A new distributed denial of service (DDoS) attack tool known as TB (the-binary) have been found in the wild.


Distributed Denial of Service attacks can bring down a network by flooding target machines with large amounts of traffic. In February of 2000, several of the Internet's largest Web sites, including Yahoo,, eBay, and were disrupted for extended periods of time by DDoS tools. These new tools were detected in corporate networks, as well as in personal computers with high speed network connections. The prevalence of high speed DSL and cable modem service magnifies these tools' potential effectiveness.


For a detailed description of the TB program, refer to "Reverse Challenge Answers"

For more related information, Dave Dittrich wrote several documents, which can be found at: 


To find a TB agent on your computer, use the netstat command:

		# netstat -wpa
		Active Internet connections (servers and established)
		Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
		raw        0      0 *:nvp                   *:*                     7           15900/[mingetty]    
Additional Information: The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN^2002^0228 to this issue. This is a candidate for inclusion in the CVE list (, which standardizes names for security problems.