DDoS attacks

• TFN - Tribe Flood Network: install server in slaves and with client send attack command.
  • attacks available: ICMP, Smurf, UDP & SYN floods, see more here.
  • Countermeasures
    • detection: DDOSPing, Zombie Zapper and find_ddos.
    • Prevention: apply patches, firewall blocks to prevent hackers to gain admin privileges, and block ICMP inbound traffic (not all that practical, but necessary under attack).
  • Trinoo and WinTrinoo: install server in slaves and masters, and with client send instruction to the master which tells the slaves to attack. The hierarchy is needed because of the large scale of the attacks, see more here.
    • Countermeasures: same as TFN, including the above detection software.
    • WinTrinoo: the trojan is the file service .exe (not services) and anti-virus software can find it.
  • Stacheldraht (barbed wire): combines the features of TFN with Trinoo and encrypt telnet connections between master and slave, preventing IDSs to respond.
    • attacks available: ICMP, Smurf, UDP & SYN floods, see more here.
    • Countermeasures: same as TFN, including the above detection software.

Previous slide

Next slide

Back to first slide

View graphic version