<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body text="#000000" bgcolor="#ffffff">
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style></style>
<title>OPLIN 4Cast</title>
<style>
.headerTop { background-color:#FFFFFF; border-top:0px solid #000000; border-bottom:1px solid #FFFFFF; text-align:center; }
.adminText { font-size:16px; color:#0000FF; line-height:200%; font-family:verdana; text-decoration:none; }
.headerBar { background-color:#FFFFFF; border-top:0px solid #333333; border-bottom:0px solid #FFFFFF; }
.title { font-size:20px; font-weight:bold; color:#000000; font-family:arial; line-height:110%; }
.subTitle { font-size:11px; font-weight:normal; color:#000000; font-style:italic; font-family:arial; }
.defaultText { font-size:12px; color:#000000; line-height:150%; font-family:trebuchet ms; }
.footerRow { background-color:#FFFFCC; border-top:0px solid #FFFFFF; }
.footerText { font-size:10px; color:#996600; line-height:100%; font-family:verdana; }
a { color:#0000FF; color:#0000FF; color:#0000FF; }
</style>
<table class="backgroundTable" width="100%" bgcolor="#ffffff"
cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td valign="top" align="left">
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-top: 0px solid rgb(0, 0, 0);
border-bottom: 1px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255); text-align:
center;" align="center"><span style="font-size:
10px; color: rgb(96, 96, 96); line-height: 200%;
font-family: verdana; text-decoration: none;">Email
not
displaying correctly? <a
href="http://www.oplin.org/4cast/"
style="font-size: 10px; color: rgb(0, 0, 255);
line-height: 200%; font-family: verdana;
text-decoration: none;">View
it in your browser.</a></span></td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(51, 51, 51);
border-bottom: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255);">
<center><a href=""><img id="editableImg1"
src="cid:part1.00000807.00080506@oplin.org"
title="OPLIN" alt="OPLIN 4Cast" align="middle"
border="0"></a></center>
</td>
</tr>
</tbody>
</table>
<table style="width: 763px; height: 877px;"
bgcolor="#ffffff" cellpadding="20" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 12px; color: rgb(0, 0, 0);
line-height: 150%; font-family: trebuchet ms;"
valign="top"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
bgcolor="#ffffff">
<p><!-- Make sure you modify the 4Cast title in this section -->
<span style="font-size: 20px; font-weight: bold;
color: rgb(0, 0, 0); font-family: arial;
line-height: 110%;">OPLIN 4Cast #258: DoS'd for
the holidays</span><br>
<!-- Make sure you modify the date of the 4Cast in this section -->
<span style="font-size: 11px; font-weight: normal;
color: rgb(102, 102, 102); font-style: italic;
font-family: arial;">November 30th, 2011</span></p>
<!-- Begin copy of Web Source here -->
<p style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.oplin.org/4cast/wp-content/uploads/2011/11/denied_sm.png"><img
class="alignleft size-full wp-image-2363"
style="margin-right: 3px;" title="denied
stamp"
src="cid:part2.06040803.08060802@oplin.org"
alt="" height="104" width="104"></a>Late in
the afternoon on Black Friday, the oplin.org
website was hit by an apparent Denial of Service
(DoS) attack. DoS and DDoS (Distributed Denial of
Service) attacks overwhelm a website with so many
requests for connections that the webserver is too
busy with this "junk" traffic to respond to
legitimate traffic. As a result, it looked like
the OPLIN website, and all the services that run
on the same server - like the <em>4cast</em> -
were offline for a couple of hours until we
stopped the attack. Why was oplin.org targeted?
Good question, since it's a pretty innocuous
website, but certainly the timing of the attack
suggests that we may have been an innocent victim
of a general increase in DoS attacks that happens
around the holidays.
</p>
<div> </div>
<ul style="text-align: left;">
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.eweek.com/c/a/Security/ECommerce-Retail-Websites-Alert-for-DDoS-Attacks-this-Holiday-Season-308996/">E-commerce,
retail websites alert for DDoS attacks this
holiday season</a> (eWEEK/Fahmida Y. Rashid)
"DDoS attacks increased by 30 percent in 2010,
and the number is expected to be higher in 2011,
according to Gartner estimates. The attacks have
also been escalating in size and complexity in
2011, according to Paul Sop, chief technology
officer at Prolexic. Attackers generally are
throwing more packets, using more bandwidth and
targeting the application layer, Sop said.
