MimeStar.com: Detecting and Decoding “mstream” Activity

“Recently a distributed denial of service (DDoS) attack tool
known as “mstream” has surfaced inside the cracker and security
communities. This tool allows malicious individuals to perform
denial of service attacks against target hosts in a large-scale
fashion, using a number of centrally controlled attacker

“In response to the surfacing of this attack tool and the
published analysis of its inner workings, we have developed a set
of SNP-L scripts and attack signatures which allow one to detect
and decode “mstream” network activity.”

“Using the attack signature modules and SNP-L scripts included
in this write-up, one can detect and decode “mstream” network
activity. Decoding of the following transmissions is supported:

Attacker <-> Handler TCP Control Connections
Handler -> Agent UDP Control Messages
Agent -> Handler UDP Control Messages”


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis