Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: New Tool for DDoS Defense
From: dbrumley () RTFM STANFORD EDU (David Brumley)
Date: Thu, 17 Feb 2000 09:15:13 -0800


Or you could just add a line to rid (http://theorygroup.com/Software/RID)
to send the right packet info and not worry about the response.

When I wrote the tool, I wanted to make it general enough to do such
things, and hopefully it's succeeded.  Also, you can up the number of
times it sends the packet to be assured that the clients received the
message (since we're dealing w/ protocols where delivery is not
gaurenteed.)

cheers,
-david

On Tue, 15 Feb 2000, Simple Nomad wrote:

I've written a tool for remotely telling ddos zombies to stop flooding.
Most detectors out there will not detect during a flood (due to the
traffic involved), so I thought trying to turn the flood off might be kind
of nice. Like the detectors, it assumes default settings on the ddos
daemons. Works against Trinoo, TFN, and Stacheldraht.

Go to http://razor.bindview.com/ and follow the links to Zombie Zapper,
unix and NT versions available with source code.

-         Simple Nomad          -  No rest for the Wicca'd  -
-      thegnome () nmrc org        -        www.nmrc.org       -
-  thegnome () razor bindview com  -     razor.bindview.com    -


--
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley - Stanford Computer Security - dbrumley () Stanford EDU
Phone: +1-650-723-2445    WWW: http://www.stanford.edu/~dbrumley
Fax:   +1-650-725-9121    PGP: finger dbrumley-pgp () sunset Stanford EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
c:\winnt> secure_nt.exe
  Securing NT.  Insert Linux boot disk to continue......
            "I have opinions, my employer does not."



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]