diff options
Diffstat (limited to 'security/zombiezapper')
| -rw-r--r-- | security/zombiezapper/Makefile | 33 | ||||
| -rw-r--r-- | security/zombiezapper/distinfo | 1 | ||||
| -rw-r--r-- | security/zombiezapper/files/patch-aa | 56 | ||||
| -rw-r--r-- | security/zombiezapper/pkg-comment | 1 | ||||
| -rw-r--r-- | security/zombiezapper/pkg-descr | 12 | ||||
| -rw-r--r-- | security/zombiezapper/pkg-plist | 4 |
6 files changed, 107 insertions, 0 deletions
diff --git a/security/zombiezapper/Makefile b/security/zombiezapper/Makefile new file mode 100644 index 000000000000..5aa5e71b5c3f --- /dev/null +++ b/security/zombiezapper/Makefile @@ -0,0 +1,33 @@ +# Ports collection makefile for: zombiezapper +# Version required: 1.0 +# Date created: 19 Feb 2000 +# Whom: Kris Kennaway <kris@FreeBSD.org> +# +# $FreeBSD$ +# + +DISTNAME= zombie +PKGNAME= zombiezapper-1.0 +CATEGORIES= security +MASTER_SITES= http://razor.bindview.com/tools/files/ +EXTRACT_SUFX= .tar + +MAINTAINER= kris@FreeBSD.org + +BUILD_DEPENDS= ${LOCALBASE}/bin/libnet-config:${PORTSDIR}/net/libnet/ + +LIBNETCONF= ${LOCALBASE}/bin/libnet-config + +do-build: + cd ${WRKSRC} && \ + ${CC} ${CFLAGS} -o zz zz.c `${LIBNETCONF} --cflags` `${LIBNETCONF} --defines` `${LIBNETCONF} --libs` -L${LOCALBASE}/lib -I${LOCALBASE}/include + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/zz ${PREFIX}/bin/ +.if !defined(NOPORTDOCS) + ${MKDIR} ${PREFIX}/share/doc/zz/ + ${INSTALL_DATA} ${WRKSRC}/USAGE ${PREFIX}/share/doc/zz/ + ${INSTALL_DATA} ${WRKSRC}/tekpaper.txt ${PREFIX}/share/doc/zz/ +.endif + +.include <bsd.port.mk> diff --git a/security/zombiezapper/distinfo b/security/zombiezapper/distinfo new file mode 100644 index 000000000000..f22d316d75b4 --- /dev/null +++ b/security/zombiezapper/distinfo @@ -0,0 +1 @@ +MD5 (zombie.tar) = cda205b3ccd0c6d014498a8d204e259d diff --git a/security/zombiezapper/files/patch-aa b/security/zombiezapper/files/patch-aa new file mode 100644 index 000000000000..2e9da1c15d08 --- /dev/null +++ b/security/zombiezapper/files/patch-aa @@ -0,0 +1,56 @@ +--- zz.c.orig Tue Feb 15 08:51:12 2000 ++++ zz.c Sun Feb 20 01:59:12 2000 +@@ -94,7 +94,7 @@ + union + { + struct in_addr addr; +- ulong temp_ip; ++ u_long temp_ip; + } ip; + + for (i = 0; i < 256; i++) +@@ -159,27 +159,27 @@ + case 1: + data_len = strlen(TRINOO_DATA); + for (p=0;p<data_len;p++) data[p] = TRINOO_DATA[p]; +- header = LIBNET_UDP_H; ++ header = UDP_H; + id = 41072; + proto = IPPROTO_UDP; + break; + case 2: + data_len = strlen(TFN_DATA); + for (p=0;p<data_len;p++) data[p] = TFN_DATA[p]; +- header = LIBNET_ICMP_ECHO_H; ++ header = ICMP_ECHO_H; + id = 567; + proto = IPPROTO_ICMP; + break; + case 3: + data_len = 0; +- header = LIBNET_ICMP_ECHO_H; ++ header = ICMP_ECHO_H; + id = 3; + proto = IPPROTO_ICMP; + break; + } + + /* compute packet size */ +- packet_size = LIBNET_IP_H + header + data_len; ++ packet_size = IP_H + header + data_len; + + /* get mem for packet */ + libnet_init_packet(packet_size, &packet); +@@ -207,10 +207,10 @@ + switch (proto) + { + case IPPROTO_ICMP: +- libnet_build_icmp_echo(ICMP_ECHOREPLY,0,id,0,data,data_len,packet + LIBNET_IP_H); ++ libnet_build_icmp_echo(ICMP_ECHOREPLY,0,id,0,data,data_len,packet + IP_H); + break; + case IPPROTO_UDP: +- libnet_build_udp(sport,27444,data,data_len,packet + LIBNET_IP_H); ++ libnet_build_udp(sport,27444,data,data_len,packet + IP_H); + break; + } + diff --git a/security/zombiezapper/pkg-comment b/security/zombiezapper/pkg-comment new file mode 100644 index 000000000000..bff3fdf3a853 --- /dev/null +++ b/security/zombiezapper/pkg-comment @@ -0,0 +1 @@ +Send a terminate command to Trinoo/TFN/Stacheldracht DDoS agents. diff --git a/security/zombiezapper/pkg-descr b/security/zombiezapper/pkg-descr new file mode 100644 index 000000000000..1ef81fb0a326 --- /dev/null +++ b/security/zombiezapper/pkg-descr @@ -0,0 +1,12 @@ +Zombie Zapper works against Trinoo, TFN, and Stacheldraht. Assuming +that the default passwords have not been changed, you can simply use +the same commands that an attacker would use to stop the flood. On +Trinoo, it does stop the daemon entirely (although it is typically +set to be restarted by cron, silently awaiting more commands), but +on TFN and Stacheldraht the flooding just stops. This gives you the +advantage of telling the daemon to stop flooding without stopping +the daemon, allowing you to take a little more time in tracking down +where they are, and more importantly, how they got there in the first +place. + +WWW: http://razor.bindview.com/tools/ZombieZapper_form.shtml diff --git a/security/zombiezapper/pkg-plist b/security/zombiezapper/pkg-plist new file mode 100644 index 000000000000..0f32954000e5 --- /dev/null +++ b/security/zombiezapper/pkg-plist @@ -0,0 +1,4 @@ +bin/zz +share/doc/zz/USAGE +share/doc/zz/tekpaper.txt +@dirrm share/doc/zz |