[LINK] Distributed Denial of Service attacks
Fri, 11 Feb 2000 18:18:18 +1100
CERT latest: http://www.cert.org/current/current_activity.html#distributed
original CERT advisory:
Internet Security Solutions info:
This one is a fairly good plain English explanation from Lawrence Livermore
Labs in Berkeley CA (note the date and the conclusin about risk!):
Computer Incident Advisory Capability
Lawrence Livermore National Laboratory
Distributed System Intruder Tools
Trinoo and Tribe Flood Network
December 21, 1999
Trinoo and Tribe Flood Network (TFN) are new forms of denial of service
(DoS) attacks. DoS attacks are designed to bring down a computer or network
by overloading it with a large amount of network traffic using TCP, UDP, or
ICMP. In the past, these attacks came from a single location and were easy
to detect. Trinoo and TFN are distributed system intruder tools. These
tools launch DoS attacks from multiple computer systems at a target system
simultaneously. This makes the assault hard to detect and almost
impossible to track to the original attacker. Because these attacks can be
hundreds of computers under the command of a single attacker, they are far
more dangerous than any DoS attack launched from a single location.
These distributed tools have only been seen on Solaris and Linux machines,
but there is no reason why they could not be modified for UNIX machines.
The target system can also be of any type because the attack is based on
the TCP/IP architecture, not a flaw in any particular operating system
CIAC considers the risks presented by these DoS tools to be high.
Dan Tebbutt, Technology Writer, Melbourne Australia
The Australian (http://technology.news.com.au)
Ph: +61-3-9292-1370 Fax:+61-3-9292-2803
"The revolution will be televised ... on pay-per-view."