The FBI today issued the following
statement:
Over the last several weeks,
the National Infrastructure Protection Center (NIPC) has received
multiple reports of the presence of Distributed Denial of Service
(DDOS) tools on computer systems in the United States. The NIPC
issued alerts about these tools on December 6, 1999 and today
(see http://www.nipc.gov). The CERT at Carnegie Mellon has also
issued an incident note (IN-99-OT) on November 18, 1999, and
an update on December 28, 1999 (see http://www.cert.org/incident_notes/IN-99-07.html).
These DDOS tools have also now been reported by the media and
published on the Internet. These DDOS tools, such as "trin00"
and "Tribe Flood Network" ("tfn"), are capable
of generating sufficient network traffic to render the targeted
network or computer system inoperable. Installation has been
accomplished primarily through compromises exploiting known Sun
RPC vulnerabilities. Basically, these tools allow an intruder
to have multiple victim systems launch denial of service attacks
against other systems that are the ultimate target.
The NIPC has developed a software
application that can be used by system administrators to scan
their computer systems to determine whether they contain the
"trin00" or "tfn" tools and therefore might
be used as part of a DDOS attack on another network. The latest
version of this detection software can be downloaded from the
NIPC Internet Web site (http://www.nipc.gov). The NIPC requests
that computer network administrators report the detection of
DDOS tools or other apparent criminal activity on their systems
to their local FBI Field Office or to the NIPC at nipc.watch@fbi.gov.
NIPC Director Michael Vatis stated:
"A central part of the NIPC's mission is to help protect
critical computer networks by alerting private industry and government
agencies of potential threats before an attack occurs.
In this case, we have gone one step further by developing a software
application that can be used to detect the presence of a significant
hacker tool and neutralize it."
The NIPC commenced its Y2K Command
Post at FBIHQ yesterday, and will operate 24 hours a day until
January 5. In addition, each FBI Field Office has initiated a
Command Post. These Command Posts have been established to facilitate
the FBI's detection of and response to any criminal activity,
cyber or physical, that might occur during the Millennium rollover
period.
The NIPC is a multi-agency organization
whose mission is to detect, warn of, respond to, and investigate
computer intrusions and other unlawful acts that threaten or
target our Nation's critical infrastructures. Located in the
FBI's headquarters building in Washington, D.C., the NIPC brings
together representatives from the FBI, other U.S. government
agencies, state and local governments, and the private sector
in a partnership to protect our Nation's critical infrastructures.
More information on the NIPC is available on the World Wide Web
at http://www.nipc.gov.
The following MD5 checksums should
be used to validate the files available for downloading: