Section: .. / distributed /
|
Denial of Service tools are for use when testing your own machines only. Use of these tools on a test network is the only way to build a stable network enabled product that will not crash under the load of a distributed packet flood.
|
| /// File Name: |
find_ddos_v42_linux.tar.Z |
Description:
|
Find_ddos v4.2 (linux) - The NIPC has developed a tool to assist in combating ddos agents. The tool scans a local system that is either known or suspected to contain a DDOS program. The tool will detect several known denial-of-service attack tools including tfn2k client, tfn2k daemon, trinoo daemon, trinoo master, tfn daemon, tfn client, stacheldraht master, stacheldraht client, stachelddraht demon and tfn-rush client. Solaris version also available.
| | Homepage: | http://www.nipc.gov/warnings/advisories/2001/01-005.htm | | File Size: | 367999 | | Last Modified: | Jan 31 07:10:01 2002 |
| MD5 Checksum: | 5af645362aa80a3fb6c1f1c3fab6e7a3 |
|
| /// File Name: |
find_ddosV2.tar.Z |
Description:
|
Find_ddos Version 2 - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools, including the trinoo daemon, trinoo master, enhanced tfn daemon, tfn daemon, tfn client, tfn2k daemon, tfn2k client, and the tfn-rush client.
| | Homepage: | http://www.fbi.gov/nipc/trinoo.htm | | Changes: | Detects TFN2k. | | File Size: | 43644 | | Last Modified: | Jan 4 09:48:52 2000 |
| MD5 Checksum: | f6ec5a4d095195575468dda4adb088ed |
|
| /// File Name: |
firstaid.txt |
Description:
|
Mixters guide to defending against DDOS - 10 Proposed 'first-aid' security measures which should be implemented by anyone at risk.
| | Author: | Mixter | | Homepage: | http://mixter.void.ru | | File Size: | 7465 | | Last Modified: | Feb 11 20:16:50 2000 |
| MD5 Checksum: | fc483ecea83567cb0345cc2edf2227c6 |
|
| /// File Name: |
flitz-0.1.tgz |
Description:
|
Flitz is a DDOS tool which features spoofed ip/tcp/udp flood, flooding in parallel, distributed smurf attack and status report of the slave. With one stop command, you can stop all the slaves at once.
| | Author: | Xphere | | Homepage: | http://home.wanadoo.nl/gin | | File Size: | 12659 | | Last Modified: | Jan 9 00:42:01 2001 |
| MD5 Checksum: | 4fc98181098322eecfb91ab4b2860d61 |
|
| /// File Name: |
Freak88.zip |
Description:
|
Freak88's Distributed Attack Suite is a windows trojan similar to wintrin00. It can connect up to 3 infected machines and start 65000 byte ICMP floods. Auto starts from the registry and copies itself to c:\windows\system.
| | Author: | Freak88[at]dalnet | | Homepage: | http://www.freak88.net | | File Size: | 12434 | | Last Modified: | May 14 23:30:14 2000 |
| MD5 Checksum: | 7dbf5b3a7be12d4ee861d5b33bfe1f2d |
|
| /// File Name: |
funtimeApocalypseWin.zip |
Description:
|
Dynamic IP's getting you down in your search for a better distributed attack? Don't think remote control, think "timed fuse". This is "concept code" designed to show the real danger of Windows systems being rooted en masse and used in a distributed attack scenario. Beta, no updates.
| | Author: | The Pull | | File Size: | 295507 | | Last Modified: | Jan 13 20:40:19 2000 |
| MD5 Checksum: | fa0b14af5de2225b1b833367357e24cc |
|
| /// File Name: |
icmpdoor.tar.gz |
Description:
|
Small ICMP based backdoor and DDoS slave + master. In German and English.
