Section: .. / distributed /
|
Denial of Service tools are for use when testing your own machines only. Use of these tools on a test network is the only way to build a stable network enabled product that will not crash under the load of a distributed packet flood.
|
| /// File Name: |
btodd-whitepaper.txt |
Description:
|
Distributed Denial of Service Attacks have recently emerged as one of the most newsworthy, if not the greatest, weaknesses of the Internet. This paper attempts to explain how they work, why they are hard to combat today, and what will need to happen if they are to be brought under control. Plain text format, PS and HTML available at the homepage, here.
| | Author: | Bennett Todd | | File Size: | 27752 | | Last Modified: | Feb 22 20:57:16 2000 |
| MD5 Checksum: | aa3bb0212d4996647acb70f05d80b4a2 |
|
| /// File Name: |
yahoo.txt |
Description:
|
Technical details of the attack on Yahoo! last week. Includes information on what kind of packets were sent, how they were affected, and how they fixed it.
| | File Size: | 5766 | | Last Modified: | Feb 17 19:20:52 2000 |
| MD5 Checksum: | 4da5382bb2001defe0ab0207cdf348dd |
|
| /// File Name: |
icmpenum-1.1.tgz |
Description:
|
This is a proof-of-concept tool to demonstrate possible distributed attacking concepts, such as sending packets from one workstation and sniffing the reply packets on another.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 8613 | | Last Modified: | Feb 17 00:37:04 2000 |
| MD5 Checksum: | 887a4b39a441342a46a392bddced1aaa |
|
| /// File Name: |
DDSA_Defense.htm |
Description:
|
Distributed Denial of Service Defense Tactics - This paper details some practical strategies that can be used by system administrators to help protect themselves from distributed denial of service attacks as well as protect themselves from becoming unwitting attack nodes against other companies.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 16369 | | Last Modified: | Feb 16 23:57:36 2000 |
| MD5 Checksum: | e1f0aceb853031be5bb2d08b3d12c772 |
|
| /// File Name: |
tfn3k.txt |
Description:
|
TFN3k is a paper about the future of DDOS tools, how they can be used, and the dangerous features that can and probably will be implemented in the future. Also has information on establishing Network Intrusion Detection (NIDS) Rules for DDOS attacks.
| | Author: | Mixter | | File Size: | 13850 | | Last Modified: | Feb 15 00:35:13 2000 |
| MD5 Checksum: | f1466777d721d4f9217b4a1627315faa |
|
| /// File Name: |
TFN2k_Analysis.htm |
Description:
|
This document is a technical analysis of the Tribe Flood Network 2000 (TFN2K) distributed denial-of-service (DDoS) attack tool, the successor to the original TFN Trojan by Mixter.
| | Author: | Jason Barlow and Woody Thrower of the Axent Security Team | | Homepage: | http://www2.axent.com/ | | File Size: | 14506 | | Last Modified: | Feb 12 00:07:50 2000 |
| MD5 Checksum: | 0c37df4a37a47a7796b46d5b840a3628 |
|
| /// File Name: |
firstaid.txt |
Description:
|
Mixters guide to defending against DDOS - 10 Proposed 'first-aid' security measures which should be implemented by anyone at risk.
| | Author: | Mixter | | Homepage: | http://mixter.void.ru | | File Size: | 7465 | | Last Modified: | Feb 11 20:16:50 2000 |
| MD5 Checksum: | fc483ecea83567cb0345cc2edf2227c6 |
|
| /// File Name: |
UW-CSE-00-02-01.tgz |
Description:
|
This paper describes a technique for tracing anonymous attacks in the Internet back to their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or ``spoofed'', source addresses. In this paper we describe a general purpose traceback mechanism based on probabilistic packet marking in the network. Our approach allows a victim to identify the network path(s) traversed by an attacker without requiring interactive operational support from Internet Service Providers (ISPs). Moreover, this traceback can be performed ``post-mortem'' -- after an attack has completed. We present one implementation of this technology that is incrementally deployable, (mostly) backwards compatible and can be efficiently implemented using conventional technology. In pdf and postscript format.
| | Author: | Stefan Savage | | Homepage: | http://www.cs.washington.edu/homes/savage/ | | File Size: | 164581 | | Last Modified: | Feb 11 20:04:48 2000 |
| MD5 Checksum: | efe5d0155497aada70fa6594c60433e0 |
|
| /// File Name: |
cisco-newsflash.htm |
Description:
|
Cisco Newsflash - Distributed Denial of Service. Contains information to help you understand how DDoS attacks are orchestrated, recognise programs used to launch DDoS attacks, and apply measures to prevent the attacks (including anti-spoofing commands, egress filtering, RPF and CEF, ACL's, rate limiting for SYN packets). Also contains information on gathering forensic information if you suspect an attack, and learning more about host security.
