Section: .. / distributed /
|
Denial of Service tools are for use when testing your own machines only. Use of these tools on a test network is the only way to build a stable network enabled product that will not crash under the load of a distributed packet flood.
|
| /// File Name: |
ramen-clean.zip |
Description:
|
Ramen-Clean is a perl script which checks to see if your system is infected with the Ramen Linux Worm, and cleans it.
| | Author: | PhantasmP | | Homepage: | http://hwa-security.net | | File Size: | 2113 | | Last Modified: | Jan 24 22:58:06 2001 |
| MD5 Checksum: | 8135ad0d8a6731b216f3a5a69bca3040 |
|
| /// File Name: |
flitz-0.1.tgz |
Description:
|
Flitz is a DDOS tool which features spoofed ip/tcp/udp flood, flooding in parallel, distributed smurf attack and status report of the slave. With one stop command, you can stop all the slaves at once.
| | Author: | Xphere | | Homepage: | http://home.wanadoo.nl/gin | | File Size: | 12659 | | Last Modified: | Jan 9 00:42:01 2001 |
| MD5 Checksum: | 4fc98181098322eecfb91ab4b2860d61 |
|
| /// File Name: |
ddosping.zip |
Description:
|
DDoSPing v2.0 is a Win 9x/NT GUI scanner for the DDoS agents Wintrinoo, Trinoo, Stacheldraht and TFN.
| | Author: | Robin Keir | | Homepage: | http://www.foundstone.com | | File Size: | 9655 | | Last Modified: | Dec 13 07:28:23 2000 |
| MD5 Checksum: | 92dbe2bfc9673ec480aea091b042093b |
|
| /// File Name: |
dps-001.tgz |
Description:
|
Distributed Port Scanner - The idea is that by having multiple systems from different classes of networks scan a host, detection of a portscan is more difficult by the target system. The user runs a central server which tells each client which port to scan next. Clients send the results to the server and are issued a new port to check.
| | Homepage: | http://www.geocities.com/bechberger | | File Size: | 71680 | | Last Modified: | Dec 12 04:18:18 2000 |
| MD5 Checksum: | 75ecc374eba684aa3ceecf33e449cf11 |
|
| /// File Name: |
4to6.tar.gz |
Description:
|
4to6ddos is a distributed denial of service against ipv6 that works without installing ipv6 support. It shoots ipv6 encapsulated in ipv4 packets directly to the ipv4-to-ipv6 tunnels.
| | Author: | Cyrax | | Homepage: | http://www.pkcrew.org | | File Size: | 4089 | | Last Modified: | Dec 3 03:13:57 2000 |
| MD5 Checksum: | 347b6d04412d64d23635013879bdae36 |
|
| /// File Name: |
siden-0.1.0.tar.gz |
Description:
|
SIDEN is a distributed network discovery tool which allows you to simulate coordinated/distributed network probes by a group of attackers against one or many target machines. It uses a client/agent architecture where the agents are installed on multiple hosts. Works well on OpenBSD and FreeBSD.
| | Author: | Lawrence Teo | | Homepage: | http://siden.sourceforge.net | | File Size: | 21157 | | Last Modified: | Oct 1 03:16:41 2000 |
| MD5 Checksum: | b5f5da44d96230d8bf03326be0662dca |
|
| /// File Name: |
tk.tgz |
Description:
|
Torn Kit is a linux rootkit which has been optimized for linux/x86 mass installation. It is the first rootkit which uses precompiled binaries yet still allows a user defined password. This code is being widely used to automatically compromise hosts which have the wu.ftpd and rpc.statd vulnerabilities, and was mentioned in CERT's recent Incident Note IN-2000-10 advisory.
| | Author: | Johnny7 | | File Size: | 343567 | | Last Modified: | Sep 19 01:44:39 2000 |
| MD5 Checksum: | 2332de2af78eca68542fa30fb2d37283 |
|
| /// File Name: |
omegav3.tgz |
Description:
|
Omega v3 Beta is another new DDoS program.
| | Author: | xt | | File Size: | 19697 | | Last Modified: | Aug 31 02:22:31 2000 |
| MD5 Checksum: | 8f2b572c9d780eed4a92ad0bcebd2dfd |
|
| /// File Name: |
rivat.tgz |
Description:
|
Rivat is a distributed CGI scanner written in perl which scans for over 405 vulnerabilities.
