aboutsummaryrefslogtreecommitdiff
path: root/security/zombiezapper
diff options
context:
space:
mode:
authorKris Kennaway <kris@FreeBSD.org>2000-02-20 10:29:12 +0000
committerKris Kennaway <kris@FreeBSD.org>2000-02-20 10:29:12 +0000
commit90d213a393856238425f70a60c925d458836fc4d (patch)
tree212f88502be7753d7b64d1f64842b65868c0818f /security/zombiezapper
parentbca78cdfb3c66ff51eb7c9ed4eca6632a30a1fbd (diff)
Zombiezapper sends commands to DDoS agents to stop flooding, leaving them
around for further forensics. As with most of the DDoS tools, this assumes the agents are using the default settings.
Notes
Notes: svn path=/head/; revision=26027
Diffstat (limited to 'security/zombiezapper')
-rw-r--r--security/zombiezapper/Makefile33
-rw-r--r--security/zombiezapper/distinfo1
-rw-r--r--security/zombiezapper/files/patch-aa56
-rw-r--r--security/zombiezapper/pkg-comment1
-rw-r--r--security/zombiezapper/pkg-descr12
-rw-r--r--security/zombiezapper/pkg-plist4
6 files changed, 107 insertions, 0 deletions
diff --git a/security/zombiezapper/Makefile b/security/zombiezapper/Makefile
new file mode 100644
index 000000000000..5aa5e71b5c3f
--- /dev/null
+++ b/security/zombiezapper/Makefile
@@ -0,0 +1,33 @@
+# Ports collection makefile for: zombiezapper
+# Version required: 1.0
+# Date created: 19 Feb 2000
+# Whom: Kris Kennaway <kris@FreeBSD.org>
+#
+# $FreeBSD$
+#
+
+DISTNAME= zombie
+PKGNAME= zombiezapper-1.0
+CATEGORIES= security
+MASTER_SITES= http://razor.bindview.com/tools/files/
+EXTRACT_SUFX= .tar
+
+MAINTAINER= kris@FreeBSD.org
+
+BUILD_DEPENDS= ${LOCALBASE}/bin/libnet-config:${PORTSDIR}/net/libnet/
+
+LIBNETCONF= ${LOCALBASE}/bin/libnet-config
+
+do-build:
+ cd ${WRKSRC} && \
+ ${CC} ${CFLAGS} -o zz zz.c `${LIBNETCONF} --cflags` `${LIBNETCONF} --defines` `${LIBNETCONF} --libs` -L${LOCALBASE}/lib -I${LOCALBASE}/include
+
+do-install:
+ ${INSTALL_PROGRAM} ${WRKSRC}/zz ${PREFIX}/bin/
+.if !defined(NOPORTDOCS)
+ ${MKDIR} ${PREFIX}/share/doc/zz/
+ ${INSTALL_DATA} ${WRKSRC}/USAGE ${PREFIX}/share/doc/zz/
+ ${INSTALL_DATA} ${WRKSRC}/tekpaper.txt ${PREFIX}/share/doc/zz/
+.endif
+
+.include <bsd.port.mk>
diff --git a/security/zombiezapper/distinfo b/security/zombiezapper/distinfo
new file mode 100644
index 000000000000..f22d316d75b4
--- /dev/null
+++ b/security/zombiezapper/distinfo
@@ -0,0 +1 @@
+MD5 (zombie.tar) = cda205b3ccd0c6d014498a8d204e259d
diff --git a/security/zombiezapper/files/patch-aa b/security/zombiezapper/files/patch-aa
new file mode 100644
index 000000000000..2e9da1c15d08
--- /dev/null
+++ b/security/zombiezapper/files/patch-aa
@@ -0,0 +1,56 @@
+--- zz.c.orig Tue Feb 15 08:51:12 2000
++++ zz.c Sun Feb 20 01:59:12 2000
+@@ -94,7 +94,7 @@
+ union
+ {
+ struct in_addr addr;
+- ulong temp_ip;
++ u_long temp_ip;
+ } ip;
+
+ for (i = 0; i < 256; i++)
+@@ -159,27 +159,27 @@
+ case 1:
+ data_len = strlen(TRINOO_DATA);
+ for (p=0;p<data_len;p++) data[p] = TRINOO_DATA[p];
+- header = LIBNET_UDP_H;
++ header = UDP_H;
+ id = 41072;
+ proto = IPPROTO_UDP;
+ break;
+ case 2:
+ data_len = strlen(TFN_DATA);
+ for (p=0;p<data_len;p++) data[p] = TFN_DATA[p];
+- header = LIBNET_ICMP_ECHO_H;
++ header = ICMP_ECHO_H;
+ id = 567;
+ proto = IPPROTO_ICMP;
+ break;
+ case 3:
+ data_len = 0;
+- header = LIBNET_ICMP_ECHO_H;
++ header = ICMP_ECHO_H;
+ id = 3;
+ proto = IPPROTO_ICMP;
+ break;
+ }
+
+ /* compute packet size */
+- packet_size = LIBNET_IP_H + header + data_len;
++ packet_size = IP_H + header + data_len;
+
+ /* get mem for packet */
+ libnet_init_packet(packet_size, &packet);
+@@ -207,10 +207,10 @@
+ switch (proto)
+ {
+ case IPPROTO_ICMP:
+- libnet_build_icmp_echo(ICMP_ECHOREPLY,0,id,0,data,data_len,packet + LIBNET_IP_H);
++ libnet_build_icmp_echo(ICMP_ECHOREPLY,0,id,0,data,data_len,packet + IP_H);
+ break;
+ case IPPROTO_UDP:
+- libnet_build_udp(sport,27444,data,data_len,packet + LIBNET_IP_H);
++ libnet_build_udp(sport,27444,data,data_len,packet + IP_H);
+ break;
+ }
+
diff --git a/security/zombiezapper/pkg-comment b/security/zombiezapper/pkg-comment
new file mode 100644
index 000000000000..bff3fdf3a853
--- /dev/null
+++ b/security/zombiezapper/pkg-comment
@@ -0,0 +1 @@
+Send a terminate command to Trinoo/TFN/Stacheldracht DDoS agents.
diff --git a/security/zombiezapper/pkg-descr b/security/zombiezapper/pkg-descr
new file mode 100644
index 000000000000..1ef81fb0a326
--- /dev/null
+++ b/security/zombiezapper/pkg-descr
@@ -0,0 +1,12 @@
+Zombie Zapper works against Trinoo, TFN, and Stacheldraht. Assuming
+that the default passwords have not been changed, you can simply use
+the same commands that an attacker would use to stop the flood. On
+Trinoo, it does stop the daemon entirely (although it is typically
+set to be restarted by cron, silently awaiting more commands), but
+on TFN and Stacheldraht the flooding just stops. This gives you the
+advantage of telling the daemon to stop flooding without stopping
+the daemon, allowing you to take a little more time in tracking down
+where they are, and more importantly, how they got there in the first
+place.
+
+WWW: http://razor.bindview.com/tools/ZombieZapper_form.shtml
diff --git a/security/zombiezapper/pkg-plist b/security/zombiezapper/pkg-plist
new file mode 100644
index 000000000000..0f32954000e5
--- /dev/null
+++ b/security/zombiezapper/pkg-plist
@@ -0,0 +1,4 @@
+bin/zz
+share/doc/zz/USAGE
+share/doc/zz/tekpaper.txt
+@dirrm share/doc/zz