For Immediate Release
May 24, 2000

Washington D.C.
FBI National Press Office

NIPC Advisory 00-044; MSTREAM Distributed Denial of Service Tool

The National Infrastructure Protection Center and the Federal Bureau of Investigation announced today the availability of an NIPC developed detection tool to combat the serious threat posed by the potential of the "mstream" Distributed Denial of Service (DDOS) exploit. DDOS attacks, such as those that crippled many on-line "e-businesses" earlier this year, can cause the loss of millions of dollars of revenue as well as reduce confidence in electronic commerce. The NIPC tool is available at: www.nipc.gov.

Mstream uses LINUX and UNIX computers to launch packet flooding denial of service attacks against one or more target systems. The NIPC detection tool allows users to examine their systems to identify the presence of mstream and thereby prevent their computers from being used as "zombies" in an attempted DDOS attack against other systems.

In December 1999, the NIPC made available a tool that was effective against other DDOS exploits, including TrinOO and TFN. This release updates that tool to include the ability to detect mstream. NIPC continues to work aggressively with other government agencies and industry to provide timely and effective warnings and countermeasures to the increasingly damaging threats posed to the U.S. cyber infrastructure.

As with earlier DDOS exploits, there is currently no way for a potential victim to prevent an mstream attack. Rather, security depends on a community-wide effort to detect and remove mstream "zombies," thereby reducing the number of computers that can be used to attack the ultimate target. For that reason, the NIPC strongly encourages widespread use of its detection tool, and any others that become available.

Any suspected DDOS related activity should be reported to a local FBI office, the NIPC Watch and Warning Unit, other law enforcement agencies, or computer emergency response support organizations, as appropriate. The NIPC Watch and Warning Unit can be reached at (202) 323- 3204/3205/3206, or by e-mail at nipc.watch@fbi.gov.