Non-Technical Summary: new attack tool: Grand Nagus

A new agent program to carry out distributed denial of service (DDoS) attacks has been found in the wild. It was reverse engineered in form of a challenge of the Honeynet project, where it was found that this agent program implements a new kind of indirect attack.

The program provides a weakly encrypted but difficult to trace communication channel. Over this channel, it can be configured to attack other hosts on the Internet. The agent is capable of doing several traditional denial of service attacks (UDP flood, ICMP flood, TCP SYN flood) and a new form of indirect attack using public DNS servers. This new attack is difficult to defend against when one is on the receiving end of such an attack. Organisations and ISP can, however, make sure no such attack can be launched from inside their network by configuring their firewall appropriately.

The agent program runs under Linux. It does not spread itself, it is neither a worm nor a virus. It has to be deliberately installed by an attacker after he broke into the Linux machine.