Re: FBI / NIPC released a DDoSD detection tool?

[Joe Shaw <jshaw () insync net>]

On Thu, 10 Feb 2000, Pat Myrto wrote:

> Roeland M.J. Meyer has declared that:
> > I don't care where it purports to be from, for this kind of code, I will not
> > trust something [to not be a trojan] that I can not compile myself. This
> > policy applies to SSH, SSL, and other security related code. I am sure that
> > I am not the only one with this policy.
>
> The NIPC admitted that to me.  You are not the only one by a long shot.
>
> I contacted the NIPC site, and sent email to the nicpc contact asking
> about source, explaining the above concerns to them.  Their response
> was they were valid concerns, but they basically didnt care.  NO
> SOURCE.  "Trust us".
[SNIP]
> Until then, however, thanks but no thanks.   I will muddle along using
> other methods.
>
> As such I am looking for open-src tools for finding and smoking out
> these rogue daemons from other sources.

Did people not read where I posted links to info and scanners for the
known DDoS daemons?  I know I'm vocal, and occasionally irrational, but I
like to think I have a few good pieces of information to share now and
again.

http://www.washington.edu/People/dad/, scroll down to Papers / Articles /
Reports, and look at the fifth and sixth entries.

"gag -- a stacheldraht agent scanner (C source code) by Dave Dittrich, 
 Marcus Ranum, and others.
 dds -- a trinoo/TFN/stacheldraht agent scanner (C source code) by Dave 
 Dittrich, Marcus Ranum, George Weaver, David Brumley, and others. [In
 BETA testing.]"

These are links to source tarballs.  

--
Joseph W. Shaw - jshaw () insync net
Computer Security Consultant and Programmer
Free UNIX advocate - "I hack, therefore I am."