Rules for the Snort IDS to detect trinoo. This rules work only as long as the ports/passwords/protocol aren't changed.
9fcda51f95f3667603e76ac938fe89c545edda9dc68c9f6af095f4f059bf4f97
Results of the Distributed-Systems Intruder Tools Workshop (Nov 2-4, 1999). Several distributed intruder tools are in widespread use now, and the technology is maturing. As a result, a single command from an attacker can result in tens of thousands of concurrent attacks.
8b00c34553af24954aaa094e37bc7bc7c6a40a85b44fbaa778b7a8dd07d54f5e
Blitznet launches a distributed syn flood attack with spoofed source IP, without logging.
7e13767a2fae8ed723cb49b74266f24f2085c49ab06b7cd89d66b692b116ecba
Trinoo daemon source - Implements a distributed denial of service attack. Controlled via UDP.
ef6f8c0870efe8b6a80b4c51f17562d1c0a6e09003b9babc6566380d885899df
A new model of computer penetration: distributed metastasis, increases the possible depth of penetration for an attacker, while minimizing the possibility of detection. Distributed Metastasis is a non-trivial methodology for computer penetration, based on an agent based approach, which points to a requirement for more sophisticated attack detection methods and software to detect highly skilled attackers.
beba08453b6e2fc4e42ff64ec76baae27548d72db79c96ed5316c710bf74389d
Saltine Cracker v1.05 is a TCP/IP Distributed Network Password Auditing Tool for NTHASH (MD4) and POSIX LibDES Crypt(3) passwords. With the incorporated cross-compatiblity, you can audit Win9X/NT client passwords attached to POSIX servers and vice-versa.
91cf7698d5379818d783a9079473191fda426f5dc376f92eae9bbfa65c882c05
Slurpie v2.0b - Slurpie is a passwd file cracker similar to CrackerJack and John the Ripper except that it runs in a distributed environment. It supports file based and generated dictionary comparison.
eacaf1bcf10db62c16fab0e5a4ccee347df8bf21cca418da96206a2d1aaf6bcb
The following is an analysis of the "Tribe Flood Network", or "TFN", by Mixter. TFN is ai powerful distributed attack tool and backdoor currently being developed and tested on a large number of compromised Unix systems on the Internet. TFN source available here.
d193538a169810294d7efa1f1fe84ac8f4f4364fdd347856fd7ca36bf6ad472c
The following is an analysis of the DoS Project's "trinoo" (a.k.a. "trin00") master/slave programs, which implement a distributed network denial of service tool. Trinoo daemons were originally found in binary form on a number of Solaris 2.x systems, and probably being set up on hundreds, perhaps thousands, of systems on the Internet that are being compromised by remote buffer overrun exploitation.
ade704fd58270cb096e8fa0562d14e34c0c9912b911df5400f01ed222fd8dcf2