The purpose of this message is to solicit participation in birds of a feather (BOF) session to discuss the Distributed Denial of Service (DDOS) problem. WHO: Everyone interested in aggressively addressing a category of attack threatening Internet-connected systems. WHAT: We (ICSA.net ) are have put together at least two BOF's to discuss DDOS attacks in the trin00, TFN, TNF2K, stacheldraht...family. WHEN & WHERE: The next BOF session will be Monday, February 7, 2000 from 7 to 9 pm at Doubletree Hotel San Jose, 2050 Gateway Place, San Jose, CA - phone 408-453-4000 (conference hotel). Refreshments will be served. This BOF session coincides with the North American Network Operators Group (NANOG) conference and a meeting of ICSA's ISPSec Consortium, but the BOF is open to all interested parties. WHY: The goals are two-fold initially, awareness of the problem and see if the collection of smarts at a BOF can suggest effective ways of dealing with these attacks other than "hoping" the clue-challenged secure their systems before the trojans are installed. relevant URL's: http://www.icsa.net/html/communities/ispsec/ http://www.nanog.org/mtg-0002/ http://www.washington.edu/People/dad/ http://www.ietf.org/internet-drafts/draft-moskowitz-hip-01.txt http://www.ietf.org/internet-drafts/draft-moskowitz-hip-enc-00.txt http://www.ietf.org/internet-drafts/draft-moskowitz-hip-dns-00.txt http://www.ietf.org/internet-drafts/draft-moskowitz-hip-arch-01.txt Tentative Agenda: Introduction: The Problem: Technical Review of Attack tools Trends/ Implications/ Characteristics Possible Mitigations: Scanning for Master / Slaves ISP Egress /Ingress Filtering Potential Protocol Changes HIP Open discussion Next Steps Noteworthy Participants: Dave Dittrich Bob Moskowitz -- Regards, Dave Kennedy CISSP Director of Research Services, ICSA.net http://www.icsa.net Protect what you connect. Look both ways before crossing the Net.