|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [PROPOSAL] DDOS - Distributed DoS (1 candidate)
I don't agree with Pascal that this is a filtering problem analogous to smurf. Rootkit is a better analogy. The DDoS software doesn't exploit any unique vulnerability directly. It's presence is entirely predicated on the existence of at least one other, easily exploited vulnerability. >From the perspective of the system owner, this is just one of several backdoors that could be installed. Seems to me that the presence of a known backdoor package should be considered a vulnerability (or at least an exposure). I'm really torn on whether or not to split them out, though. My inclination is to group master and slave by package; i.e., trinoo master/slave, tfn master/slave, etc. REVIEWING ----- Scott Blake blake@bos.bindview.com Security Program Manager +1-508-485-7737 x218 BindView Corporation Cell: +1-508-353-0269 >================================= >Candidate: CAN-2000-0138 >Published: >Final-Decision: >Interim-Decision: >Modified: >Proposed: 20000215 >Assigned: 20000209 >Category: MP >Reference: CERT:CA-2000-01 >Reference: CERT:IN-99-04 >Reference: SUN:00193 >Reference: ISS:20000209 Denial of Service Attack using the TFN2K >and Stacheldraht programs >Reference: BUGTRAQ:19991206 Analysis of trin00 >Reference: BUGTRAQ:19991206 Analysis of Tribe Flood Network >Reference: BUGTRAQ:19991229 Analysis of "stacheldraht" >Reference: BUGTRAQ:20000211 DDOS Attack Mitigation >Reference: BUGTRAQ:20000211 TFN2K - An Analysis >Reference: BUGTRAQ:20000211 A DDOS proposal. > >A system has a distributed denial of service (DDOS) attack master or >agent installed, such as Trinoo, Tribal Flood Network (TFN), Tribal >Flood Network 2000 (TFN2K), or stacheldraht. > > >VOTE: >
|
||||
