FAQ.html 8.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130
  1. <center>
  2. <table cellpadding="24" cellspacing="25" border="1">
  3. <tr><td><pre><table><tr><td><center><pre><h1><u>UFONet F.A.Q. v1.8 [Revision: 02/2022]</u></h1>Full Version (updated!) online: <a href="https://ufonet.03c8.net/FAQ.html">https://ufonet.03c8.net/FAQ.html</a><a href="/"></center></td></tr><tr><td><pre><ul><hr>
  4. <li><b>What is UFONet?</b></li>
  5. It is a toolkit designed to launch <a href="https://en.wikipedia.org/wiki/Distributed_denial-of-service" target="_blank">DDoS</a> and <a href="https://en.wikipedia.org/wiki/Denial-of-service_attack" target="_blank">DoS</a> attacks.
  6. <hr>
  7. <li><b>What is a DDoS attack?</b></li>
  8. A Distributed Denial of Service (<a href="https://en.wikipedia.org/wiki/Distributed_denial-of-service" target="_blank">DDoS</a>) <u>attack</u> is an attempt to make an online service
  9. unavailable by overwhelming it (for example, with traffic...) <u>from multiple sources</u>.
  10. <hr>
  11. <li><b>What is a DoS attack?</b></li>
  12. A Denial of Service (<a href="https://en.wikipedia.org/wiki/Denial-of-service_attack" target="_blank">DoS</a>) <u>attack</u> is an attempt to make an online service
  13. unavailable by overwhelming it (for example, with traffic...) <u>from a single source</u>.
  14. <hr>
  15. <li><b>What is a Botnet?</b></li>
  16. A <a href="https://en.wikipedia.org/wiki/Botnet" target="_blank">Botnet</a> is a collection of computers often referred to as "zombies" that allows an attacker
  17. to control them. It is commonly used to make DDoS attacks.
  18. <hr>
  19. <li><b>What is the philosophy behind UFONet?</b></li>
  20. <i>"On a samurai sword or even any tool, what matters is who goes to use it and for what,
  21. not who builds it and when..."</i>
  22. <hr>
  23. <li><b>Why can UFONet be more special, than for example, other botnets previously built?</b></li>
  24. Because UFONet tries not living traces (IPs, etc...) from the origin of the attack. And
  25. of course, because <b><u>it is free/libre</u></b>. ;-)
  26. <hr>
  27. <li><b>How does UFONet work technically?</b></li>
  28. <a href="http://ufonet.03c8.net" target="_blank">UFONet</a> is a tool designed to launch <a href="https://en.wikipedia.org/wiki/OSI_model#Layer_7:_Application_Layer" target="_blank">Layer 7</a> (APP/HTTP) DDoS attacks, using '<a href="http://cwe.mitre.org/data/definitions/601.html" target="_blank">Open Redirect</a>'
  29. vectors, generally located on third-party web applications (a botnet) and other
  30. powerful DoS attacks, some including different <a href="https://en.wikipedia.org/wiki/OSI_model" target="_blank">OSI model</a> layers, as for example
  31. the <i>TCP/SYN flood attack</i>, which is performed on <a href="https://en.wikipedia.org/wiki/OSI_model#Layer_3:_Network_Layer" target="_blank">Layer 3</a> (Network).
  32. This <a href="https://ufonet.03c8.net/ufonet/ufonet-schema.png" target="_blank">schema</a> shows you how the architecture of the requests are made when performing
  33. a simple HTTP/WebAbuse DDoS attack.
  34. <hr>
  35. <li><b>Is UFONet a "strong" botnet?</b></li>
  36. Well!. It depends on how you understand a botnet as "strong". If you understand it as;
  37. * '<u>privacy</u>'; UFONet is the best -ninja- DDoS/DoS tool...
  38. * '<u>traffic volume</u>'; it depends on; 'zombies', bandwidth, target's conf, etc...
  39. With UFONet it's not about having a lot of 'zombies', it's more about those you have
  40. work properly. If they are nice, you can 'defeat' a 'small' webserver just with
  41. a 'couple of dozens'.
  42. Or for example, in a scenario in which a target is using a VPS service with some limited
  43. bandwidth rate (ex: 1GB/month) for the attacker is just a matter of time to run the tool
  44. and wait until traffic (noise) reaches the maximum limit that closes the service.
  45. Commonly people understand a botnet as an individual tool but UFONet is also a <a href="https://en.wikipedia.org/wiki/Peer-to-peer" target="_blank">P2P</a>/<a href="https://en.wikipedia.org/wiki/Darknet" target="_blank">darknet</a>,
  46. that can be used to connect others machines and to run complex schemas involving other people
  47. working cooperatively: sharing 'zombies', reporting statistics (with rankings, clans)...
  48. Therefore, UFONet can also be defined fundamentally, as: <b>a botnet of botnets</b>, which is
  49. obviously a harder and effective way to overwhelm an objective, than when a single person
  50. tries it individually.
  51. <hr>
  52. <li><b>What's the difference between: 'zombies', 'aliens', 'droids', 'ucavs'...?</b></li>
  53. * <u>Zombie</u>: HTTP GET 'Open Redirect' bot
  54. ex: https://ZOMBIE.com/check?uri=$TARGET
  55. * <u>Droid</u>: HTTP GET 'Open Redirect' bot with params
  56. ex: https://ZOMBIE.COM/css-validator/validator?uri=$TARGET&profile=css3
  57. * <u>Alien</u>: HTTP POST 'