From: Robert S. Thau (rst@ai.mit.edu)
Date: Fri Feb 25 2000 - 08:17:30 PST
Stephen D. Williams writes:
> The description of the recent attacks that I noticed were a bit
> more cryptic. It may have been a raw data stream, augmented by
> coming from multiple locations including cracked sites. It may
> have been based on some bug that caused cascading response traffic,
> as was suggested.
If you're referring to the recent DDOS attacks on yahoo et al., they
seem to have been done using either trinoo, TFN (Tribal Flood Nework)
or something much like it --- you can find detailed analysis of all of
these in the archives of the bugtraq mailing list at
http://www.securityfocus.com/templates/archive.pike?list=1
(These are master/slave attacking tools --- the attackers compromise a
few thousand machines across the net, install slave code on the
machines, and use them to amplify the volume. The latest variation is
something called troj_trinoo, which is a variant of the trinoo slave
code which is now apparently distributing itself as an email virus).
rst
This archive was generated by hypermail 2b29 : Fri Feb 25 2000 - 08:21:36 PST