 31, 2000
  • Wanna know how BT.com was hacked?, by Kieren McCarthy, The Register, July 25, 2000
  • BT hacked: revenge for crap service, by Kieren McCarthy, The Register, July 21, 2000
  • Hackers Plant Attack File in Home Computers, by Chet Dembeck, E-Commerce Times, June 9, 2000
  • Hackers Said Poised for Attack, by D. Ian Hopper, AP, June 9, 2000
  • Online boasting leaves trail -- FBI: Teen a schoolboy by day, brazen hacker by night, by Kevin Johnson, M.J. Zuckerman and Deborah Solomon, USA TODAY, June 7, 2000
  • Experts lecture feds on cybersecurity, by Diane Frank, Federal Computer Week, May 24, 2000
  • Beware of the security zealot, by Lewis Z. Koch, Inter@ctive Week, May 23, 2000
  • New Denial-of-Service Software Found "in the Wild", by Steven Bonisteel, Newsbytes, May 3, 2000
  • Hackers release new DoS tool -- Stakes high in cat-and-mouse game with security experts, by Bob Sullivan, MSNBC, May 2, 2000 [Corrections to MSNBC article]
  • Cybercrime Solution Has Bugs, by Declan McCullagh, Wired News, May. 3, 2000
  • Expert warns of powerful new hacker tool, by Stephen Shankland, CNET News.com, May 1, 2000
  • Probe of Hacker Net a Second Suspect: His Father, by Steven Pearlstein and David A. Vise, Washington Post, April 21, 2000
  • DoS Attacks: What Really Happened, by Bob Sullivan, MSNBC, April 19, 2000
  • `Mafiaboy' Arrested -- Canadian Teen Charged In Web Attacks, by Jonathan Dube and Brian Ross, ABCnews.com, April 19, 2000
  • Hackers can claim copyright on tools, by David Hellaby, AustralianIT, April 18, 2000
  • U.S. Treasury Chief Warns of Cyber Threats, by Jim Wolf, Reuters, April 18, 2000
  • How to Fight Cyber Thugs -- Before it's Too Late, editorial by Jesse Berst, ZDNet AnchorDesk, April 3, 2000
  • Hacker attack costs rise -- FBI, CSI: Verifiable losses due to poor security top $265M in 1999, CNNfn, March 22, 2000
  • DDOS attacks' ultimate lesson: Secure that infrastructure, by Deborah Radcliff, Securityportal.com, March 20, 2000
  • DoS Attacks on the Anatel (Brazilian National Telecommunications) (Spanish - translate with Babelfish), by Condor, March 15, 2000
  • Ihug hit by hackers, by Adam Gifford, The New Zealand Herald, March 15, 2000
  • Get more secure - or else!, by Lisa M. Bowman, ZDNet|UK|, March 15, 2000
  • Asleep at the switch? -- How the government failed to stop the world's worst Internet attack, by M.J. Zuckerman, USA TODAY, March 9, 2000
    [Note: When I was interviewed by Mike, I hadn't researched the timing of events very thoroughly, so he was working with my rough recollections. I've since tried to put together my own timeline on DDoS events]
  • Web attacks: Cure worse than woes? Trend Micro's anti-viral OfficeScan - which also checks for DoS vulnerabilities - is a prime vehicle for foul play, by Steven J. Vaughan-Nichols, Sm@rt Reseller, ZDNN, March 8, 2000
  • DoS attacks: A problem of the information age Q&A with security guru Dave Dittrich, by J.S. Kelly, SunWorld Online, March 2000
    [Note: I was unable to provide feedback to J.S. Kelly in time, so some of the transcribed answers are not quite what I said. I'll try to clarify more as I find time. See also the Slashdot and other RealAudio interviews for answers to similar questions.]
  • Hatch Won't Hatch Clinton Net Security Idea, by Robert MacMillan, Newsbytes, March 3, 2000
  • Getting Hacked Could Lead to Getting Sued, by Ritchenya A. Shepherd, American Lawyer Media News Service, March 2, 2000
  • Hacker plan: take down the Net -- Associates tell feds Coolio started last month's Web attacks; teen's New England home searched, computers confiscated, by Bob Sullivan, MSNBC, March 1, 2000
  • CIOs Need to Be Held Accountable for Security, by L. Taylor, TechnologyEvaluation.com, February 28th, 2000
  • FBI: Internet Attack Motive Unknown, by Ted Bridis, AP, February 29, 2000
  • Senate Judiciary Committee hearing on Internet Denial of Service Attacks and the Federal Response, February 29, 2000
    • Testimony of Eric Holder, Deputy Attorney General, Department of Justice
    • Testimony of Dan Rosensweig, President and CEO, ZDNet
    • Testimony of "Mudge", @Stake
  • Locking Out the Hackers -- How to safeguard the Web, News: Analysis & Commentary, Business Week, February 28, 2000
  • FBI site hit in latest hacker attacks -- Microsoft, brokerage among victims, but damage is short-lived, MSNBC staff and wire reports, February 25, 2000
  • Web attacks? The ISPs strike back!, by Robert Lemos, ZDNet News, February 23, 2000
  • New hacker software could spread by email, by John Borland, CNET News.com, February 23, 2000
  • Cyber Crime -- First Yahoo! Then eBay. The Net's vulnerability threatens e-commerce--and you, Cover Story, BusinessWeek magazine, February 21, 2000
  • Web attacks: Are ISPs doing enough? Not according to many broadband customers and security experts, by Robert Lemos, ZDNet News, February 21, 2000
  • Internet News Radio interview with David Dittrich (University of Washington) and Brian Martin (aka "jericho" of Attrition.org), February 23, 2000
  • Warding off DDoS Attacks: Tools and services help keep servers from being turned into zombies, by Jim Kerstetter, PC Week Online, February 21, 2000
  • Hacker's Web Weapons Test-Fired on Chat Sites, by Ariana Eunjung Cha, Washington Post, February 19, 2000
  • Dot-Com firms are hacking each other -- expert, by Thomas C. Greene, The Register, February 18, 2000
  • NPR's Diane Rehm show (Real Audio), panel discussion on Internet Security with Jeffrey Hunker (National Security Council), James Adams (iDefense.com), David Dittrich (University of Washington) and Elias Levy (SecurityFocus.com)
  • Slashdot interview
  • Universities likely to remain Net security risks, by John Borland, CNETNews.com, February 15, 2000
  • German programmer "Mixter" addresses cyberattacks, by Stephen Shankland, CNET News.com, February 14, 2000
  • Hacker discloses new Internet attack software , by Stephen Shankland, CNET News.com, February 14, 2000
  • Hacker hunters follow lead to Germany -- Web site attackers exploited Stanford computers, CNN.com, February 13, 2000
  • Hacker probe widens as Canada attacked, by John Greenwood, National Post (with files from Bloomberg News and Dow Jones), February 12, 2000
  • Doing Away with DoS, by Michelle Finley, Wired, February 10, 2000
  • DoS: Defense Is the Best Offense, by Chris Oakes, Wired, February 10, 2000
  • ZDNet Special Report: It's War! Web Under Attack
    [An over-hyped headline, but aggregates several stories]
  • Hack leads point to California university, by John Borland and Jeff Pelline, CNET News.com, February 11, 2000
  • The making of weapons -- underground, by Stephen Shankland, Michael Kanellos, and Mike Yamamoto, CNET News.com, February 9, 2000
  • Hacker tools may come from single source, by Stephen Shankland, Michael Kanellos, and Mike Yamamoto Staff, CNET News.com, February 9, 2000
  • Hackers disrupt Web sites, Seattle Post-Intelligencer, February 9, 2000
  • Was Yahoo Smurfed or Trinooed?, by Declan McCullagh, Wired News, February 8, 2000
  • Yahoo on Trail of Site Hackers, Rueters News Service, February 8, 2000
  • Yahoo brought to standstill, BBC News, February 8, 2000
  • Internet attack slows Web to a crawl -- Assault on Oz.net affects entire area, by Dan Richman, Seattle Post-Intelligencer, January 18, 2000
  • DoS attack programs find warm, safe place on Solaris, by Nora Mikes, SunWorld Magazine, January 2000
  • Experts Warn of Multipronged E-Mail Assaults: New Software Allows Vandals to Overwhelm Computers , by David Noack, APBNews.com, December 27, 1999
  • CERT warns of networked denial of service attacks, by Ann Harrison, Computerworld, December 23, 1999
    [Corrections to Computerworld article]
  • Malicious programs lie in wait, FBI warns, by Bruce V. Bigelow, San Diego Union Tribune, December 15, 1999
    [Corrections to San Diego Union Tribune article]
  • Computer security teams brace for attacks by Stephen Shankland, Staff Writer, CNET News.com, December 20, 1999
    [Corrections to CNET News.com article]
  • Net hackers develop destructive new tools, by M.J. Zuckerman, USA TODAY, December 7, 1999
    [Corrections to USA Today article]
  • Cyberterrorism hype, by Johan J. Ingles-le Nobel, Janes Intelligence Review, October 21, 1999
  • Cyber Attacks -- Both Old and New, by Robert Lemos, ZDNet News, October 20, 1999
  • "Smurf" attack hits Minnesota, by Paul Festa, CNET News.com, March 17, 1998

