Re: New Tool for DDoS Defense

[dbrumley () RTFM STANFORD EDU (David Brumley)]

Or you could just add a line to rid (http://theorygroup.com/Software/RID)
to send the right packet info and not worry about the response.

When I wrote the tool, I wanted to make it general enough to do such
things, and hopefully it's succeeded.  Also, you can up the number of
times it sends the packet to be assured that the clients received the
message (since we're dealing w/ protocols where delivery is not
gaurenteed.)

cheers,
-david

On Tue, 15 Feb 2000, Simple Nomad wrote:

> I've written a tool for remotely telling ddos zombies to stop flooding.
> Most detectors out there will not detect during a flood (due to the
> traffic involved), so I thought trying to turn the flood off might be kind
> of nice. Like the detectors, it assumes default settings on the ddos
> daemons. Works against Trinoo, TFN, and Stacheldraht.
>
> Go to http://razor.bindview.com/ and follow the links to Zombie Zapper,
> unix and NT versions available with source code.
>
> -         Simple Nomad          -  No rest for the Wicca'd  -
> -      thegnome () nmrc org        -        www.nmrc.org       -
> -  thegnome () razor bindview com  -     razor.bindview.com    -

--
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
David Brumley - Stanford Computer Security - dbrumley () Stanford EDU
Phone: +1-650-723-2445    WWW: http://www.stanford.edu/~dbrumley
Fax:   +1-650-725-9121    PGP: finger dbrumley-pgp () sunset Stanford EDU
#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#+--+#
c:\winnt> secure_nt.exe
  Securing NT.  Insert Linux boot disk to continue......
            "I have opinions, my employer does not."