The possible attacks are similar to those of TFN namely, ICMP flood, SYN flood, UDP flood, and SMURF attacks.ĭavid Dittrich, The "stacheldraht" distributed denial of service attack tool, December 31, 1999 It also contains some advanced features, such as encrypted attacker-master communication and automated agent updates. Stacheldraht is a DDoS tool that started to appear in the late summer of 1999 and combines features of trinoo and TFN. Stacheldraht (German for "barbed wire").The absence of TCP and UDP traffic sometimes makes these packets difficult to detect because many protocol monitoring tools are not even configured to capture and display the ICMP traffic.ĭavid Dittrich, The "Tribe Flood Network" distributed denial of service attack tool, October 21, 1999
Communication from the TFN client to daemons is accomplished via ICMP ECHO REPLY packets. TFN is noticeably different than trinoo in that all communication between the client (attacker), handlers, and agents use ICMP ECHO and ECHO REPLY packets. TFN client and daemon programs implement a DDoS network capable of employing a number of attacks, such as ICMP flood, SYN flood, UDP flood, and SMURF style attacks. The attack method is UDP flood.ĭavid Dittrich, "The DoS Project's "trinoo" distributed Denial of Service attack tool, October 21, 1999, The following ports are used as default port numbers: 1524 tcp, 27665 tcp, 27444 udp, 31335 udp. Trin00 is a distributed SYN DoS attack, where communication between clients, handlers and agents via unencrypted UDP.
0 kommentar(er)