| | Author: | l0om | | File Size: | 7147 | | Last Modified: | Oct 21 04:21:56 2003 |
| MD5 Checksum: | 3cae6d2651972b788eb60a662a67ea5d |
|
| /// File Name: |
icmpenum-1.1.1.tgz |
Description:
|
This is a proof-of-concept tool to demonstrate possible distributed attacking concepts, such as sending packets from one workstation and sniffing the reply packets on another.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 7610 | | Last Modified: | Oct 21 05:14:03 2003 |
| MD5 Checksum: | 007b9032c081f6fef832762eec96be5e |
|
| /// File Name: |
icmpenum-1.1.tgz |
Description:
|
This is a proof-of-concept tool to demonstrate possible distributed attacking concepts, such as sending packets from one workstation and sniffing the reply packets on another.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 8613 | | Last Modified: | Feb 17 00:37:04 2000 |
| MD5 Checksum: | 887a4b39a441342a46a392bddced1aaa |
|
| /// File Name: |
kaiten.c |
Description:
|
Kaitan.c is an IRC based DDoS client.
| | Author: | contem. | | File Size: | 39019 | | Last Modified: | Dec 28 00:26:26 2001 |
| MD5 Checksum: | 74fe3d86afcbf6c801d1cc3c4d6e357d |
|
| /// File Name: |
knight.c |
Description:
|
Knight.c Knight is a distributed denial of service client that is very light weight and is very powerful. It goes on IRC and joins a channel, then accepts commands via IRC (to prevent from getting caught). It has features like, an automatic updater via http or ftp, a checksum generater, a syn flooder, a tcp flooder, a udp flooder, slice2, spoofing to subnets, and more. This program has been used to create DDoS nets of over 1000 clients.
| | Author: | Bysin. | | File Size: | 34822 | | Last Modified: | Jul 12 07:36:50 2001 |
| MD5 Checksum: | 30aded215fadd9c85bfcb92da55f8fd4 |
|
| /// File Name: |
mio-star.tgz |
Description:
|
The mio-star distributed multihosted unix password cracker v0.1 runs on all platforms where perl is installed. Comments and documentation is in German.
| | Author: | Drunken Monkey Style | | File Size: | 9961 | | Last Modified: | Apr 25 19:08:42 2000 |
| MD5 Checksum: | 38125314bcf691a20a4acf5974f43e02 |
|
| /// File Name: |
mstream.analysis.txt |
Description:
|
Analysis of the "mstream" distributed denial of service attack tool, based on the source code of "stream2.c", a classic point-to-point DoS attack tool. mstream is more primitive than any of the other DDoS tools.
| | Author: | Dave Dittrich | | Homepage: | http://www.washington.edu/People/dad/ | | File Size: | 97850 | | Last Modified: | May 14 12:56:00 2000 |
| MD5 Checksum: | 82dd67ecacb8ff5731279209d4b70342 |
|
| /// File Name: |
mstream.txt |
Description:
|
mstream, a DDoS tool. It's been alleged that this source code, once compiled, was used by persons unknown in the distributed denial of service (DDoS) attacks earlier this year. Obviously such a thing cannot be confirmed aside from through a process of targeted sites making an appropriate comparison between the traffic this software would generate and the traffic they actually received. Submitted Anonymously.
| | File Size: | 26473 | | Last Modified: | May 1 21:52:04 2000 |
| MD5 Checksum: | 08ec36853347b7b88b5ac0f7f3f15685 |
|
| /// File Name: |
Mstream_Analysis.txt |
Description:
|
Mstream, the newest of DDoS tools to be circulated, has been analyzed and has been found to be more primitive than any of the other DDoS tools available. Examination of reverse engineered and recovered C source code reveals the program to be in early development stages, with numerous bugs and an incomplete feature set compared with any of the other listed tools. The effectiveness of the stream/stream2 attack itself, however, means that it will still be disruptive to the victim (and agent) networks even with an attack network consisting of only a handfull of agents.
