FBI Releases Updated DDoS Detection Tools

Alex Prestin writes, "In an effort to control the recent distributed Denial of Service attacks which everyone's heard about, the FBI has released Linux and Solaris tools to detect the presence (or absence) of the various DDoS daemons. They're available in binary form only (for now). You can get them here." Quote from the page: "Recipients are asked to report significant or suspected criminal activity to their local FBI office." Update: 02/10 07:37 by H :Here's some more information:The author of the DDoS analyses (at staff.washington.edu/dittrich) has released a network scanner to scan for active agents on your network. It includes source, and is available here. PLEASE use it responsibly.

Binary only is a boneheaded mistake

[Nathaniel]

Releasing only a binary version of the detection tools is a boneheaded move. The tools will not be installed on nearly as many machines as simply because the source is not available.

There are already people clamoring over conspricy theories. Now they will suggest that the detection tools might contribute to the problem.

This bugs me..

[sampowers]

Okay, Let's say i'm an admin of a free unix shell service. I have about 10,000 users (shellyeah.org has this many). I use their tools to find that about 150 of my users are running these ddosd's. Why should I report it to them? I'd simply terminate their access and the daemons. (And maybe report them to their ISP's, tell their mommies, etc).

Bottom line, why would i want the FBI to take care of it when i can take care of it myself? I could watch the daemons for about a week and try to figure out who else is on the ddos network, and report it to those sysadmins. The 'net isn't FBI ground, no matter what they try to force on the public.

Copyright in US Fed government works

[KMSelf]

What's particulary painful is that this is a clear case in which source distribution would be a major plus. If this code is a work of the US Federal Government, then it is not protected by copyright under 17 USC 105.

Interestingly, this means that the GNU GPL is powerless to protect the work -- something which is public domain cannot be sheltered by copyright -- but it should be eminantly possible to reverse engineer and enhance the program. Modifications themselve should be covered under copyright law, and might be governed by the GPL or another license.

I would be far happier seeing full source to any such tools before installing them on my own systems.

IANAL. This is not legal advice.

What part of "Gestalt" don't you understand?

Distributed attack against FBI

[jesser]

Thursday, February 11, 2000
Computer hackers bring down FBI website

Computer hackers used a large distributed attack against the FBI website (http://www.fbi.org) yesterday for two hours between 2 PM and 5 PM, Eastern U.S. time.

FBI officials said that most of the compromised computers requested two specific files, suggesting that the hackers might have been attempting to exploit a file-system bug that might have led to additional slowdown.

Many of the computers used in the attack sent messages causing the webpage requests to appear to come from different types of browsers, making them difficult to block.

Top FBI spook Drawoc Suomynona finally figured out how to block the attacker. "Most of the requests sent the 'referring page' as the page for a recent slashdot article. We just blocked all requests with that referrer, and the FBI server quickly became unclogged."

Slashdot (http://www.slashdot.org) is a well-known geek news site. Slashdot editor Rob Malda declined to comment, but was heard mumbling "It's crackers, not hackers, goddamnit."

Suomynona added, "We still have not found the source of these distributed attacks against websites, but we will step up our efforts to find them."

--