At 10:44 AM 02/10/2000 -0600, you wrote:
I'm not sure if this is news or not, but looking at http://www.fbi.gov/nipc/trinoo.htm - it seems the NIPC has released
this has been out about since late Dec
binaries, (no source code, the jerks), for tools to detect if a box has trin00, tribal flood net, tfn2k and some other DDoSD's on it. Heh, who in their right mind installs something w/o source.... Especially from the FBI ;)They are the ones that want to BACKDOOR every crypto product...
It looks like a packet sniffer that just looks for the fingerprints of these attacks. Nothing really special. It even looks like it has the exploit compiled in(strings , nm -Du, ldd the binary), probably cut and paste work. The fact that they have it only for Solaris(SPARC and x86) and Red Hat tells you those are the only types of boxes they have, or the only thing they could get it to work on. Matt