Signature Detail

Short Name	DDOS:TRIN00:MASTER-CMD-MDIE
Severity	Medium
Recommended	No
Category	DDOS
Keywords	TRIN00 Attacker To Master Command (mdie)
Release Date	2003/04/22
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

DDOS: TRIN00 Attacker To Master Command (mdie)

This signature detects the command string "mdie" in a TCP packet sent to port 27665. This can indicate a Trin00 master is attempting to disable all Bcast hosts. Attackers can use Trin00, a distributed-denial-of-service (DDoS) attack tool, to flood IP addresses with packets from forged source addresses.

Extended Description

Trin00 enables an attacker to cause a DDoS or crash the target system by controlling master server(s) and daemon host(s).

References

CVE: CVE-2000-0138
URL: http://staff.washington.edu/dittrich/misc/trinoo.analysis

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

DDOS: TRIN00 Attacker To Master Command (mdie)

Extended Description

References