Feeds

More potent DDoS tool in development

Better bust a few more kids

  • alert
  • submit to reddit

Maximizing your infrastructure through virtualization

An enhanced tool to script distributed denial of service (DDoS) attacks called Mstream is currently in development and may soon yield a utility capable of launching crippling assaults through far fewer infected clients than were used to disable sites and steal headlines back in February, University of Washington researcher David Dittrich has discovered. A detailed report of his findings has been posted by Packet Storm. According to the report, Mstream was discovered recently in a still-crude, buggy condition. "An Mstream agent was discovered in late April 2000 on a compromised Linux system at a major university. This system was identified to be flooding packets using forged source addresses, targeted at over a dozen IP addresses," Dittrich says. Buggy or not, Mstream apparently yields a lot of bang for the buck compared with current tools such as shaft, trin00, TFN and Stacheldraht. "An extremely small number of attack packets" were being launched. "The traffic did, however, cause the router (which served 18 subnets) to become non-responsive," the report notes. "This means that sites that do egress filtering may still suffer from these attacks themselves, even if the intended 'victim' receives fewer packets than the attacker(s) intended," the report says. As for defences, there appear not to be any at the moment, except for virus detection which is unlikely to be effective until the final code is hacked out. "The lesson here is that there is no 'quick fix' to DDoS in the form of simple technical filtering solutions," Dittrich notes. The chief security solution in effect thus far seems to be the wholesale squandering of immense international law enforcement resources in hopes of netting one or two teen-aged script kiddies. Apparently this has not been quite as effective as originally hoped. ® Related Coverage Canadian Feds charge Mafiaboy in DDoS attacks TFN author 'Mixter' sentenced FBI Web site hacked Feds charge Coolio while DDoS attackers remain at large Hacking credit cards is preposterously easy Congressional study rejects Clinton's IT security Czar, FIDNET The Mother of all DDoS attacks looms Hacking hysteria invigorates insurance industry Law enforcers the 'absolute worst people' for Net security - former Fed Janet Reno proposes on-line police squad Dot-Com firms are hacking each other -- expert Reno, FBI feast on bad network security New hack attack is greater threat than imagined

The Power of One Infographic

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Airbus promises Wi-Fi – yay – and 3D movies (meh) in new A330
If the person in front reclines their seat, this could get interesting
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.