How do I check my servers to see if they are active DDoS hosts?
• Acquire one or more filesystem scanning tools to determine if any of the known DDoS tools are present on your server file system. • Compare the available tools from security tool vendors. Like virus software, DDoS tools become obsolete as new DDoS exploits are invented or existing ones are modified to evade detection. Select a tool that has been recently updated to handle the latest DDoS attack methods. • The FBI offers a tool on their website called “find_ddos” that will search the file system for the Trinoo, TFN, TFN2K and Stacheldraht DDoS tools. It is freely available on http://www.fbi.gov/nipc/trinoo.htm. One may be interested in the fact that the FBI does not make the source code for this program available. • Note that the FBI tool is not guaranteed to catch every DDoS binary. If the perpetrator has installed a root package, the find_ddos program may or may not be able to overcome it. The readme file says, “The tool was written in C so that it will have minimal reliance on syst
