Tribe Flood Network

Last updated
Tribe FloodNet
Original author(s) Mixter
Stable release
2k
Written in C
Operating system Windows, Solaris, Linux
Size 26.5 kb
Type Botnet
Website http://packetstormsecurity.org/distributed/tfn2k.tgz

The Tribe Flood Network or TFN is a set of computer programs to conduct various DDoS attacks such as ICMP flood, SYN flood, UDP flood and Smurf attack.

The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address. Most devices on a network will, by default, respond to this by sending a reply to the source IP address. If the number of machines on the network that receive and respond to these packets is very large, the victim's computer will be flooded with traffic. This can slow down the victim's computer to the point where it becomes impossible to work on.

First TFN initiated attacks are described in CERT Incident Note 99-04.

CERT Coordination Center

The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center. The CERT/CC researches software bugs that impact software and internet security, publishes research and information on its findings, and works with business and government to improve security of software and the internet as a whole.

TFN2K was written by Mixter, a security professional and hacker based in Germany.

Mixter is a computer security specialist. Mixter first made the transition out of the computer underground into large-scale public awareness, in 2000, at which time newspapers and magazines worldwide mentioned a link to massively destructive and effective distributed denial of service (DDoS) attacks which crippled and shut down major websites. Early reports stated that the FBI-led National Infrastructure Protection Center (NIPC) was questioning Mixter regarding a tool called Stacheldraht. Although Mixter himself was not a suspect, his tool, the "Tribal Flood Network" (TFN) and an update called TFN2K were ultimately discovered as being the ones used in the attacks; causing an estimated $1.7 billion USD in damages.

See also

Stacheldraht

Stacheldraht is malware written by Mixter for Linux and Solaris systems which acts as a distributed denial-of-service (DDoS) agent. This tool detects and automatically enables source address forgery.

The trinoo or trin00 is a set of computer programs to conduct a DDoS attack. It is believed that trinoo networks have been set up on thousands of systems on the Internet that have been compromised by remote buffer overrun exploits.

High Orbit Ion Cannon Open-source network

High Orbit Ion Cannon (HOIC) is an open-source network stress testing and denial-of-service attack application designed to attack as many as 256 URLs at the same time. It was designed to replace the Low Orbit Ion Cannon which was developed by Praetox Technologies and later released into the public domain. The security advisory for HOIC was released by Prolexic Technologies in February 2012.


Related Research Articles

Denial-of-service attack cyber attack disrupting service by overloading the provider of the service

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

Zombie (computing) network connected computer that has been compromised and is used for malicious task without the owner being aware of it

In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service attacks. Most owners of "zombie" computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to fictional zombies. A coordinated DDoS attack by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional zombie films.

Network security consists of the policies and practices adopted to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: It secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

TheForce.Net

TheForce.Net ("TFN") is a Star Wars news website that provides updates on the Star Wars media franchise. The web site launched in 1996 as the "Star Wars Site At Texas A & M." It was founded by Scott Chitwood and Darin Smith. TFN is officially "TheForce.Net, LLC," and is currently part-owned by Philip Wise, who also runs the Star Wars collecting news site Rebelscum.com.

TFN may refer to:

The Freecycle Network nonprofit organization

The Freecycle Network is a nonprofit organization registered in Arizona and as a charity in the United Kingdom. TFN coordinates a worldwide network of "gifting" groups to divert reusable goods from landfills. The network provides a worldwide online registry, organizing the creation of local groups and forums for individuals and nonprofits to offer free items for reuse or recycling and to promote a gift economy.

A LAND attack is a DoS attack that consists of sending a special poison spoofed packet to a computer, causing it to lock up. The security flaw was first discovered in 1997 by someone using the alias "m3lt", and has resurfaced many years later in operating systems such as Windows Server 2003 and Windows XP SP2.

A UDP flood attack is a denial-of-service (DoS) attack using the User Datagram Protocol (UDP), a sessionless/connectionless computer networking protocol.

An XML denial-of-service attack is a content-borne denial-of-service attack whose purpose is to shut down a web service or system running that service. A common XDoS attack occurs when an XML message is sent with a multitude of digital signatures and a naive parser would look at each signature and use all the CPU cycles, eating up all resources. These are less common than inadvertent XDoS attacks which occur when a programming error by a trusted customer causes a handshake to go into an infinite loop.

A web threat is any threat that uses the World Wide Web to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web. They benefit cybercriminals by stealing information for subsequent sale and help absorb infected PCs into botnets.

Low Orbit Ion Cannon open source network stress testing and denial-of-service attack application

Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and denial-of-service attack application, written in C#. LOIC was initially developed by Praetox Technologies, but was later released into the public domain, and now is hosted on several open source platforms.

w3af

w3af is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities for use in penetration testing engagements. The scanner offers a graphical user interface and a command-line interface.

SlowDroid is a denial-of-service attack which allows a single mobile device to take down a network server requiring minimal bandwidth. The attack has been created for research purposes by Maurizio Aiello and developed by Enrico Cambiaso for the IEIIT Institute of the National Research Council of Italy and released as an Android application.

Zemra is a DDoS Bot which was first discovered in underground forums in May 2012.

BASHLITE is malware which infects Linux systems in order to launch distributed denial-of-service attacks (DDoS). Originally it was also known under the name Bashdoor, but this term now refers to the exploit method used by the malware. It has been used to launch attacks of up to 400 Gbps.

R.U.D.Y., short for R U Dead yet, is an acronym used to describe a Denial of Service (DoS) tool used by hackers to perform slow-rate a.k.a. “Low and slow” attacks by directing long form fields to the targeted server. It is known to have an interactive console, thus making it a user-friendly tool. It opens fewer connections to the website being targeted for a long period and keeps the sessions open as long as it is feasible. The amount of open sessions overtires the server or website making it unavailable for the authentic visitors. The data is sent in small packs at an incredibly slow rate; normally there is a gap of ten seconds between each byte but these intervals are not definite and may vary to avert detection.