exploit the possibilities
Showing 1 - 9 of 9 RSS Feed

Files from David Dittrich

First Active1999-08-17
Last Active2000-05-14
mstream.analysis.txt
Posted May 14, 2000
Authored by David Dittrich | Site washington.edu

Analysis of the "mstream" distributed denial of service attack tool, based on the source code of "stream2.c", a classic point-to-point DoS attack tool. mstream is more primitive than any of the other DDoS tools.

tags | denial of service
MD5 | 82dd67ecacb8ff5731279209d4b70342
Mstream_Analysis.txt
Posted May 1, 2000
Authored by David Dittrich

Mstream, the newest of DDoS tools to be circulated, has been analyzed and has been found to be more primitive than any of the other DDoS tools available. Examination of reverse engineered and recovered C source code reveals the program to be in early development stages, with numerous bugs and an incomplete feature set compared with any of the other listed tools. The effectiveness of the stream/stream2 attack itself, however, means that it will still be disruptive to the victim (and agent) networks even with an attack network consisting of only a handfull of agents.

tags | denial of service
MD5 | d99d36bb136ad1b329fab03870d478df
shaft_analysis.txt
Posted Mar 24, 2000
Authored by David Dittrich, Sven Dietrich, Neil Long | Site sled.gsfc.nasa.gov

An analysis of the "Shaft" distributed denial of service tool. Shaftnode was recovered initially in November, 1999. Distinctive features are the ability to switch handler servers and handler ports on the fly, making detection by intrusion detection tools difficult from that perspective, a "ticket" mechanism to link transactions, and the particular interest in packet statistics, showing the "yield" of the DDoS network as a whole.

tags | denial of service
MD5 | e3af444432b23dbc909e55320c0991b2
sickenscan.tar
Posted Jan 6, 2000
Authored by David Dittrich, Marcus Ranum

"gag" is a program to remotely scan for "stacheldraht" agents, which are part of an active "stacheldraht" network. It will not detect trinoo, the original Tribe Flood Network (TFN), or TFN2K agents. Tested on linux/solaris/AIX/BSD.

tags | denial of service
systems | linux, solaris, bsd, aix
MD5 | 735e6aeaeb3262d11a092a649b0b7813
stacheldraht.analysis
Posted Jan 4, 2000
Authored by David Dittrich | Site staff.washington.edu

The following is an analysis of "stacheldraht", a distributed denial of service attack tool, based on source code from the "Tribe Flood Network" distributed denial of service attack tool. Stacheldraht (German for "barbed wire") combines features of the "trinoo" distributed denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and stacheldraht masters and automated update of the agents.

tags | denial of service
MD5 | 40a973414685d1eee7d607575441ca3a
dsit_workshop.pdf
Posted Dec 9, 1999
Authored by David Dittrich, Clarissa Cook, Richard Kemmerer

Results of the Distributed-Systems Intruder Tools Workshop (Nov 2-4, 1999). Several distributed intruder tools are in widespread use now, and the technology is maturing. As a result, a single command from an attacker can result in tens of thousands of concurrent attacks.

tags | denial of service
MD5 | b69cb60c78ff79ee69d4513e534245f9
tfn.analysis.txt
Posted Aug 17, 1999
Authored by David Dittrich

The following is an analysis of the "Tribe Flood Network", or "TFN", by Mixter. TFN is ai powerful distributed attack tool and backdoor currently being developed and tested on a large number of compromised Unix systems on the Internet. TFN source available here.

tags | denial of service
systems | unix
MD5 | 5e83210b7399408c0735c3ea14cdfe35
trinoo.analysis.txt
Posted Aug 17, 1999
Authored by David Dittrich

The following is an analysis of the DoS Project's "trinoo" (a.k.a. "trin00") master/slave programs, which implement a distributed network denial of service tool. Trinoo daemons were originally found in binary form on a number of Solaris 2.x systems, and probably being set up on hundreds, perhaps thousands, of systems on the Internet that are being compromised by remote buffer overrun exploitation.

tags | remote, denial of service, overflow
systems | solaris
MD5 | 850306089225ee486a29ed60b7f5dd71
dittrich.pl
Posted Aug 17, 1999
Authored by David Dittrich

This program gathers as much information as possible about an intruder's system, using nmap, netcat.

systems | unix
MD5 | 4a32b158a470ea2d1459b6433f1d0bbf
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    16 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close