New and old DDOS Tools
For sure this list is not intended to newbies that want to start a DDOS attack. This list is to inform the readers of what tools new and old the hackers use for their denial-of-service attacks. It’s interesting to see how this tools have evolved and improved over time.
In relatively cronologic order here are the DDOS tools that are in use today:
Trinoo, or Trin00 appeared in 1999 is a distributed SYN DoS attack
The Tribe Flood Network (TFN) is able to implement attacks such as ICMP flood, SYN flood, UDP flood, and SMURF. Communication from the TFN client to daemons is accomplished via ICMP ECHO REPLY packets. The absence of TCP and UDP traffic sometimes makes these packets difficult to detect because many protocol monitoring tools are not even configured to capture and display the ICMP traffic.
Stacheldraht is a combination between trinoo and TFN. Additionally it encrypts master – attacker traffic and the agents (the zombies – computers from where the DDOS attack is launched) have the possibility of auto updating.
Apache DDOS – it uses a vulnerability in Apache versions prior to 1.2.5 (a URL sent to an Apache Web server containing thousands of forward slashes (“/”) would put the server into a state that would consume enormous CPU time)
Trinity. This distributed denial-of-service attack has the interesting feature that the communication between the intruder and his agents/zombies is accomplished via Internet Relay Chat (IRC) or AOL’s ICQ which makes it even harder to track it back.
Shaft DDoS, similar to trinoo has the ability to configure the packet size and duration of the attack.
Tribe Flood Network 2K (TFN2K) TFN2K is a complex variant of the original TFN with features designed specifically to make TFN2K traffic difficult to recognize and filter, remotely execute commands, hide the true source of the attack using IP address spoofing, and transport TFN2K traffic over multiple transport protocols including UDP, TCP, and ICMP. TFN2K attacks include flooding (as in TFN) and those designed to crash or introduce instabilities in systems by sending malformed or invalid packets, such as those found in the Teardrop and Land attacks.
SubSeven Defcon8 – while this is not a DDOS tools it’s a worm used to collect zombies computer. It can spread through websites (adult sites…), email etc…