| Vulnerability Name: | CVE-2000-0138 (CCN-2245) | ||||||||
| Assigned: | 1999-05-15 | ||||||||
| Published: | 1999-05-15 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | A system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K), (4) stacheldraht, (5) mstream, or (6) shaft. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: MITRE Type: CNA CVE-2000-0138 Source: BUGTRAQ Type: UNKNOWN 20000429 Source code to mstream, a DDoS tool Source: BUGTRAQ Type: UNKNOWN 20000501 Re: Source code to mstream, a DDoS tool Source: CCN Type: F-Secure Virus Definitions SubSeven Source: CCN Type: Internet Security Systems Security Alert #30 Windows Backdoor Update III Source: ISS Type: UNKNOWN 20000502 "mstream" Distributed Denial of Service Tool Source: XF Type: UNKNOWN backdoor-subseven(2245) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2000-0138 (CCN-3756) | ||||||||
| Assigned: | 1999-12-30 | ||||||||
| Published: | 1999-12-30 | ||||||||
| Updated: | 1999-12-30 | ||||||||
| Summary: | Tribe Flood Network 2000 (TFN2k) is a distributed denial of service tool that can perform a number of different types of floods against a host. Denial of service attacks can cause the target system to crash.
The TFN2k tool consists of a client and a daemon. The client controls one or more daemons, which flood a targeted host. The client can use UDP, TCP, or ICMP to communicate with the daemon and can spoof (fake) the source IP address of outgoing packets. Communication between the client and daemon is encrypted. | ||||||||
| CVSS v3 Severity: | 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2000-0138 Source: CCN Type: CERT Advisory CA-1999-17 Denial-of-Service Tools Source: CCN Type: Cisco Systems White Paper, February 17, 2000 Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks Source: CCN Type: Internet Security Systems Security Alert #43 Denial of Service Attack using the TFN2K and Stacheldraht programs Source: CCN Type: National Infrastructure Protection Center Advisory December 30, 1999 TRINOO/Tribal Flood Net/tfn2k Source: XF Type: UNKNOWN tfn2k-dos(3756) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2000-0138 (CCN-3757) | ||||||||
| Assigned: | 1999-08-15 | ||||||||
| Published: | 1999-08-15 | ||||||||
| Updated: | 1999-08-15 | ||||||||
| Summary: | Stacheldraht is a distributed denial of service tool based on the source code of the Tribe Flood Network (TFN) and Trin00 tools. In addition to providing the features of these tools, Stacheldraht encrypts most of its communication between clients, master servers (sometimes known as handlers), and agents. Although stacheldraht does encrypt the control channel between master and agent, it does not encrypt the ICMP heartbeat packets that the agent sends to the master. Stacheldraht can also remotely upgrade agents with an account and server name using the rcp command.
Stacheldraht was designed to be built and installed on compromised Linux and Solaris systems, but it potentially could be installed on any system by modifying the source code. | ||||||||
| CVSS v3 Severity: | |||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2000-0138 Source: CCN Type: Dave Dittrich Papers/Articles/Reports The "stacheldraht" distributed denial of service attack tool Source: CCN Type: CERT Advisory CA-2000-01 Denial of Service Developments Source: CCN Type: CERT Incident Note IN-99-04 Similar Attacks Using Various RPC Services Source: CCN Type: CIAC Information Bulletin K-072 New Variants of Trinity and Stacheldraht DDoS Source: CCN Type: Cisco Systems White Paper, February 17, 2000 Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks Source: CCN Type: Internet Security Systems Security Alert #43 Denial of Service Attack using the TFN2K and Stacheldraht programs Source: XF Type: UNKNOWN stacheldraht-dos(3757) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2000-0138 (CCN-4370) | ||||||||
| Assigned: | 2000-05-03 | ||||||||
| Published: | 2000-05-03 | ||||||||
| Updated: | 2000-05-03 | ||||||||
| Summary: | The mstream program is a distributed denial of service tool based on the "stream.c" attack.This tool includes a "master controller" and a "zombie." The master controller is the portion of the tool that controls all of the zombie agents. An attacker connects to the master controller using Telnet to control the zombies. Communications between the client, master, and zombie are not encrypted.
