Trinity distributed denial of service tool

irc-trinity (5256) The risk level is classified as HighHigh Risk

Description:

Trinity is a distributed denial of service tool for Linux that is controlled by IRC (Internet Relay Chat). The Trinity agent connects to an Undernet IRC server and waits for commands to be sent to the channel. Trinity can perform 8 different types of floods: UDP flood, Fragment flood, SYN flood, RST flood, random flags flood, ACK flood, establish flood, and null flood.


Consequences:

Denial of Service

Remedy:

Reinstall the operating system of any system on which a Trinity agent is found.

Consider restricting use of public chat systems, such as IRC, which can pose a legitimate security risk.

Block well-known default Trinity DDOS ports 33270/TCP and 39168/TCP at firewalls and/or routers.

References:

Platforms Affected:

  • Linux Kernel

Reported:

Sep 06, 2000

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page