E-commerce businesses aren't the only ones that
have to worry about DDoS attacks during this
holiday season, as hospitality, gaming and
shipping services should also be on high alert
for DDoS attacks, Sop said."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.businesswire.com/news/home/20111122005131/en/Corero-Advises-Retailers-Risks-DDoS-Attacks-Holiday">Corero
advises retailers of risks associated with
DDoS attacks during holiday shopping season</a>
(BusinessWire) "DDoS attacks bring victim
websites to a crawl or halt, using network
flooding techniques that have been in use for
more than a decade, and more recently, insidious
application-layer attacks which are very
difficult to detect. Online commerce depends on
sites that are responsive and always available.
Frustrated customers will quickly abandon an
unresponsive site and go to another."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.pcworld.com/article/243743/firewalls_cant_keep_up_with_ddos_attacks.html">Firewalls
can't keep up with DDoS attacks</a>
(PCWorld/John E. Dunn) "The survey of 1000
medium and large organizations in ten countries
found that up to 45 percent of respondents
experience such attacks on a regular basis, a
mixture of application and network-layer
incursions. About half rated denial of service
attacks as highly effective with 79 percent
saying they still <a
href="http://www.pcworld.com/businesscenter/article/221533/new_firewalls_should_increase_protection.html">relied
on firewalls</a> to deflect them despite 42
percent finding that such devices were
ineffective against conventional attacks at the
network layer."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.breakingpointsystems.com/community/blog/cyber-monday-cyber-attack/">Happy
holidays: 5 ways to use DoS testing to thwart
cyber extortion</a> (BreakingPoint/Pam O'Neal)
"...online businesses still fear these threats,
with little confidence in the DoS mitigation and
security measures put in place to protect them.
This is especially true for Internet retailers,
the latest victims of hacker-extortionists.
Internet retailers have a small window to 'get
it right' when it comes to hardening their
resiliency to DoS or DDoS attacks. And the
post-Thanksgiving Cyber Monday is part of that
small window."</li>
</ul>
<div style="text-align: left;"> </div>
<p style="text-align: left; font-size: 20px;
font-family: arial; line-height: 110%;"><small><strong><em>Method
fact:</em></strong></small><br>
</p>
<div style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;">Kaspersky
Labs <a
href="http://www.securelist.com/en/analysis/204792189/DDoS_attacks_in_Q2_2011">reports</a>
that the "HTTP flood" method, which simply sends a
huge number of HTTP requests to the targeted site
over a short period of time, accounted for 88.9%
of all DDoS attacks in the second quarter of 2011.
</div>
<div style="text-align: left;"> </div>
<!-- End paste of web source here --> </td>
</tr>
<tr>
<td style="" solid="" background-color:="" rgb(255,=""
255,="" 255);="" >="" valign="top" width="760"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"><span
style="font-size: 10px; color: rgb(96, 96, 96);
line-height: 100%; font-family: verdana;">
<hr><!-- Begin standard subscription verbiage -->
<div style="text-align: justify;">The <strong><em>OPLIN
4cast</em></strong>
is a weekly compilation of
recent headlines, topics, and trends that could
impact public
libraries. You can subscribe to it in a variety
of ways, such as: <br>
</div>
<div style="text-align: left;"> </div>
<ul>
<li style="text-align: justify;"><strong>RSS
feed.</strong>
You
can receive the OPLIN 4cast
via RSS feed by subscribing to the following
URL:
<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/index.php/?feed=rss2">http://www.oplin.org/4cast/index.php/?feed=rss2</a>.
</li>
<li style="text-align: justify;"><strong>Live
Bookmark.</strong>
If you're using the Firefox
web browser, you can go to the 4cast website
(<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/">http://www.oplin.org/4cast/</a>) and click on the
orange "radio wave" icon
on the right side of the address bar. In
Internet Explorer 7, click on
the same icon to view or subscribe to the
4cast RSS feed. </li>
<li style="text-align: justify;"><strong>E-mail.</strong>
You
can have the OPLIN 4cast
delivered via e-mail (a'la OPLINlist and
OPLINtech) by subscribing to
the 4cast mailing list at
<a class="moz-txt-link-freetext" href="http://mail.oplin.org/mailman/listinfo/OPLIN4cast">http://mail.oplin.org/mailman/listinfo/OPLIN4cast</a>.
</li>
</ul>
</span> </td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 204);" valign="top"
width="760"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickfooter.jpg">
<br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</body>
</html>