Section: .. / distributed /
|
Denial of Service tools are for use when testing your own machines only. Use of these tools on a test network is the only way to build a stable network enabled product that will not crash under the load of a distributed packet flood.
|
| /// File Name: |
knight.c |
Description:
|
Knight.c Knight is a distributed denial of service client that is very light weight and is very powerful. It goes on IRC and joins a channel, then accepts commands via IRC (to prevent from getting caught). It has features like, an automatic updater via http or ftp, a checksum generater, a syn flooder, a tcp flooder, a udp flooder, slice2, spoofing to subnets, and more. This program has been used to create DDoS nets of over 1000 clients.
| | Author: | Bysin. | | File Size: | 34822 | | Last Modified: | Jul 12 07:36:50 2001 |
| MD5 Checksum: | 30aded215fadd9c85bfcb92da55f8fd4 |
|
| /// File Name: |
tfn.analysis.txt |
Description:
|
The following is an analysis of the "Tribe Flood Network", or "TFN", by Mixter. TFN is ai powerful distributed attack tool and backdoor currently being developed and tested on a large number of compromised Unix systems on the Internet. TFN source available here.
| | Author: | David Dittrich | | File Size: | 31815 | | Last Modified: | Aug 17 02:07:14 1999 |
| MD5 Checksum: | 5e83210b7399408c0735c3ea14cdfe35 |
|
| /// File Name: |
TFN_toolkit.htm |
Description:
|
Analysis of TFN-Style Toolkit v 1.1 - One of our systems was compromised and prompt action by the local sysadmin prevented the hackers from running their cleanup scripts. Consequently, we were able to get the toolkit that they were using against us. This toolkit contains components that are similar to what is in the TFN toolkit.
| | Author: | Randy Marchany | | Homepage: | http://www.sans.org | | File Size: | 31282 | | Last Modified: | Jan 4 09:33:02 2000 |
| MD5 Checksum: | 041e3e37ef839cbb8854b8a129075874 |
|
| /// File Name: |
distributed_metastasis.doc |
Description:
|
A new model of computer penetration: distributed metastasis, increases the possible depth of penetration for an attacker, while minimizing the possibility of detection. Distributed Metastasis is a non-trivial methodology for computer penetration, based on an agent based approach, which points to a requirement for more sophisticated attack detection methods and software to detect highly skilled attackers.
| | Author: | Andrew J. Stewart | | File Size: | 30889 | | Last Modified: | Aug 17 02:07:14 1999 |
| MD5 Checksum: | f60d02052189d8734d7fffdbc76eb779 |
|
| /// File Name: |
plague-beta1.tar.gz |
Description:
|
Plague creates an environment that is capable of effectively coordinating a number of compromised hosts in a distributed attack. The nature of this attack ranges from denial of service to a sophisticated scan of the Internet for potential targets for future compromise.
| | Author: | Blazinweed | | File Size: | 27933 | | Last Modified: | Jul 24 20:42:11 2000 |
| MD5 Checksum: | aad7a846b6020714a688798eecbc95b1 |
|
| /// File Name: |
btodd-whitepaper.txt |
Description:
|
Distributed Denial of Service Attacks have recently emerged as one of the most newsworthy, if not the greatest, weaknesses of the Internet. This paper attempts to explain how they work, why they are hard to combat today, and what will need to happen if they are to be brought under control. Plain text format, PS and HTML available at the homepage, here.
| | Author: | Bennett Todd | | File Size: | 27752 | | Last Modified: | Feb 22 20:57:16 2000 |
| MD5 Checksum: | aa3bb0212d4996647acb70f05d80b4a2 |
|
| /// File Name: |
Turner.mstream |
Description:
|
In response to the surfacing of the mstream attack tool and the published analysis of its inner workings, a set of SNP-L scripts and attack signatures has been developed which allow one to detect and decode "mstream" network activity.
