summaryrefslogtreecommitdiffstats
path: root/security/zombiezapper
diff options
context:
space:
mode:
authorkris <kris@FreeBSD.org>2000-02-20 10:29:12 +0000
committerkris <kris@FreeBSD.org>2000-02-20 10:29:12 +0000
commit830aa4d520efee254da07b4ae26ab014f33fcbe1 (patch)
tree023e56b16504420498d8e17c0d8ae3a4b7ff8d38 /security/zombiezapper
parent83123aa8411cb76cf9df4268b709b233006eafc1 (diff)
downloadFreeBSD-ports-830aa4d520efee254da07b4ae26ab014f33fcbe1.zip
FreeBSD-ports-830aa4d520efee254da07b4ae26ab014f33fcbe1.tar.gz
Zombiezapper sends commands to DDoS agents to stop flooding, leaving them
around for further forensics. As with most of the DDoS tools, this assumes the agents are using the default settings.
Diffstat (limited to 'security/zombiezapper')
-rw-r--r--security/zombiezapper/Makefile33
-rw-r--r--security/zombiezapper/distinfo1
-rw-r--r--security/zombiezapper/files/patch-aa56
-rw-r--r--security/zombiezapper/pkg-comment1
-rw-r--r--security/zombiezapper/pkg-descr12
-rw-r--r--security/zombiezapper/pkg-plist4
6 files changed, 107 insertions, 0 deletions
diff --git a/security/zombiezapper/Makefile b/security/zombiezapper/Makefile
new file mode 100644
index 0000000..5aa5e71
--- /dev/null
+++ b/security/zombiezapper/Makefile
@@ -0,0 +1,33 @@
+# Ports collection makefile for: zombiezapper
+# Version required: 1.0
+# Date created: 19 Feb 2000
+# Whom: Kris Kennaway <kris@FreeBSD.org>
+#
+# $FreeBSD$
+#
+
+DISTNAME= zombie
+PKGNAME= zombiezapper-1.0
+CATEGORIES= security
+MASTER_SITES= http://razor.bindview.com/tools/files/
+EXTRACT_SUFX= .tar
+
+MAINTAINER= kris@FreeBSD.org
+
+BUILD_DEPENDS= ${LOCALBASE}/bin/libnet-config:${PORTSDIR}/net/libnet/
+
+LIBNETCONF= ${LOCALBASE}/bin/libnet-config
+
+do-build:
+ cd ${WRKSRC} && \
+ ${CC} ${CFLAGS} -o zz zz.c `${LIBNETCONF} --cflags` `${LIBNETCONF} --defines` `${LIBNETCONF} --libs` -L${LOCALBASE}/lib -I${LOCALBASE}/include
+
+do-install:
+ ${INSTALL_PROGRAM} ${WRKSRC}/zz ${PREFIX}/bin/
+.if !defined(NOPORTDOCS)
+ ${MKDIR} ${PREFIX}/share/doc/zz/
+ ${INSTALL_DATA} ${WRKSRC}/USAGE ${PREFIX}/share/doc/zz/
+ ${INSTALL_DATA} ${WRKSRC}/tekpaper.txt ${PREFIX}/share/doc/zz/
+.endif
+
+.include <bsd.port.mk>
diff --git a/security/zombiezapper/distinfo b/security/zombiezapper/distinfo
new file mode 100644
index 0000000..f22d316
--- /dev/null
+++ b/security/zombiezapper/distinfo
@@ -0,0 +1 @@
+MD5 (zombie.tar) = cda205b3ccd0c6d014498a8d204e259d
diff --git a/security/zombiezapper/files/patch-aa b/security/zombiezapper/files/patch-aa
new file mode 100644
index 0000000..2e9da1c
--- /dev/null
+++ b/security/zombiezapper/files/patch-aa
@@ -0,0 +1,56 @@
+--- zz.c.orig Tue Feb 15 08:51:12 2000
++++ zz.c Sun Feb 20 01:59:12 2000
+@@ -94,7 +94,7 @@
+ union
+ {
+ struct in_addr addr;
+- ulong temp_ip;
++ u_long temp_ip;
+ } ip;
+
+ for (i = 0; i < 256; i++)
+@@ -159,27 +159,27 @@
+ case 1:
+ data_len = strlen(TRINOO_DATA);
+ for (p=0;p<data_len;p++) data[p] = TRINOO_DATA[p];
+- header = LIBNET_UDP_H;
++ header = UDP_H;
+ id = 41072;
+ proto = IPPROTO_UDP;
+ break;
+ case 2:
+ data_len = strlen(TFN_DATA);
+ for (p=0;p<data_len;p++) data[p] = TFN_DATA[p];
+- header = LIBNET_ICMP_ECHO_H;
++ header = ICMP_ECHO_H;
+ id = 567;
+ proto = IPPROTO_ICMP;
+ break;
+ case 3:
+ data_len = 0;
+- header = LIBNET_ICMP_ECHO_H;
++ header = ICMP_ECHO_H;
+ id = 3;
+ proto = IPPROTO_ICMP;
+ break;
+ }
+
+ /* compute packet size */
+- packet_size = LIBNET_IP_H + header + data_len;
++ packet_size = IP_H + header + data_len;
+
+ /* get mem for packet */
+ libnet_init_packet(packet_size, &packet);
+@@ -207,10 +207,10 @@
+ switch (proto)
+ {
+ case IPPROTO_ICMP:
+- libnet_build_icmp_echo(ICMP_ECHOREPLY,0,id,0,data,data_len,packet + LIBNET_IP_H);
++ libnet_build_icmp_echo(ICMP_ECHOREPLY,0,id,0,data,data_len,packet + IP_H);
+ break;
+ case IPPROTO_UDP:
+- libnet_build_udp(sport,27444,data,data_len,packet + LIBNET_IP_H);
++ libnet_build_udp(sport,27444,data,data_len,packet + IP_H);
+ break;
+ }
+
diff --git a/security/zombiezapper/pkg-comment b/security/zombiezapper/pkg-comment
new file mode 100644
index 0000000..bff3fdf
--- /dev/null
+++ b/security/zombiezapper/pkg-comment
@@ -0,0 +1 @@
+Send a terminate command to Trinoo/TFN/Stacheldracht DDoS agents.
diff --git a/security/zombiezapper/pkg-descr b/security/zombiezapper/pkg-descr
new file mode 100644
index 0000000..1ef81fb
--- /dev/null
+++ b/security/zombiezapper/pkg-descr
@@ -0,0 +1,12 @@
+Zombie Zapper works against Trinoo, TFN, and Stacheldraht. Assuming
+that the default passwords have not been changed, you can simply use
+the same commands that an attacker would use to stop the flood. On
+Trinoo, it does stop the daemon entirely (although it is typically
+set to be restarted by cron, silently awaiting more commands), but
+on TFN and Stacheldraht the flooding just stops. This gives you the
+advantage of telling the daemon to stop flooding without stopping
+the daemon, allowing you to take a little more time in tracking down
+where they are, and more importantly, how they got there in the first
+place.
+
+WWW: http://razor.bindview.com/tools/ZombieZapper_form.shtml
diff --git a/security/zombiezapper/pkg-plist b/security/zombiezapper/pkg-plist
new file mode 100644
index 0000000..0f32954
--- /dev/null
+++ b/security/zombiezapper/pkg-plist
@@ -0,0 +1,4 @@
+bin/zz
+share/doc/zz/USAGE
+share/doc/zz/tekpaper.txt
+@dirrm share/doc/zz
OpenPOWER on IntegriCloud