Using a slightly modified version of the stream.c attack, the zombie slows a computer down by using up CPU cycles. The attack also consumes network bandwidth. In addition to the incoming ACK packets, the target host will consume bandwidth when it tries to send TCP RST packets to non-existent IP addresses. Routers will then return ICMP host/network unreachable packets to the victim, resulting in more bandwidth starvation. The distributed method of attack multiplies the effect on the CPU, as well as consuming large amounts of network bandwidth. | ||||||||
| CVSS v3 Severity: | |||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2000-0138 Source: CCN Type: CIAC Information Bulletin K-037 "mstream" Distributed Denial of Service Tool Source: CCN Type: Internet Security Systems Security Alert #48 "mstream" Distributed Denial of Service Tool Source: XF Type: UNKNOWN ddos-mstream-zombie(4370) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2000-0138 (CCN-4371) | ||||||||
| Assigned: | 2000-05-03 | ||||||||
| Published: | 2000-05-03 | ||||||||
| Updated: | 2000-05-03 | ||||||||
| Summary: | The mstream program is a distributed denial of service tool based on the "stream.c" attack. This tool includes a "master controller" and a "zombie." The master controller is the portion of the tool that controls all of the zombie agents. An attacker connects to the master controller using Telnet to control the zombies. Communications between the client, master, and zombie are not encrypted.
Using a slightly modified version of the stream.c attack, the zombie slows a computer down by using up CPU cycles. The attack also consumes network bandwidth. In addition to the incoming ACK packets, the target host will consume bandwidth when it tries to send TCP RST packets to non-existent IP addresses. Routers will then return ICMP host/network unreachable packets to the victim, resulting in even more bandwidth usage. The distributed method of attack multiplies the effect on the CPU, as well as the consumption of large amounts of network bandwidth. | ||||||||
| CVSS v3 Severity: | |||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2000-0138 Source: CCN Type: CIAC Information Bulletin K-037 "mstream" Distributed Denial of Service Tool Source: CCN Type: Internet Security Systems Security Alert #48 "mstream" Distributed Denial of Service Tool Source: XF Type: UNKNOWN ddos-mstream-master(4371) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2000-0138 (CCN-5256) | ||||||||
| Assigned: | 2000-09-06 | ||||||||
| Published: | 2000-09-06 | ||||||||
| Updated: | 2000-09-06 | ||||||||
| Summary: | Trinity is a distributed denial of service tool for Linux that is controlled by IRC (Internet Relay Chat). The Trinity agent connects to an Undernet IRC server and waits for commands to be sent to the channel. Trinity can perform 8 different types of floods: UDP flood, Fragment flood, SYN flood, RST flood, random flags flood, ACK flood, establish flood, and null flood. | ||||||||
| CVSS v3 Severity: | |||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: MITRE Type: CNA CVE-2000-0138 Source: CCN Type: CIAC Information Bulletin K-072 New Variants of Trinity and Stacheldraht DDoS Source: CCN Type: Internet Security Systems Security Alert #59 Trinity v3 Distributed Denial of Service tool Source: CCN Type: National Infrastructure Protection Center 00-055 "Trinity v3/ Stacheldraht 1.666" Distributed Denial of Service Tool Source: XF Type: UNKNOWN irc-trinity(5256) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2000-0138 (CCN-5279) | ||||||||
| Assigned: | 2000-09-25 | ||||||||
| Published: | 2000-09-25 | ||||||||
| Updated: | 2000-09-25 | ||||||||
| Summary: | Stacheldraht is a distributed denial of service tool based on the source code of the Tribe Flood Network (TFN) and Trin00 tools. In addition to providing the features of these tools, Stacheldraht encrypts most of its communication between clients, master servers (sometimes known as handlers), and agents.