| | Author: | Elliot Turner | | File Size: | 27299 | | Last Modified: | May 2 22:43:24 2000 |
| MD5 Checksum: | 9fe3b07b46660086a0866f329d0fa694 |
|
| /// File Name: |
tfn2k.tgz |
Description:
|
Tribe Flood Network 2000. Using distributed client/server functionality, stealth and encryption techniques and a variety of functions, TFN can be used to control any number of remote machines to generate on-demand, anonymous Denial Of Service attacks and remote shell access. The new and improved features in this version include Remote one-way command execution for distributed execution control, Mix attack aimed at weak routers, Targa3 attack aimed at systems with IP stack vulnerabilities, Compatibility to many UNIX systems and Windows NT, spoofed source addresses, strong CAST encryption of all client/server traffic, one-way communication protocol, messaging via random IP protocol, decoy packets, and extensive documentation. Currently no IDS software will recognise tfn2k.
| | Author: | Mixter | | Homepage: | http://1337.tsx.org | | File Size: | 27134 | | Last Modified: | Dec 20 22:04:14 1999 |
| MD5 Checksum: | fc1cb14f2e24cdc2b64f93dde22f8420 |
|
| /// File Name: |
mstream.txt |
Description:
|
mstream, a DDoS tool. It's been alleged that this source code, once compiled, was used by persons unknown in the distributed denial of service (DDoS) attacks earlier this year. Obviously such a thing cannot be confirmed aside from through a process of targeted sites making an appropriate comparison between the traffic this software would generate and the traffic they actually received. Submitted Anonymously.
| | File Size: | 26473 | | Last Modified: | May 1 21:52:04 2000 |
| MD5 Checksum: | 08ec36853347b7b88b5ac0f7f3f15685 |
|
| /// File Name: |
saltine-cracker-1.05.00.tar.gz |
Description:
|
Saltine Cracker v1.05 is a TCP/IP Distributed Network Password Auditing Tool for NTHASH (MD4) and POSIX LibDES Crypt(3) passwords. With the incorporated cross-compatiblity, you can audit Win9X/NT client passwords attached to POSIX servers and vice-versa.
| | Author: | Ambient Empire. | | File Size: | 24051 | | Last Modified: | Aug 17 02:07:14 1999 |
| MD5 Checksum: | dd7b4dc6f6572dac714e538eda547ab2 |
|
| /// File Name: |
rid-1_0.tgz |
Description:
|
RID is a configurable remote DDOS tool detector which can remotely detect Stacheldraht, TFN, Trinoo and TFN2k if the attacker did not change the default ports.
| | Author: | David Brumley | | File Size: | 22964 | | Last Modified: | Feb 9 23:42:58 2000 |
| MD5 Checksum: | e954c79898465597d0da783738460554 |
|
| /// File Name: |
DOSnet.c |
Description:
|
DOSnet.c is a ddos script which runs from root and connects to an IRC network to take commands via ctcp.
| | Author: | Thomas O'Connor | | Homepage: | http://www.thomasoconnor.org | | File Size: | 22904 | | Last Modified: | Sep 5 07:25:18 2002 |
| MD5 Checksum: | ccb171ef33fc0b55ab93d94d2c24b1bb |
|
| /// File Name: |
siden-0.1.0.tar.gz |
Description:
|
SIDEN is a distributed network discovery tool which allows you to simulate coordinated/distributed network probes by a group of attackers against one or many target machines. It uses a client/agent architecture where the agents are installed on multiple hosts. Works well on OpenBSD and FreeBSD.
| | Author: | Lawrence Teo | | Homepage: | http://siden.sourceforge.net | | File Size: | 21157 | | Last Modified: | Oct 1 03:16:41 2000 |
| MD5 Checksum: | b5f5da44d96230d8bf03326be0662dca |
|
| /// File Name: |
sickenscan.tar |
Description:
|
"gag" is a program to remotely scan for "stacheldraht" agents, which are part of an active "stacheldraht" network. It will not detect trinoo, the original Tribe Flood Network (TFN), or TFN2K agents. Tested on linux/solaris/AIX/BSD.
| | Author: | David Dittrich and Marcus Ranum | | File Size: | 20480 | | Last Modified: | Jan 6 20:23:16 2000 |
| MD5 Checksum: | 735e6aeaeb3262d11a092a649b0b7813 |
|
| /// File Name: |
stick.htm |
Description:
|
The Stick DDOS tool is a resource starvation attack against IDS systems. Many IDS systems are affected.