| | Author: | David Dittrich | | File Size: | 98002 | | Last Modified: | May 1 23:19:09 2000 |
| MD5 Checksum: | d99d36bb136ad1b329fab03870d478df |
|
| /// File Name: |
omegav3.tgz |
Description:
|
Omega v3 Beta is another new DDoS program.
| | Author: | xt | | File Size: | 19697 | | Last Modified: | Aug 31 02:22:31 2000 |
| MD5 Checksum: | 8f2b572c9d780eed4a92ad0bcebd2dfd |
|
| /// File Name: |
plague-beta1.tar.gz |
Description:
|
Plague creates an environment that is capable of effectively coordinating a number of compromised hosts in a distributed attack. The nature of this attack ranges from denial of service to a sophisticated scan of the Internet for potential targets for future compromise.
| | Author: | Blazinweed | | File Size: | 27933 | | Last Modified: | Jul 24 20:42:11 2000 |
| MD5 Checksum: | aad7a846b6020714a688798eecbc95b1 |
|
| /// File Name: |
pud.tgz |
Description:
|
Pud is a peer-to-peer ddos client/server which does not rely on hubs or leafs to function properly. It can connect as many nodes together as you like, and if one node dies, the rest will always stay up).
| | Author: | Contem[at]efnet. | | File Size: | 18206 | | Last Modified: | Sep 12 15:34:11 2002 |
| MD5 Checksum: | 4d79894c14735a1408d6ad18c1aa66b6 |
|
| /// File Name: |
ramen-clean.zip |
Description:
|
Ramen-Clean is a perl script which checks to see if your system is infected with the Ramen Linux Worm, and cleans it.
| | Author: | PhantasmP | | Homepage: | http://hwa-security.net | | File Size: | 2113 | | Last Modified: | Jan 24 22:58:06 2001 |
| MD5 Checksum: | 8135ad0d8a6731b216f3a5a69bca3040 |
|
| /// File Name: |
ramenfind.v0.3.gz |
Description:
|
Ramenfind v0.3 is a local Ramen worm detection and removal tool. Final release unless problems are found.
| | Homepage: | http://www.sans.org/y2k/ramen.htm | | File Size: | 9678 | | Last Modified: | Feb 11 01:13:23 2001 |
| MD5 Checksum: | 6e86aeec1678f9955176db9aa9d73f7d |
|
| /// File Name: |
ramenfind.v0.4.gz |
Description:
|
Ramenfind v0.4 is a local Ramen worm detection and removal tool. Final release unless problems are found.
| | Homepage: | http://www.sans.org/y2k/ramen.htm | | Changes: | Ramenfind now handles a new ramen variant, which creates /usr/sbin/update. | | File Size: | 11542 | | Last Modified: | Feb 16 02:29:41 2001 |
| MD5 Checksum: | 47ec41edc981a66df35e1dcaec2fa47c |
|
| /// File Name: |
razor.wintrinoo.txt |
Description:
|
Razor has acquired a copy of the Windows Trojan Trinoo, the following is technical information gained from disassembling the binary.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 1872 | | Last Modified: | Feb 29 13:15:33 2000 |
| MD5 Checksum: | 2c3b11b28d6e18377678758fca03a8cd |
|
| /// File Name: |
rid-1_0.tgz |
Description:
|
RID is a configurable remote DDOS tool detector which can remotely detect Stacheldraht, TFN, Trinoo and TFN2k if the attacker did not change the default ports.
| | Author: | David Brumley | | File Size: | 22964 | | Last Modified: | Feb 9 23:42:58 2000 |
| MD5 Checksum: | e954c79898465597d0da783738460554 |
|
| /// File Name: |
rivat.tgz |
Description:
|
Rivat is a distributed CGI scanner written in perl which scans for over 405 vulnerabilities.
| | Author: | Xtremist | | Homepage: | http://www.r00tabega.com | | File Size: | 5730 | | Last Modified: | Jul 31 23:22:46 2000 |
| MD5 Checksum: | 3e13dff1d33f06227f8e2e98d96d6a46 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
