[27244] in North American Network Operators' Group
Re:FBI / NIPC released a DDoSD detection tool? (Look in the
daemon@ATHENA.MIT.EDU (mpotter@atpco.com)
Thu Feb 10 14:04:34 2000
Message-Id: <3.0.6.32.20000210134936.00794b00@smtp.int.atpco.com>
Date: Thu, 10 Feb 2000 13:49:36 -0800
To: nanog@nanog.org
From: mpotter@atpco.com
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Errors-To: owner-nanog-outgoing@merit.edu
At 10:44 AM 02/10/2000 -0600, you wrote:
>
>I'm not sure if this is news or not, but looking at
>http://www.fbi.gov/nipc/trinoo.htm - it seems the NIPC has released
this has been out about since late Dec
>binaries, (no source code, the jerks), for tools to detect if a box has
>trin00, tribal flood net, tfn2k and some other DDoSD's on it.
Heh, who in their right mind installs something w/o source.... Especially
from the FBI ;)They are the ones that want to BACKDOOR every crypto product...
It looks like a packet sniffer that just looks for the fingerprints of
these attacks. Nothing really special. It even looks like it has the
exploit compiled in(strings , nm -Du, ldd the binary), probably cut and
paste work. The fact that they have it only for Solaris(SPARC and x86) and
Red Hat tells you
those are the only types of boxes they have, or the only thing they could
get it to work on.
Matt
