Second-generation DDoS tools now easily detected
Not that you'll do anything about it....
The merry prankster(s) who recently launched widespread distributed denial of service (DDoS) attacks against such paragons of e-commercial success as Yahoo and E-Trade have bequeathed us one valuable legacy: they raised awareness of a threat which the security community, toiling in obscurity, had failed to make sufficiently clear. The Register got the message, however, and nearly two weeks ago we warned all of you that DDoS attacks were a greater threat than previously imagined. We noted that the FBI's National Infrastructure Protection Center (NIPC), a notoriously tight-lipped organization, had mused aloud that earlier DoS exploits indicated "preparation for widespread denial of service attacks." It seems they were right. Fancy that. Now, improved DDoS weapons have been released. These are Stacheldraht (German for "barbed wire") and an updated version of Tribal Flood Network (TFN) appropriately named TFN2K. The security community, still toiling in obscurity, has graciously developed tools to detect both. The Computer Emergency Response Team (CERT) offers a detailed description of both weapons. Not that you'll read it. However, for all the good it will do, Stacheldraht information can be found on the CERT site here; and TFN2K information can be found on the same site here. Even better, the NIPC has developed tools to detect either weapon on your system. Not that you'll download them, but for what it's worth, the files are available from the NIPC Web site here. ®
Sponsored: RAID: End of an era?