NIPC Advisory 00-044; MSTREAM
Distributed Denial of Service Tool
The National
Infrastructure Protection Center and the Federal Bureau of
Investigation announced today the availability of an NIPC developed
detection tool to combat the serious threat posed by the potential
of the "mstream" Distributed Denial of Service (DDOS)
exploit. DDOS attacks, such as those that crippled many on-line
"e-businesses" earlier this year, can cause the loss
of millions of dollars of revenue as well as reduce confidence
in electronic commerce. The NIPC tool is available at: www.nipc.gov.
Mstream uses LINUX and UNIX computers
to launch packet flooding denial of service attacks against one
or more target systems. The NIPC detection tool allows users
to examine their systems to identify the presence of mstream
and thereby prevent their computers from being used as "zombies"
in an attempted DDOS attack against other systems.
In December 1999, the NIPC made
available a tool that was effective against other DDOS exploits,
including TrinOO and TFN. This release updates that tool to include
the ability to detect mstream. NIPC continues to work aggressively
with other government agencies and industry to provide timely
and effective warnings and countermeasures to the increasingly
damaging threats posed to the U.S. cyber infrastructure.
As with earlier DDOS exploits,
there is currently no way for a potential victim to prevent an
mstream attack. Rather, security depends on a community-wide
effort to detect and remove mstream "zombies," thereby
reducing the number of computers that can be used to attack the
ultimate target. For that reason, the NIPC strongly encourages
widespread use of its detection tool, and any others that become
available.
Any suspected DDOS related activity
should be reported to a local FBI office, the NIPC Watch and Warning
Unit, other law enforcement agencies, or computer emergency response
support organizations, as appropriate. The NIPC Watch and Warning
Unit can be reached at (202) 323- 3204/3205/3206, or by e-mail
at nipc.watch@fbi.gov.