| | Homepage: | http://www.eurocompton.net/stick/ | | File Size: | 20049 | | Last Modified: | Mar 16 23:47:53 2001 |
| MD5 Checksum: | 2c5d68195d4c598cc87cc2fad2b59d88 |
|
| /// File Name: |
shaftnode.txt |
Description:
|
Analysis of a Shaft Node and Master - This analysis is in addition to Sven Dietrich's analysis of the Shaft DDoS tool. The analysis we provide here is a description of the rootkit used and the methods of distribution of the tool.
| | Author: | Richard Wash | | Homepage: | http://biocserver.cwru.edu/~jose/ | | File Size: | 19752 | | Last Modified: | Mar 30 09:27:13 2000 |
| MD5 Checksum: | 9151ef63ab39cef209bf82545d608b9c |
|
| /// File Name: |
omegav3.tgz |
Description:
|
Omega v3 Beta is another new DDoS program.
| | Author: | xt | | File Size: | 19697 | | Last Modified: | Aug 31 02:22:31 2000 |
| MD5 Checksum: | 8f2b572c9d780eed4a92ad0bcebd2dfd |
|
| /// File Name: |
skd36.zip |
Description:
|
Skydance v3.6 is a distributed denial of service tool for Windows. Uses the IP_HDRINCL option. Tested on Win98 and Win2k. Uses ICMP for communication.
| | Author: | Edrin | | File Size: | 19638 | | Last Modified: | Jul 19 03:26:02 2001 |
| MD5 Checksum: | 8fe6af0053bfac72292fd1f41687414f |
|
| /// File Name: |
pud.tgz |
Description:
|
Pud is a peer-to-peer ddos client/server which does not rely on hubs or leafs to function properly. It can connect as many nodes together as you like, and if one node dies, the rest will always stay up).
| | Author: | Contem[at]efnet. | | File Size: | 18206 | | Last Modified: | Sep 12 15:34:11 2002 |
| MD5 Checksum: | 4d79894c14735a1408d6ad18c1aa66b6 |
|
| /// File Name: |
DDSA_Defense.htm |
Description:
|
Distributed Denial of Service Defense Tactics - This paper details some practical strategies that can be used by system administrators to help protect themselves from distributed denial of service attacks as well as protect themselves from becoming unwitting attack nodes against other companies.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 16369 | | Last Modified: | Feb 16 23:57:36 2000 |
| MD5 Checksum: | e1f0aceb853031be5bb2d08b3d12c772 |
|
| /// File Name: |
skd303ddos.zip |
Description:
|
Unavailable.
| | File Size: | 14814 | | Last Modified: | Mar 5 01:01:49 2001 |
| MD5 Checksum: | c126be197418e69355b00c0492002b5c |
|
| /// File Name: |
TFN2k_Analysis.htm |
Description:
|
This document is a technical analysis of the Tribe Flood Network 2000 (TFN2K) distributed denial-of-service (DDoS) attack tool, the successor to the original TFN Trojan by Mixter.
| | Author: | Jason Barlow and Woody Thrower of the Axent Security Team | | Homepage: | http://www2.axent.com/ | | File Size: | 14506 | | Last Modified: | Feb 12 00:07:50 2000 |
| MD5 Checksum: | 0c37df4a37a47a7796b46d5b840a3628 |
|
| /// File Name: |
trinoo.tgz |
Description:
|
Trinoo daemon source - Implements a distributed denial of service attack. Controlled via UDP.
| | File Size: | 13941 | | Last Modified: | Dec 9 21:21:13 1999 |
| MD5 Checksum: | a7d1bda7617f17b021617ae3c782fc6e |
|
| /// File Name: |
tfn3k.txt |
Description:
|
TFN3k is a paper about the future of DDOS tools, how they can be used, and the dangerous features that can and probably will be implemented in the future. Also has information on establishing Network Intrusion Detection (NIDS) Rules for DDOS attacks.
| | Author: | Mixter | | File Size: | 13850 | | Last Modified: | Feb 15 00:35:13 2000 |
| MD5 Checksum: | f1466777d721d4f9217b4a1627315faa |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
