Bugtraq mailing list archives
Re: Analysis of Tribe Flood Network
From: mixter () NEWYORKOFFICE COM (Mixter)
Date: Thu, 9 Dec 1999 06:20:23 +0100
I just wanted to tell you that 'trinoo' has been around for more than half a year, originally developed by 'takeover / war' groups on IRC to launch attacks against users and IRC servers. Since trinoo was never published, I wrote TFN and made it publicly available at some security sites, in hope to make some people aware of the impact of 'distributed DoS'.. Although I haven't greatly worked on tfn after the public release myself, a number of people/groups seem to have made private versions of it with encryption and support for other operating systems and used it for active denial of service. The real big problem is the fact that so many systems are still compromisable at root level with the most commonly used exploits (now I hear that even many Internet2 machines are), and that some people still haven't realized that a root compromise means *total control* over the systems hard- and software.. including denial of service, automated compromising of other machines, remote eavesdropping, virtually everything you (or the intruder) can imagine.. In my opinion, it is not advisable to rely on IDS signatures only, instead systematically secure machines before they are put on the net, and closely examine machines where remote security holes were patched after already being on the net for some time, because it is really a trivial matter to change a lot of the behavior and strings which programs like flood networks use, and this is obviously actively being done. Mixter ________________________ mixter () newyorkoffice com http://1337.tsx.org
Current thread:
- new IE5 remote exploit Jeremy Kothe (Dec 05)
- Re: new IE5 remote exploit Dustin Miller (Dec 06)
- Re: new IE5 remote exploit krisp (Dec 06)
- Analysis of trin00 Dave Dittrich (Dec 07)
- Re: Analysis of trin00 Stefan Aeschbacher (Dec 09)
- Re: Analysis of trin00 Jacob Langseth (Dec 09)
- ISSalert: ISS Security Advisory: Buffer Overflow in Solaris Snoop Aleph One (Dec 09)
- Re: Analysis of trin00 Stefan Aeschbacher (Dec 09)
- xsw 1.24 remote buffer overflow Aleph One (Dec 09)
- Re: new IE5 remote exploit Dustin Miller (Dec 06)
- Analysis of Tribe Flood Network Dave Dittrich (Dec 07)
- Re: Analysis of Tribe Flood Network Mixter (Dec 08)
- Re: Analysis of Tribe Flood Network Stefan Laudat (Dec 10)
- Error in System Policies Adam Simms (Dec 10)
- Re: Analysis of Tribe Flood Network Mixter (Dec 11)
- Big problem on linux 2.0 visi0n (Dec 11)
- Re: Big problem on linux 2.0 visi0n (Dec 11)
- Re: Big problem on linux 2.0 Andrea Arcangeli (Dec 14)
- HP-UX: Security Vulnerability in wu-ftp Aleph One (Dec 13)
- Re: w00giving #8] Solaris 2.7's snoop Shane A. Macaulay (Dec 09)