Trinity distributed denial of service tool
| irc-trinity (5256) |  High Risk |
Description:
Trinity is a distributed denial of service tool for Linux that is controlled by IRC (Internet Relay Chat). The Trinity agent connects to an Undernet IRC server and waits for commands to be sent to the channel. Trinity can perform 8 different types of floods: UDP flood, Fragment flood, SYN flood, RST flood, random flags flood, ACK flood, establish flood, and null flood.
Platforms Affected:
- Linux, Kernel
Remedy:
Reinstall the operating system of any system on which a Trinity agent is found.
Consider restricting use of public chat systems, such as IRC, which can pose a legitimate security risk.
Block well-known default Trinity DDOS ports 33270/TCP and 39168/TCP at firewalls and/or routers.
Consequences:
Denial of Service
References:
- CIAC Information Bulletin K-072, New Variants of Trinity and Stacheldraht DDoS at http://www.ciac.org/ciac/bulletins/k-072.shtml.
- Internet Security Systems Security Alert #59, Trinity v3 Distributed Denial of Service tool at http://www.iss.net/xforce/alerts/id/advise59.
- National Infrastructure Protection Center 00-055, "Trinity v3/ Stacheldraht 1.666" Distributed Denial of Service Tool at http://www.nipc.gov/warnings/advisories/2000/00-055.htm.
- CVE-1999-0660: A hacker utility, back door, or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc.
- CVE-2000-0138: A system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K), (4) stacheldraht, (5) mstream, or (6) shaft.
Reported:
Sep 06, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net