| | Author: | Xtremist | | Homepage: | http://www.r00tabega.com | | File Size: | 5730 | | Last Modified: | Jul 31 23:22:46 2000 |
| MD5 Checksum: | 3e13dff1d33f06227f8e2e98d96d6a46 |
|
| /// File Name: |
plague-beta1.tar.gz |
Description:
|
Plague creates an environment that is capable of effectively coordinating a number of compromised hosts in a distributed attack. The nature of this attack ranges from denial of service to a sophisticated scan of the Internet for potential targets for future compromise.
| | Author: | Blazinweed | | File Size: | 27933 | | Last Modified: | Jul 24 20:42:11 2000 |
| MD5 Checksum: | aad7a846b6020714a688798eecbc95b1 |
|
| /// File Name: |
UDPer.asm |
Description:
|
UDPer is a logic bomb written in ASM for Windows which floods a victim with packets at a certain date.
| | Author: | Frost_Byte | | File Size: | 6155 | | Last Modified: | Jul 24 19:11:22 2000 |
| MD5 Checksum: | 09825a75cecb5dea72f26eddaa024528 |
|
| /// File Name: |
Freak88.zip |
Description:
|
Freak88's Distributed Attack Suite is a windows trojan similar to wintrin00. It can connect up to 3 infected machines and start 65000 byte ICMP floods. Auto starts from the registry and copies itself to c:\windows\system.
| | Author: | Freak88[at]dalnet | | Homepage: | http://www.freak88.net | | File Size: | 12434 | | Last Modified: | May 14 23:30:14 2000 |
| MD5 Checksum: | 7dbf5b3a7be12d4ee861d5b33bfe1f2d |
|
| /// File Name: |
mstream.analysis.txt |
Description:
|
Analysis of the "mstream" distributed denial of service attack tool, based on the source code of "stream2.c", a classic point-to-point DoS attack tool. mstream is more primitive than any of the other DDoS tools.
| | Author: | Dave Dittrich | | Homepage: | http://www.washington.edu/People/dad/ | | File Size: | 97850 | | Last Modified: | May 14 12:56:00 2000 |
| MD5 Checksum: | 82dd67ecacb8ff5731279209d4b70342 |
|
| /// File Name: |
Turner.mstream |
Description:
|
In response to the surfacing of the mstream attack tool and the published analysis of its inner workings, a set of SNP-L scripts and attack signatures has been developed which allow one to detect and decode "mstream" network activity.
| | Author: | Elliot Turner | | File Size: | 27299 | | Last Modified: | May 2 22:43:24 2000 |
| MD5 Checksum: | 9fe3b07b46660086a0866f329d0fa694 |
|
| /// File Name: |
Mstream_Analysis.txt |
Description:
|
Mstream, the newest of DDoS tools to be circulated, has been analyzed and has been found to be more primitive than any of the other DDoS tools available. Examination of reverse engineered and recovered C source code reveals the program to be in early development stages, with numerous bugs and an incomplete feature set compared with any of the other listed tools. The effectiveness of the stream/stream2 attack itself, however, means that it will still be disruptive to the victim (and agent) networks even with an attack network consisting of only a handfull of agents.
| | Author: | David Dittrich | | File Size: | 98002 | | Last Modified: | May 1 23:19:09 2000 |
| MD5 Checksum: | d99d36bb136ad1b329fab03870d478df |
|
| /// File Name: |
mstream.txt |
Description:
|
mstream, a DDoS tool. It's been alleged that this source code, once compiled, was used by persons unknown in the distributed denial of service (DDoS) attacks earlier this year. Obviously such a thing cannot be confirmed aside from through a process of targeted sites making an appropriate comparison between the traffic this software would generate and the traffic they actually received. Submitted Anonymously.
| | File Size: | 26473 | | Last Modified: | May 1 21:52:04 2000 |
| MD5 Checksum: | 08ec36853347b7b88b5ac0f7f3f15685 |
|
| /// File Name: |
mio-star.tgz |
Description:
|
The mio-star distributed multihosted unix password cracker v0.1 runs on all platforms where perl is installed. Comments and documentation is in German.
