Last week, we mentioned a CERT advisory about the increased presence of automated tools to facilitate Denial-of-Service attacks. CERT has issued a new advisory on developments in this area, partially in reaction to this detailed analysis of one such DOS tool, "stacheldraht", by David Dittrich.
[...] Both Solaris and Linux are target platforms for "stacheldract", even though Solaris appears to be the more popular platform for it at the moment. The key to this attack is the ability to find literally thousands of exploitable sites from which to launch Denial-of-Service attacks on the intended victim. As a result, the primary defense against it is to increase security awareness and improve practices on all sites, as well as to increase intrusion detection measures, so that exploited sites can find out they have been impacted and address the problem. A perl script called "gag" is referred to in David's analysis and can be used to detect the presence of stacheldraht on your machine.