The DDoS Tools
- Trinoo
- UDP packet flood attack
- No source address forgery
- Some bugs, but full control features
- TFN
- Some bugs, limited control features
- UDP packet flood attack ("trinoo emulation")
- TCP SYN flood attack
- ICMP Echo flood attack
- Smurf attack
- Either randomizes all 32 bits of IP source address, or just
the last 8 bits
- TFN2K
- Same attacks as TFN, but can randomly do them all at once
- Encryption added to improve security of the DDoS network
- Control traffic uses UDP/TCP/ICMP
- Same source address forgery features as TFN
- Stacheldraht/StacheldrahtV4
- Some bugs, full control features
- Same basic attacks as TFN
- Same source address forgery features as TFN/TFN2K
- Stacheldraht v2.666 (not publically discussed yet)
- Fewer bugs than original
- Same basic attacks as Stacheldraht
- Adds TCP ACK flood attack
- Adds TCP NUL (no flags) flood attack
- Adds Smurf attack with 16,702 amplifiers (already
inet_aton()ed for speed!)
- Same source address forgery features as stacheldraht/TFN/TFN2K
- shaft
- Some bugs, but full control features
- Adds statistics
- UDP flood attack
- TCP SYN flood attack
- ICMP flood attack
- Randomize all three attacks
- mstream
- Many bugs, with very limited control features
- TCP ACK flood (very efficient)
- Randomizes all 32 bits of IP address
Tools and
Analyses
[Next]
|
[Prev]
|
[Top]
Dave Dittrich <dittrich@cac.washington.edu>
Last modified: Sat Jul 22 02:44:34 PDT 2000