Corrections to Computerworld article

• The trinoo and Tribe Flood Network tools do not "include automated scripts that allow relatively inexperienced attackers to harness large numbers of compromised machines". The analyses I did of trinoo and Tribe Flood Network tools includes mention of the intruders using tools to automate the compromise and installation of root kits and trinoo/TFN daemons (but these scripts are not public and do not allow relatively inexperienced attackers to compromise large numbers of systems.)

• In August, intruders broke in to over 100 systems at the UW, but were only able to use 27 systems that had not yet been discovered (and thus remained under their control) to attack the University of Minnesota. Tribe and trinoo were not used to infiltrate these systems, but were installed after infiltrating them using commonly known remote exploits for which patches existed and CERT/CIAC advisories has already covered.

• The attack on the University of Minnesota involved far more than just the 227 systems that were mentioned in my report. I only reported on the subtotal number of unique hosts that were included in the initial report sent out by the University of Minnesota. The total number of unique systems involved over the three day period is far greater than 227.