"dds" is a program to scan for a limited set of distributed denial of

service (ddos) agents.

At present, it scans for active instances of "trinoo", "Tribe Flood
Network" ("TFN") and "stacheldraht" agents, which were compiled
using the default values in known source distributions.
It will *not* detect TFN2K agents.

6 files changed, 66 insertions, 0 deletions

diff --git a/security/ddos_scan/Makefile b/security/ddos_scan/Makefile
new file mode 100644
index 000000000000..5081e8e14d09
--- /dev/null
+++ b/security/ddos_scan/Makefile
@@ -0,0 +1,27 @@
+# ex:ts=8
+# Ports collection makefile for:  ddos_scan
+# Version required:		  1.6
+# Date created:			  Sun Feb 12, 2000
+# Whom:				  David O'Brien (obrien@NUXI.com)
+#
+# $FreeBSD$
+#
+
+DISTNAME=	ddos_scan
+PKGNAME=	ddos_scan-1.6
+CATEGORIES=	security
+MASTER_SITES=	http://staff.washington.edu/dittrich/misc/
+EXTRACT_SUFX=	.tar
+
+MAINTAINER=	obrien@FreeBSD.org
+
+ALL_TARGET=	dds
+
+do-install:
+	@${INSTALL_PROGRAM} ${WRKSRC}/dds ${PREFIX}/sbin
+.if !defined(NOPORTDOCS)
+	@${MKDIR} ${PREFIX}/share/doc/ddos_scan
+	@${INSTALL_MAN} ${WRKSRC}/README ${PREFIX}/share/doc/ddos_scan
+.endif
+
+.include <bsd.port.mk>
diff --git a/security/ddos_scan/distinfo b/security/ddos_scan/distinfo
new file mode 100644
index 000000000000..180a527a23d1
--- /dev/null
+++ b/security/ddos_scan/distinfo
@@ -0,0 +1 @@
+MD5 (ddos_scan.tar) = eee80e78d59de7667967e20fe57441d0
diff --git a/security/ddos_scan/files/patch-Makefile b/security/ddos_scan/files/patch-Makefile
new file mode 100644
index 000000000000..6a00e8fb52d7
--- /dev/null
+++ b/security/ddos_scan/files/patch-Makefile
@@ -0,0 +1,15 @@
+--- Makefile.orig	Mon Jan 10 13:14:31 2000
++++ Makefile	Sun Feb 13 17:53:23 2000
+@@ -1,10 +1,10 @@
+ # Makefile for ddos_scan (dds).
+ # $Revision: 1.1 $
+ 
+-CFLAGS=
++#CFLAGS=
+ 
+ # For Solaris 2.5.1 and above, uncomment the following line.
+-LIBS=-lresolv -lsocket -lnsl
++#LIBS=-lresolv -lsocket -lnsl
+ 
+ default:
+ 	@clear
diff --git a/security/ddos_scan/pkg-comment b/security/ddos_scan/pkg-comment
new file mode 100644
index 000000000000..ed0ac1ebdcd8
--- /dev/null
+++ b/security/ddos_scan/pkg-comment
@@ -0,0 +1 @@
+Scans for a limited set of distributed denial of service agents
diff --git a/security/ddos_scan/pkg-descr b/security/ddos_scan/pkg-descr
new file mode 100644
index 000000000000..bb93a0a8f37e
--- /dev/null
+++ b/security/ddos_scan/pkg-descr
@@ -0,0 +1,21 @@
+"dds" is a program to scan for a limited set of distributed denial of
+service (ddos) agents.
+
+At present, it scans for active instances of "trinoo", "Tribe Flood
+Network" ("TFN") and "stacheldraht" agents, which were compiled
+using the default values in known source distributions, such as those
+found at:
+
+	http://packetstorm.securify.com/distributed/
+
+It will *not* detect TFN2K agents.
+
+For analyses of the three distributed denial of service attack
+tools it scans for, and the methods being used by dds to identify
+them, see:
+
+	http://staff.washington.edu/dittrich/misc/trinoo.analysis
+	http://staff.washington.edu/dittrich/misc/tfn.analysis
+	http://staff.washington.edu/dittrich/misc/stacheldraht.analysis
+
+WWW:	http://www.washington.edu/People/dad/
diff --git a/security/ddos_scan/pkg-plist b/security/ddos_scan/pkg-plist
new file mode 100644
index 000000000000..4b63d4f97681
--- /dev/null
+++ b/security/ddos_scan/pkg-plist
@@ -0,0 +1 @@
+sbin/dds