| | File Size: | 12786 | | Last Modified: | Feb 11 01:14:05 2000 |
| MD5 Checksum: | 7c18c020e8436f0a308e7e315655f43c |
|
| /// File Name: |
rid-1_0.tgz |
Description:
|
RID is a configurable remote DDOS tool detector which can remotely detect Stacheldraht, TFN, Trinoo and TFN2k if the attacker did not change the default ports.
| | Author: | David Brumley | | File Size: | 22964 | | Last Modified: | Feb 9 23:42:58 2000 |
| MD5 Checksum: | e954c79898465597d0da783738460554 |
|
| /// File Name: |
stachel.tgz |
Description:
|
StacheldrahtV4 - (German for "barbed wire") combines features of the "trinoo" distributed denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and stacheldraht masters and automated update of the agents.
| | File Size: | 36831 | | Last Modified: | Feb 8 23:25:28 2000 |
| MD5 Checksum: | 110065233eb12ee3a1a5c88b985f865e |
|
| /// File Name: |
find_ddos_v31_intel.tar.Z |
Description:
|
Find_ddos Version 3.1 (solaris intel) - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools including tfn2k client, tfn2k daemon, trinoo daemon, trinoo master, tfn daemon, tfn client, stacheldraht master, stacheldraht client, stachelddraht demon and tfn-rush client.
| | Homepage: | http://www.fbi.gov/nipc/trinoo.htm | | File Size: | 54470 | | Last Modified: | Feb 7 21:53:59 2000 |
| MD5 Checksum: | 48dccf4539bc56e7569868617f3393b6 |
|
| /// File Name: |
find_ddos_v31_linux.tar.Z |
Description:
|
Find_ddos Version 3.1 (linux) - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools including tfn2k client, tfn2k daemon, trinoo daemon, trinoo master, tfn daemon, tfn client, stacheldraht master, stacheldraht client, stachelddraht demon and tfn-rush client.
| | Homepage: | http://www.fbi.gov/nipc/trinoo.htm | | File Size: | 358839 | | Last Modified: | Feb 7 21:53:55 2000 |
| MD5 Checksum: | e2687f1cfaa3cca954836fa8a1846eb8 |
|
| /// File Name: |
find_ddos_v31_sparc.tar.Z |
Description:
|
Find_ddos Version 3.1 (sparc) - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools including tfn2k client, tfn2k daemon, trinoo daemon, trinoo master, tfn daemon, tfn client, stacheldraht master, stacheldraht client, stachelddraht demon and tfn-rush client.
| | Homepage: | http://www.fbi.gov/nipc/trinoo.htm | | File Size: | 53336 | | Last Modified: | Feb 7 21:53:49 2000 |
| MD5 Checksum: | 53ca1f544fdab923a56e0065bea60b54 |
|
| /// File Name: |
funtimeApocalypseWin.zip |
Description:
|
Dynamic IP's getting you down in your search for a better distributed attack? Don't think remote control, think "timed fuse". This is "concept code" designed to show the real danger of Windows systems being rooted en masse and used in a distributed attack scenario. Beta, no updates.
| | Author: | The Pull | | File Size: | 295507 | | Last Modified: | Jan 13 20:40:19 2000 |
| MD5 Checksum: | fa0b14af5de2225b1b833367357e24cc |
|
| /// File Name: |
find_ddos_v3_intel.tar.z |
Description:
|
Find_ddos Version 3 (intel) - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools.
| | Homepage: | http://www.fbi.gov/nipc/trinoo.htm | | Changes: | Detects tfn2k client, tfn2k daemon, trinoo daemon, trinoo master, tfn daemon, tfn client, stacheldraht master, stacheldraht client, stachelddraht demon and tfn-rush client. This new version (find_ddosV3) is now available for Solaris on Sparc or Intel platforms and will no longer improperly identify itself or any previous version as a DDOS program. | | File Size: | 50898 | | Last Modified: | Jan 13 20:29:27 2000 |
| MD5 Checksum: | 22d01a06fd182104f09252cc95accee7 |
|
| /// File Name: |
find_ddos_v3_sparc.tar.z |
Description:
|
Find_ddos Version 3 (sparc) - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools.
