DDoS attack tool-detailed analysis of TFN2K

This article is a technical analysis of the Distributed Denial of Service (DDoS) attack tool "Tribe Flood Network 2000 (TFN2K. TFN2K is a later version of TFN, a similar attack tool compiled by German famous hacker Mixter.

For more information about the analysis of distributed denial of service attack tools such as Trinoo, TFN, and Stacheldraht, see related documents.

Jiyu

--------

Client-an application used to launch attacks. Attackers can use it to send various commands.

Daemon-processes running on the proxy host receive and respond to commands from the client.

Master-the host that runs the client program.

Proxy-the host that runs the daemon.

Target Host: the target of a distributed attack (host or network ).

What is TFN2K?

------------

TFN2K uses resources of a large number of proxy hosts to conduct coordinated attacks against one or more targets. Currently, hosts on UNIX, Solaris, and Windows NT platforms on the Internet can be used for such attacks, and this tool can be easily transplanted to other system platforms.

TFN2K consists of a client on the master host and a daemon on the proxy host. The host sends a list of target hosts to the proxy. The proxy then performs a Denial-of-Service attack on the target. Multiple proxy hosts controlled by one master can collaborate in the attack process to ensure attack continuity. The network communication between the master and proxy is encrypted, and many fake data packets may be mixed. The entire TFN2K network may use different TCP, UDP, or ICMP packets for communication. In addition, the master can forge its IP address. All these features make it very difficult or inefficient to develop strategies and technologies to defend against TFN2K attacks.

1 2 3 4 Next Page

[Content navigation]
Page 2: Jiyu	2nd page: TFN2K technical insider
Page 1: monitor TFN2K features	Page 1: TFN2K Defense Policy