Zombie Zapper v1.1 Windows NT Source Code - Zombie Zapper [tm] is a free, open source tool that can tell a zombie system flooding packets to stop flooding. It works against Trinoo, TFN, and Stacheldraht. It does assume various defaults used by these attack tools are still in place, but allows you to put the zombies to sleep.
b3fae7b9fa0a1bb760bbe05f0825453bd6acef2df7f9d8205c29673c7bee2250Zombie Zapper Unix version 1.0 - Zombie Zapper [tm] is a free, open source tool that can tell a zombie system flooding packets to stop flooding. It works against Trinoo, TFN, and Stacheldraht. It does assume various defaults used by these attack tools are still in place, but allows you to put the zombies to sleep.
8e4fe86577b2c84b927bf077788d5fcab15f3c2d4cfad4706ff93a7c2a19ed06This is a proof-of-concept tool to demonstrate possible distributed attacking concepts, such as sending packets from one workstation and sniffing the reply packets on another.
5e617cf0cb9536d67cf2f63996629e47e11fc6856b5cfb66fe5a51d551eb1189Distributed Denial of Service Defense Tactics - This paper details some practical strategies that can be used by system administrators to help protect themselves from distributed denial of service attacks as well as protect themselves from becoming unwitting attack nodes against other companies.
d0f80557044b2a18453f2dc7582595ddb3ce718da4f6063550bdaf18440afa5bTFN3k is a paper about the future of DDOS tools, how they can be used, and the dangerous features that can and probably will be implemented in the future. Also has information on establishing Network Intrusion Detection (NIDS) Rules for DDOS attacks.
81f6b4c0bc45d0a32a93a7d9053beb1a229a36193e7cbb36d1a180bcf41cc5f6This document is a technical analysis of the Tribe Flood Network 2000 (TFN2K) distributed denial-of-service (DDoS) attack tool, the successor to the original TFN Trojan by Mixter.
cfd9ab39b27fdf49f0cb4d3d8c500997b796dad7ca44d25f3176e7b85dabcb83Mixters guide to defending against DDOS - 10 Proposed 'first-aid' security measures which should be implemented by anyone at risk.
a45bc9efc6b77fa911f41e367dd8ef7a0a6a867f5d47435a7fe799d7074c2ae5Zombie Zapper v1.0 Windows NT Source Code - Zombie Zapper [tm] is a free, open source tool that can tell a zombie system flooding packets to stop flooding. It works against Trinoo, TFN, and Stacheldraht. It does assume various defaults used by these attack tools are still in place, but allows you to put the zombies to sleep.
64ecfba45eafc81f39e5ef7e52af912125ececd41f48648ccb5b2eaf216a790fThis paper describes a technique for tracing anonymous attacks in the Internet back to their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or "spoofed", source addresses. In this paper we describe a general purpose traceback mechanism based on probabilistic packet marking in the network. Our approach allows a victim to identify the network path(s) traversed by an attacker without requiring interactive operational support from Internet Service Providers (ISPs). Moreover, this traceback can be performed "post-mortem" -- after an attack has completed. We present one implementation of this technology that is incrementally deployable, (mostly) backwards compatible and can be efficiently implemented using conventional technology. In pdf and postscript format.
bb7e781a8fbc104cfd9119ecf7c8caf54c5aab786c654c2d11dd9b87b1c48922Cisco Newsflash - Distributed Denial of Service. Contains information to help you understand how DDoS attacks are orchestrated, recognise programs used to launch DDoS attacks, and apply measures to prevent the attacks (including anti-spoofing commands, egress filtering, RPF and CEF, ACL's, rate limiting for SYN packets). Also contains information on gathering forensic information if you suspect an attack, and learning more about host security.
5706e76198a9513e1ab2858df9480fb5b1c60bd30defbb8002e77823fa329be8RID is a configurable remote DDOS tool detector which can remotely detect Stacheldraht, TFN, Trinoo and TFN2k if the attacker did not change the default ports.
16f99c15f1cd344690a188e10699603f0d8f2c15ca046da9943310393778589cStacheldrahtV4 - (German for "barbed wire") combines features of the "trinoo" distributed denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and stacheldraht masters and automated update of the agents.
324f5cedf781850646c2ca7ce3d9fd632bfd7b5c9e2d7fdf2c11a660509b805cFind_ddos Version 3.1 (solaris intel) - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools including tfn2k client, tfn2k daemon, trinoo daemon, trinoo master, tfn daemon, tfn client, stacheldraht master, stacheldraht client, stachelddraht demon and tfn-rush client.