• History of Denial of Service and its use against Internet Relay Chat (IRC) networks
  • Bots, Drones, Zombies, Worms and other things that go bump in the night., by Lockdown Corp.
  • An IRC Tutorial
  • Definition of "channel takeover", Valinor IRC glossary
  • Hacking IRC - The Definitive Guide
  • rEfnet Old News (look for "TakeOver" and "split")
  • Why EFnet Sucks, by Mixter
  • Sociology of the Internet Online Communities, Dennis C. Williams/Prof. Dizard
  • Bots Are Hot!, by Andrew Leonard, Wired magazine, April 1996
  • Romanian Cracker Takes Down the Undernet, by Kristi Coale, Wired News, January 14, 1997
  • Out of Band Bug Kicks Users Off Networks, by Mark Joseph Edwards, Wired News, May 12, 1997
  • Smurfing Cripples ISPs, by James Glave, Wired News, January 7, 1998
  • CIAC-2318: "IRC On Your Dime? What You Really Need to Know About Internet Relay Chat (PDF), (PostScript), CIAC, Dept. of Energy, June 1998
  • Denial of Service Attack Information, by Craig A. Huegen (1998)

• Humor
  • Hacker Attacks! by all of the top editorial cartoonists (updated regularly)

  ---

  Dave Dittrich <dittrich@cac.washington.edu>