Based on the signatures provided by Mr. Dittrich, we have updated
SARA (http://www-arc.com/sara) (version 3.0.2) to detect the presence
of the mstream DDOS (both wild and published).
------------------------------------------------------------------
Bob Todd
Advanced Research Corporation
http://www-arc.com
----- Original Message -----
From: Dave Dittrich <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, May 01, 2000 5:08 PM
Subject: Re: Source code to mstream, a DDoS tool
> ==========================================================================
>
> The "mstream" distributed denial of service attack tool
>
> ==========================================================================
>
> May 1, 2000
> Copyright (C) 2000. All rights reserved.
>
> David Dittrich
> University of Washington
> <[EMAIL PROTECTED]>
>
> George Weaver
> Pennsylvania State University
> <[EMAIL PROTECTED]>
>
> Sven Dietrich
> NASA Goddard Space Flight Center
> <[EMAIL PROTECTED]>
>
> Neil Long
> Oxford University
> <[EMAIL PROTECTED]>
>
>
> Introduction
> ------------
>
> The following is an analysis of "mstream", a distributed denial of
> service (DDoS) attack tool, based on the source code of "stream2.c", a
> classic point-to-point DoS attack tool [12].
<<<<< cut >>>>>