9faf64c8b6739303cc2dc2b4152896361bdf70c5807908afbaadd586a0ae20c1Find_ddos Version 3.1 (linux) - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools including tfn2k client, tfn2k daemon, trinoo daemon, trinoo master, tfn daemon, tfn client, stacheldraht master, stacheldraht client, stachelddraht demon and tfn-rush client.
555d7ce8aff713ccf10f2d9cf13bf78dae04c68345ffffcf5cd52f591896a466Find_ddos Version 3.1 (sparc) - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools including tfn2k client, tfn2k daemon, trinoo daemon, trinoo master, tfn daemon, tfn client, stacheldraht master, stacheldraht client, stachelddraht demon and tfn-rush client.
862b19352d79f9875321d98f6bbf6571a9ba8799ac5008189740bfedfd987b0dDynamic IP's getting you down in your search for a better distributed attack? Don't think remote control, think "timed fuse". This is "concept code" designed to show the real danger of Windows systems being rooted en masse and used in a distributed attack scenario. Beta, no updates.
47b7b9425f345b3e44df92110523db5ef1c8d97bc214f34c26dfcce4faf60822Find_ddos Version 3 (intel) - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools.
bc3fb651da42532108a4c8d7143c545f9a00ba72280365382af457c3e7408c08Find_ddos Version 3 (sparc) - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools.
b1c3ccd8b59083c3c23809a68a3279286db3304fc76364c7dd89035c4c650f29A simple distributed port scanner that uses many computers to conduct a port scan which should make it harder to trace the source. This release of dscan has many improvements of the last release, for a full list see the HISTORY file in the archive. Dscan started off as proof of concept code and has now turned into a project for testing new techniques such as linked lists. This release does not come with UDP port scanning support but a patch file should be available in a few days time to add UDP support.
8d832f686211ed9ba06ec745785bdef3ee34d4df5993d6ce6b1f33405b0e1099"gag" is a program to remotely scan for "stacheldraht" agents, which are part of an active "stacheldraht" network. It will not detect trinoo, the original Tribe Flood Network (TFN), or TFN2K agents. Tested on linux/solaris/AIX/BSD.
e5c6d78b9d6ac27ed84bc86b8f0e2a5db68ea378ec8fb8c63b06436eae38fe13Find_ddos Version 2 - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools, including the trinoo daemon, trinoo master, enhanced tfn daemon, tfn daemon, tfn client, tfn2k daemon, tfn2k client, and the tfn-rush client.
3178aa5ca62b73b6781659600f9dae776ff19371a8a775fe0a58d906ded64341Analysis of TFN-Style Toolkit v 1.1 - One of our systems was compromised and prompt action by the local sysadmin prevented the hackers from running their cleanup scripts. Consequently, we were able to get the toolkit that they were using against us. This toolkit contains components that are similar to what is in the TFN toolkit.
931bf856df02a6b943a81ec00d6ae03423a858509db190e01a1c3ee4fbce96f8The following is an analysis of "stacheldraht", a distributed denial of service attack tool, based on source code from the "Tribe Flood Network" distributed denial of service attack tool. Stacheldraht (German for "barbed wire") combines features of the "trinoo" distributed denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and stacheldraht masters and automated update of the agents.
bc4c022ff592ac5a5e926474eabe73cf1b4c0adf026de3eb391f6a929b9213ecThis program remotely kills trino nodes on version 1.07b2+f3 and below.
f57c15a7388cce60e4861913031d4f77c0bca6be29a00a0a70402e9cde13e7c8Tribe Flood Network 2000. Using distributed client/server functionality, stealth and encryption techniques and a variety of functions, TFN can be used to control any number of remote machines to generate on-demand, anonymous Denial Of Service attacks and remote shell access. The new and improved features in this version include Remote one-way command execution for distributed execution control, Mix attack aimed at weak routers, Targa3 attack aimed at systems with IP stack vulnerabilities, Compatibility to many UNIX systems and Windows NT, spoofed source addresses, strong CAST encryption of all client/server traffic, one-way communication protocol, messaging via random IP protocol, decoy packets, and extensive documentation. Currently no IDS software will recognise tfn2k.
07f94c742546e490bd6c8ab103c0ffa31399129812380e0bece242fcdf7a4cba
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed