[13917] in bugtraq
Re: New Tool for DDoS Defense
daemon@ATHENA.MIT.EDU (David Brumley)
Fri Feb 18 02:13:30 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.05.10002170913490.11260-100000@rtfm.Stanford.EDU>
Date: Thu, 17 Feb 2000 09:15:13 -0800
Reply-To: David Brumley <dbrumley@RTFM.STANFORD.EDU>
From: David Brumley <dbrumley@RTFM.STANFORD.EDU>
X-To: Simple Nomad <thegnome@NMRC.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.10.10002151533070.802-100000@blackhole.nmrc.org>
Or you could just add a line to rid (http://theorygroup.com/Software/RID)
to send the right packet info and not worry about the response.
When I wrote the tool, I wanted to make it general enough to do such
things, and hopefully it's succeeded. Also, you can up the number of
times it sends the packet to be assured that the clients received the
message (since we're dealing w/ protocols where delivery is not
gaurenteed.)
cheers,
-david
On Tue, 15 Feb 2000, Simple Nomad wrote:
> I've written a tool for remotely telling ddos zombies to stop flooding.
> Most detectors out there will not detect during a flood (due to the
> traffic involved), so I thought trying to turn the flood off might be kind
> of nice. Like the detectors, it assumes default settings on the ddos
> daemons. Works against Trinoo, TFN, and Stacheldraht.
>
> Go to http://razor.bindview.com/ and follow the links to Zombie Zapper,
> unix and NT versions available with source code.
>
> - Simple Nomad - No rest for the Wicca'd -
> - thegnome@nmrc.org - www.nmrc.org -
> - thegnome@razor.bindview.com - razor.bindview.com -
>
--
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley - Stanford Computer Security - dbrumley@Stanford.EDU
Phone: +1-650-723-2445 WWW: http://www.stanford.edu/~dbrumley
Fax: +1-650-725-9121 PGP: finger dbrumley-pgp@sunset.Stanford.EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
c:\winnt> secure_nt.exe
Securing NT. Insert Linux boot disk to continue......
"I have opinions, my employer does not."