| | Homepage: | http://www.fbi.gov/nipc/trinoo.htm | | Changes: | Detects tfn2k client, tfn2k daemon, trinoo daemon, trinoo master, tfn daemon, tfn client, stacheldraht master, stacheldraht client, stachelddraht demon and tfn-rush client. This new version (find_ddosV3) is now available for Solaris on Sparc or Intel platforms and will no longer improperly identify itself or any previous version as a DDOS program. | | File Size: | 49436 | | Last Modified: | Jan 13 20:25:21 2000 |
| MD5 Checksum: | 0ca230338f56b5d8ee6b538be77abddc |
|
| /// File Name: |
dscan-0.4.tar.gz |
Description:
|
A simple distributed port scanner that uses many computers to conduct a port scan which should make it harder to trace the source. This release of dscan has many improvements of the last release, for a full list see the HISTORY file in the archive. Dscan started off as proof of concept code and has now turned into a project for testing new techniques such as linked lists. This release does not come with UDP port scanning support but a patch file should be available in a few days time to add UDP support.
| | Author: | Andrew Kay | | File Size: | 11145 | | Last Modified: | Jan 7 22:43:44 2000 |
| MD5 Checksum: | 3c2bb813c280c1a902e2f385e8c0a543 |
|
| /// File Name: |
sickenscan.tar |
Description:
|
"gag" is a program to remotely scan for "stacheldraht" agents, which are part of an active "stacheldraht" network. It will not detect trinoo, the original Tribe Flood Network (TFN), or TFN2K agents. Tested on linux/solaris/AIX/BSD.
| | Author: | David Dittrich and Marcus Ranum | | File Size: | 20480 | | Last Modified: | Jan 6 20:23:16 2000 |
| MD5 Checksum: | 735e6aeaeb3262d11a092a649b0b7813 |
|
| /// File Name: |
find_ddosV2.tar.Z |
Description:
|
Find_ddos Version 2 - In response to a number of recent distributed denial-of-service (DDOS) attacks that have been reported, the NPIC has developed a tool to assist in combating this threat. The tool (called "find_ddos") is intended to scan a local system that is either known or suspected to contain a DDOS program. It is capable of scanning executing processes on Solaris 2.6 or later, and of scanning local files on a Solaris 2.x (or later) system. The tool will detect several known denial-of-service attack tools, including the trinoo daemon, trinoo master, enhanced tfn daemon, tfn daemon, tfn client, tfn2k daemon, tfn2k client, and the tfn-rush client.
| | Homepage: | http://www.fbi.gov/nipc/trinoo.htm | | Changes: | Detects TFN2k. | | File Size: | 43644 | | Last Modified: | Jan 4 09:48:52 2000 |
| MD5 Checksum: | f6ec5a4d095195575468dda4adb088ed |
|
| /// File Name: |
TFN_toolkit.htm |
Description:
|
Analysis of TFN-Style Toolkit v 1.1 - One of our systems was compromised and prompt action by the local sysadmin prevented the hackers from running their cleanup scripts. Consequently, we were able to get the toolkit that they were using against us. This toolkit contains components that are similar to what is in the TFN toolkit.
| | Author: | Randy Marchany | | Homepage: | http://www.sans.org | | File Size: | 31282 | | Last Modified: | Jan 4 09:33:02 2000 |
| MD5 Checksum: | 041e3e37ef839cbb8854b8a129075874 |
|
| /// File Name: |
stacheldraht.analysis |
Description:
|
The following is an analysis of "stacheldraht", a distributed denial of service attack tool, based on source code from the "Tribe Flood Network" distributed denial of service attack tool. Stacheldraht (German for "barbed wire") combines features of the "trinoo" distributed denial of service tool, with those of the original TFN, and adds encryption of communication between the attacker and stacheldraht masters and automated update of the agents.
| | Author: | David Dittrich | | Homepage: | http://staff.washington.edu/dittrich | | File Size: | 43953 | | Last Modified: | Jan 4 09:25:38 2000 |
| MD5 Checksum: | 40a973414685d1eee7d607575441ca3a |
|
| /// File Name: |
tfn2k.tgz |
Description:
|
Tribe Flood Network 2000. Using distributed client/server functionality, stealth and encryption techniques and a variety of functions, TFN can be used to control any number of remote machines to generate on-demand, anonymous Denial Of Service attacks and remote shell access. The new and improved features in this version include Remote one-way command execution for distributed execution control, Mix attack aimed at weak routers, Targa3 attack aimed at systems with IP stack vulnerabilities, Compatibility to many UNIX systems and Windows NT, spoofed source addresses, strong CAST encryption of all client/server traffic, one-way communication protocol, messaging via random IP protocol, decoy packets, and extensive documentation. Currently no IDS software will recognise tfn2k.
| | Author: | Mixter | | Homepage: | http://1337.tsx.org | | File Size: | 27134 | | Last Modified: | Dec 20 22:04:14 1999 |
| MD5 Checksum: | fc1cb14f2e24cdc2b64f93dde22f8420 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