| | Author: | Drunken Monkey Style | | File Size: | 9961 | | Last Modified: | Apr 25 19:08:42 2000 |
| MD5 Checksum: | 38125314bcf691a20a4acf5974f43e02 |
|
| /// File Name: |
shaftnode.txt |
Description:
|
Analysis of a Shaft Node and Master - This analysis is in addition to Sven Dietrich's analysis of the Shaft DDoS tool. The analysis we provide here is a description of the rootkit used and the methods of distribution of the tool.
| | Author: | Richard Wash | | Homepage: | http://biocserver.cwru.edu/~jose/ | | File Size: | 19752 | | Last Modified: | Mar 30 09:27:13 2000 |
| MD5 Checksum: | 9151ef63ab39cef209bf82545d608b9c |
|
| /// File Name: |
shaft_analysis.txt |
Description:
|
An analysis of the "Shaft" distributed denial of service tool. Shaftnode was recovered initially in November, 1999. Distinctive features are the ability to switch handler servers and handler ports on the fly, making detection by intrusion detection tools difficult from that perspective, a "ticket" mechanism to link transactions, and the particular interest in packet statistics, showing the "yield" of the DDoS network as a whole.
| | Author: | Sven Dietrich, David Dittrich, and Neil Long | | Homepage: | http://sled.gsfc.nasa.gov/~spock/ | | File Size: | 45788 | | Last Modified: | Mar 25 00:20:50 2000 |
| MD5 Checksum: | e3af444432b23dbc909e55320c0991b2 |
|
| /// File Name: |
ddos-thought.txt |
Description:
|
Some thoughts on the solutions to Distributed Attack Technology - Distribited ownership tools [DOT] exist that scan numerous hosts for vunerabilities that allow agents to be installed automatically. Potential solutions include more host based security, fixing ipv4, legislation, and fighting fire with fire.
| | Author: | The Cat | | File Size: | 5999 | | Last Modified: | Mar 10 09:14:38 2000 |
| MD5 Checksum: | 366c7309dbce3df4ecb3b6cb219300a5 |
|
| /// File Name: |
TFN2k_Analysis-1.3.txt |
Description:
|
This document is a technical analysis of the Tribe Flood Network 2000 (TFN2K) distributed denial-of-service (DDoS) attack tool, the successor to the original TFN Trojan by Mixter. Additionally, countermeasures for this attack are also covered.
| | Author: | Jason Barlow | | Homepage: | http://www2.axent.com/swat/ | | Changes: | This revision includes several new discoveries, corrections, and clarifications. Many thanks to those who responded with feedback and comments to the original posting of this paper. | | File Size: | 12384 | | Last Modified: | Mar 9 21:03:42 2000 |
| MD5 Checksum: | b5d3d9e9a39745decbd6d2d701451e77 |
|
| /// File Name: |
razor.wintrinoo.txt |
Description:
|
Razor has acquired a copy of the Windows Trojan Trinoo, the following is technical information gained from disassembling the binary.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 1872 | | Last Modified: | Feb 29 13:15:33 2000 |
| MD5 Checksum: | 2c3b11b28d6e18377678758fca03a8cd |
|
| /// File Name: |
tfn2kpass.c |
Description:
|
Tfn2k password recovery tool - Tfn2k asks for a password during the build, which is used to prevent someone from recovering the password from the td or tfn binaries. Usefor for forensics, or to command a whole flood network to send you mail letting you know all the machines infected, or to command an attack to stop if you can recover a binary.
| | Author: | Simple Nomad | | Homepage: | http://razor.bindview.com | | File Size: | 7716 | | Last Modified: | Feb 25 04:13:08 2000 |
| MD5 Checksum: | 85a08d1006bc2666af3ae36a80775b53 |
|
| /// File Name: |
ddos-routing.txt |
Description:
|
Distributed Deniel Of Service attacks - A proposal based on routing. This paper describes a technique that -hopefully- can be used to defeat the recent DDOS attacks. The solution presented here is bases on routing. It requires a certain amount of extra network infrastructure.
| | Author: | Fernando P. Schapachnik | | File Size: | 5652 | | Last Modified: | Feb 24 22:51:32 2000 |
| MD5 Checksum: | 9734ca3162ae425dbf0a657ff855d34b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
