삽질로그
DDoS 공격관련 문서와 툴
chaeya
2008. 1. 11. 10:42
반응형
http://staff.washington.edu/dittrich/misc/ddos/
Analyses and talks on attack tools
- The DoS Project's "trinoo" distributed denial of service attack tool, by David Dittrich
- RAZOR analysis of WinTrinoo
- Report of Windows version of trinoo DDOS tool by Gary Flynn, James Madison University
- The "Tribe Flood Network" distributed denial of service attack tool, by David Dittrich
- The "stacheldraht" distributed denial of service attack tool, by David Dittrich
- TFN2K - An Analysis, by Jason Barlow and Woody Thrower, Axent Security Team
- "Trinity" Distributed Denil of Service Attack Tool, by Michael Marchesseau, September 11, 2000
- Notes of talk given at CERT Distributed-Systems Intruder Tools Workshop, November 2, 1999
- An analysis of the "Shaft" distributed denial of service tool, by Sven Dietrich, Neil Long, and David Dittrich
[BUGTRAQ followup post by Richard Wash] (PDF Version from Information Security Bulletin magazine) - Analysis of a Shaft Node and Master, by Rick Wash and Jose Nazario, March 26, 2000
- "Analyzing Ditributed Denial of Service Attack Tools: The Shaft Case" (PDF), by Sven Dietrich, Neil Long, and David Dittrich, Presented at LISA 2000 (GZIP PostScript)
- Steve Bellovin's NANOG presentation on DDOS Attacks, February 7, 2000
- Presentation at DDoS BoF, NANOG Meeting, February 7, 2000
- The "mstream" distributed denial of service attack tool, by David Dittrich, George Weaver, Sven Dietrich, and Neil Long
- Invited Talk, "DDoS: Is There Really a Threat?," USENIX Security Symposium, August 16, 2000
- Analysis of the "Power" bot, by David Dittrich
- GT Bot (Global Threat), by Lockdown Corp.
- kaiten.c (no analysis, just code)
- knight.c (no analysis, just code)
- X-DCC (IRC "warez" bots often combined with DDoS)
- CanSecWest talk on disassembling malware networks by Dave Dittrich, May 2002 (see xdcc-analysis.txt for analysis)
- XDCC - An .EDU Admin's Nightmare, by TonikGin, Sept. 11 2002
- ocxdll.exe / mIRC Trojan Analysis, by Kyle Lai, September 5, 2002
- Honeynet Project Reverse Challenge binary ([not?] surprisingly, this is a DDoS agent)
- Robert Graham's analysis of the Blaster worm
- sdbot command reference
- rxbot command reference
- Inside the Slammer Worm, by David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford, and Nicholas Weaver, IEEE Security & Privacy (Vol 1 No 4)
- Phatbot Trojan Analysis, by LURHQ
Defensive Tools
- RID, by David Brumley
- National Infrastructure Protection Center; Trinoo/Tribal Flood Net/Stacheldraht/tfn2k detection tool
- BindView's Zombie Zapper
- Index of Distributed Tools at Packet Storm
- dds -- a trinoo/TFN/stacheldraht agent scanner (C source code) by Dave Dittrich, Marcus Ranum, George Weaver, David Brumley, and others. [In BETA testing.] (Use RID instead.)
- gag -- a stacheldraht agent scanner (C source code) by Dave Dittrich, Marcus Ranum, and others. (Use RID instead.)
- Ramenfind (Identification and cleanup tool for the Ramen worm, which was modified to install DDoS agents in February 2001.)
- IP Source Tracking on Cisco 12000 Series Internet Routers (PDF version), Cisco Systems
반응형