From 6f8a8ce08140241bd37a729396b7930f5f4ef083 Mon Sep 17 00:00:00 2001 From: obrien Date: Mon, 14 Feb 2000 01:58:38 +0000 Subject: "dds" is a program to scan for a limited set of distributed denial of service (ddos) agents. At present, it scans for active instances of "trinoo", "Tribe Flood Network" ("TFN") and "stacheldraht" agents, which were compiled using the default values in known source distributions. It will *not* detect TFN2K agents. --- security/ddos_scan/Makefile | 27 +++++++++++++++++++++++++++ security/ddos_scan/distinfo | 1 + security/ddos_scan/files/patch-Makefile | 15 +++++++++++++++ security/ddos_scan/pkg-comment | 1 + security/ddos_scan/pkg-descr | 21 +++++++++++++++++++++ security/ddos_scan/pkg-plist | 1 + 6 files changed, 66 insertions(+) create mode 100644 security/ddos_scan/Makefile create mode 100644 security/ddos_scan/distinfo create mode 100644 security/ddos_scan/files/patch-Makefile create mode 100644 security/ddos_scan/pkg-comment create mode 100644 security/ddos_scan/pkg-descr create mode 100644 security/ddos_scan/pkg-plist (limited to 'security/ddos_scan') diff --git a/security/ddos_scan/Makefile b/security/ddos_scan/Makefile new file mode 100644 index 0000000..5081e8e --- /dev/null +++ b/security/ddos_scan/Makefile @@ -0,0 +1,27 @@ +# ex:ts=8 +# Ports collection makefile for: ddos_scan +# Version required: 1.6 +# Date created: Sun Feb 12, 2000 +# Whom: David O'Brien (obrien@NUXI.com) +# +# $FreeBSD$ +# + +DISTNAME= ddos_scan +PKGNAME= ddos_scan-1.6 +CATEGORIES= security +MASTER_SITES= http://staff.washington.edu/dittrich/misc/ +EXTRACT_SUFX= .tar + +MAINTAINER= obrien@FreeBSD.org + +ALL_TARGET= dds + +do-install: + @${INSTALL_PROGRAM} ${WRKSRC}/dds ${PREFIX}/sbin +.if !defined(NOPORTDOCS) + @${MKDIR} ${PREFIX}/share/doc/ddos_scan + @${INSTALL_MAN} ${WRKSRC}/README ${PREFIX}/share/doc/ddos_scan +.endif + +.include diff --git a/security/ddos_scan/distinfo b/security/ddos_scan/distinfo new file mode 100644 index 0000000..180a527 --- /dev/null +++ b/security/ddos_scan/distinfo @@ -0,0 +1 @@ +MD5 (ddos_scan.tar) = eee80e78d59de7667967e20fe57441d0 diff --git a/security/ddos_scan/files/patch-Makefile b/security/ddos_scan/files/patch-Makefile new file mode 100644 index 0000000..6a00e8f --- /dev/null +++ b/security/ddos_scan/files/patch-Makefile @@ -0,0 +1,15 @@ +--- Makefile.orig Mon Jan 10 13:14:31 2000 ++++ Makefile Sun Feb 13 17:53:23 2000 +@@ -1,10 +1,10 @@ + # Makefile for ddos_scan (dds). + # $Revision: 1.1 $ + +-CFLAGS= ++#CFLAGS= + + # For Solaris 2.5.1 and above, uncomment the following line. +-LIBS=-lresolv -lsocket -lnsl ++#LIBS=-lresolv -lsocket -lnsl + + default: + @clear diff --git a/security/ddos_scan/pkg-comment b/security/ddos_scan/pkg-comment new file mode 100644 index 0000000..ed0ac1e --- /dev/null +++ b/security/ddos_scan/pkg-comment @@ -0,0 +1 @@ +Scans for a limited set of distributed denial of service agents diff --git a/security/ddos_scan/pkg-descr b/security/ddos_scan/pkg-descr new file mode 100644 index 0000000..bb93a0a --- /dev/null +++ b/security/ddos_scan/pkg-descr @@ -0,0 +1,21 @@ +"dds" is a program to scan for a limited set of distributed denial of +service (ddos) agents. + +At present, it scans for active instances of "trinoo", "Tribe Flood +Network" ("TFN") and "stacheldraht" agents, which were compiled +using the default values in known source distributions, such as those +found at: + + http://packetstorm.securify.com/distributed/ + +It will *not* detect TFN2K agents. + +For analyses of the three distributed denial of service attack +tools it scans for, and the methods being used by dds to identify +them, see: + + http://staff.washington.edu/dittrich/misc/trinoo.analysis + http://staff.washington.edu/dittrich/misc/tfn.analysis + http://staff.washington.edu/dittrich/misc/stacheldraht.analysis + +WWW: http://www.washington.edu/People/dad/ diff --git a/security/ddos_scan/pkg-plist b/security/ddos_scan/pkg-plist new file mode 100644 index 0000000..4b63d4f --- /dev/null +++ b/security/ddos_scan/pkg-plist @@ -0,0 +1 @@ +sbin/dds -- cgit v1.1