Variants of Stacheldraht such as "Stacheldraht 1.666+antigl+yps" and "Stacheldraht 1.666+smurf+yps" have been created that use many additional commands. These new commands allow an attacker to use Stacheldraht to perform many different types of floods, including TCP ACK floods, NULL floods, stream floods, "HAVOC" floods, and IRC message floods. | ||||||||
| CVSS v3 Severity: | |||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2000-0138 Source: CCN Type: CIAC Information Bulletin K-032 DDoS Mediation Action List Source: CCN Type: Internet Security Systems Security Alert #61 New Variants of Trinity and Stacheldraht Distributed Denial of Service Tools Source: CCN Type: National Infrastructure Protection Center 00-055 "Trinity v3/ Stacheldraht 1.666" Distributed Denial of Service Tool Source: CCN Type: SANS Institute Resources Web site Help Defeat Denial of Service Attacks: Step-by-Step Source: XF Type: UNKNOWN stacheldraht-variants-dos(5279) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2000-0138 (CCN-5349) | ||||||||
| Assigned: | 2000-10-09 | ||||||||
| Published: | 2000-10-09 | ||||||||
| Updated: | 2000-10-09 | ||||||||
| Summary: | The SubSeven DEFCON8 2.1 backdoor is an updated version of the SubSeven backdoor. Similar to previously released versions of the SubSeven backdoor, the SubSeven DEFCON8 2.1 backdoor notifies an attacker when it has been installed on a system and allows the attacker to obtain cached passwords, play audio files, view a Webcam, and capture images of your screen.
The SubSeven DEFCON8 2.1 backdoor has been distributed with file names such as "SexxxyMovie.mpeg.exe" on Usenet newsgroups. Each installation of the backdoor server is configured to use a random file name. Once installed, the backdoor server joins an IRC (Internet Relay Chat) channel on irc.icq.com to notify the attacker that a system has been infected and (unlike other SubSeven versions) listens on port 16959 for client connections. Once connected to port 16959, the server displays "PWD" and prompts for a password. The password for the SubSeven DEFCON8 2.1 backdoor server is "acidphreak". A successful client login will return a banner similar to the following text: "connected. 14:43.41 - October 6, 2000, Friday, version: DEFCON8 2.1". This version of SubSeven only works on Windows 95 and Windows 98. Most of the computers infected to date appear to be home computers using high-speed cable modem or DSL connections. More information on previous versions of the SubSeven backdoor is available from Internet Security Systems Security Advisory #30. See References. | ||||||||
| CVSS v3 Severity: | |||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: MITRE Type: CNA CVE-2000-0138 Source: CCN Type: Internet Security Systems Security Alert #30 Windows Backdoor Update III Source: CCN Type: Internet Security Systems Security Alert #65 Widespread incidents of SubSeven DEFCON8 2.1 Backdoor Source: CCN Type: National Infrastructure Protection Center Advisory 00-056 "SubSeven DEFCON8 2.1 Backdoor" Trojan Source: CCN Type: National Infrastructure Protection Center Advisory 00-063 "New Year's DDoS Advisory" Source: XF Type: UNKNOWN backdoor-subseven-defcon8(5349) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2000-0138 (CCN-6550) | ||||||||
| Assigned: | 2001-03-12 | ||||||||
| Published: | 2001-03-12 | ||||||||
| Updated: | 2001-03-12 | ||||||||
| Summary: | SubSeven 2.2 backdoor is an updated version of the SubSeven backdoor. SubSeven is a powerful backdoor program, and is the most popular backdoor used against Windows systems. SubSeven allows an attacker to perform actions such as a shut down or restart of a computer, retrieve most saved and cached passwords, modify the system registry, and upload, download, and delete files from a system.
This new version, 2.2, has been updated with features that make it easier for a malicious user to access your computer system without your knowledge or consent. New functionality in SubSeven 2.2 includes: -SOCKS4/SOCKS5 Proxy Support -Packet Sniffer -Ability to Listen on a Random Port -Expanded Notification Capability -Ability to E-mail Keystroke Logs -Modular Design and SDK More information on previous versions of the SubSeven backdoor is available from Internet Security Systems Security Advisories #30 and #65. See References. | ||||||||
| CVSS v3 Severity: | |||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-1999-0660 Source: MITRE Type: CNA CVE-2000-0138 Source: CCN Type: Internet Security Systems Security Alert #30 Windows Backdoor Update III Source: CCN Type: Internet Security Systems Security Alert #65 Widespread incidents of SubSeven DEFCON8 2.1 Backdoor Source: CCN Type: Internet Security Systems Security Alert #73 A New Version of the SubSeven Backdoor Source: XF Type: UNKNOWN backdoor-subseven-update(6550) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||