diff options
author | kris <kris@FreeBSD.org> | 2000-02-20 10:29:12 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-02-20 10:29:12 +0000 |
commit | 830aa4d520efee254da07b4ae26ab014f33fcbe1 (patch) | |
tree | 023e56b16504420498d8e17c0d8ae3a4b7ff8d38 /security/zombiezapper | |
parent | 83123aa8411cb76cf9df4268b709b233006eafc1 (diff) | |
download | FreeBSD-ports-830aa4d520efee254da07b4ae26ab014f33fcbe1.zip FreeBSD-ports-830aa4d520efee254da07b4ae26ab014f33fcbe1.tar.gz |
Zombiezapper sends commands to DDoS agents to stop flooding, leaving them
around for further forensics. As with most of the DDoS tools, this assumes
the agents are using the default settings.
Diffstat (limited to 'security/zombiezapper')
-rw-r--r-- | security/zombiezapper/Makefile | 33 | ||||
-rw-r--r-- | security/zombiezapper/distinfo | 1 | ||||
-rw-r--r-- | security/zombiezapper/files/patch-aa | 56 | ||||
-rw-r--r-- | security/zombiezapper/pkg-comment | 1 | ||||
-rw-r--r-- | security/zombiezapper/pkg-descr | 12 | ||||
-rw-r--r-- | security/zombiezapper/pkg-plist | 4 |
6 files changed, 107 insertions, 0 deletions
diff --git a/security/zombiezapper/Makefile b/security/zombiezapper/Makefile new file mode 100644 index 0000000..5aa5e71 --- /dev/null +++ b/security/zombiezapper/Makefile @@ -0,0 +1,33 @@ +# Ports collection makefile for: zombiezapper +# Version required: 1.0 +# Date created: 19 Feb 2000 +# Whom: Kris Kennaway <kris@FreeBSD.org> +# +# $FreeBSD$ +# + +DISTNAME= zombie +PKGNAME= zombiezapper-1.0 +CATEGORIES= security +MASTER_SITES= http://razor.bindview.com/tools/files/ +EXTRACT_SUFX= .tar + +MAINTAINER= kris@FreeBSD.org + +BUILD_DEPENDS= ${LOCALBASE}/bin/libnet-config:${PORTSDIR}/net/libnet/ + +LIBNETCONF= ${LOCALBASE}/bin/libnet-config + +do-build: + cd ${WRKSRC} && \ + ${CC} ${CFLAGS} -o zz zz.c `${LIBNETCONF} --cflags` `${LIBNETCONF} --defines` `${LIBNETCONF} --libs` -L${LOCALBASE}/lib -I${LOCALBASE}/include + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/zz ${PREFIX}/bin/ +.if !defined(NOPORTDOCS) + ${MKDIR} ${PREFIX}/share/doc/zz/ + ${INSTALL_DATA} ${WRKSRC}/USAGE ${PREFIX}/share/doc/zz/ + ${INSTALL_DATA} ${WRKSRC}/tekpaper.txt ${PREFIX}/share/doc/zz/ +.endif + +.include <bsd.port.mk> diff --git a/security/zombiezapper/distinfo b/security/zombiezapper/distinfo new file mode 100644 index 0000000..f22d316 --- /dev/null +++ b/security/zombiezapper/distinfo @@ -0,0 +1 @@ +MD5 (zombie.tar) = cda205b3ccd0c6d014498a8d204e259d diff --git a/security/zombiezapper/files/patch-aa b/security/zombiezapper/files/patch-aa new file mode 100644 index 0000000..2e9da1c --- /dev/null +++ b/security/zombiezapper/files/patch-aa @@ -0,0 +1,56 @@ +--- zz.c.orig Tue Feb 15 08:51:12 2000 ++++ zz.c Sun Feb 20 01:59:12 2000 +@@ -94,7 +94,7 @@ + union + { + struct in_addr addr; +- ulong temp_ip; ++ u_long temp_ip; + } ip; + + for (i = 0; i < 256; i++) +@@ -159,27 +159,27 @@ + case 1: + data_len = strlen(TRINOO_DATA); + for (p=0;p<data_len;p++) data[p] = TRINOO_DATA[p]; +- header = LIBNET_UDP_H; ++ header = UDP_H; + id = 41072; + proto = IPPROTO_UDP; + break; + case 2: + data_len = strlen(TFN_DATA); + for (p=0;p<data_len;p++) data[p] = TFN_DATA[p]; +- header = LIBNET_ICMP_ECHO_H; ++ header = ICMP_ECHO_H; + id = 567; + proto = IPPROTO_ICMP; + break; + case 3: + data_len = 0; +- header = LIBNET_ICMP_ECHO_H; ++ header = ICMP_ECHO_H; + id = 3; + proto = IPPROTO_ICMP; + break; + } + + /* compute packet size */ +- packet_size = LIBNET_IP_H + header + data_len; ++ packet_size = IP_H + header + data_len; + + /* get mem for packet */ + libnet_init_packet(packet_size, &packet); +@@ -207,10 +207,10 @@ + switch (proto) + { + case IPPROTO_ICMP: +- libnet_build_icmp_echo(ICMP_ECHOREPLY,0,id,0,data,data_len,packet + LIBNET_IP_H); ++ libnet_build_icmp_echo(ICMP_ECHOREPLY,0,id,0,data,data_len,packet + IP_H); + break; + case IPPROTO_UDP: +- libnet_build_udp(sport,27444,data,data_len,packet + LIBNET_IP_H); ++ libnet_build_udp(sport,27444,data,data_len,packet + IP_H); + break; + } + diff --git a/security/zombiezapper/pkg-comment b/security/zombiezapper/pkg-comment new file mode 100644 index 0000000..bff3fdf --- /dev/null +++ b/security/zombiezapper/pkg-comment @@ -0,0 +1 @@ +Send a terminate command to Trinoo/TFN/Stacheldracht DDoS agents. diff --git a/security/zombiezapper/pkg-descr b/security/zombiezapper/pkg-descr new file mode 100644 index 0000000..1ef81fb --- /dev/null +++ b/security/zombiezapper/pkg-descr @@ -0,0 +1,12 @@ +Zombie Zapper works against Trinoo, TFN, and Stacheldraht. Assuming +that the default passwords have not been changed, you can simply use +the same commands that an attacker would use to stop the flood. On +Trinoo, it does stop the daemon entirely (although it is typically +set to be restarted by cron, silently awaiting more commands), but +on TFN and Stacheldraht the flooding just stops. This gives you the +advantage of telling the daemon to stop flooding without stopping +the daemon, allowing you to take a little more time in tracking down +where they are, and more importantly, how they got there in the first +place. + +WWW: http://razor.bindview.com/tools/ZombieZapper_form.shtml diff --git a/security/zombiezapper/pkg-plist b/security/zombiezapper/pkg-plist new file mode 100644 index 0000000..0f32954 --- /dev/null +++ b/security/zombiezapper/pkg-plist @@ -0,0 +1,4 @@ +bin/zz +share/doc/zz/USAGE +share/doc/zz/tekpaper.txt +@dirrm share/doc/zz |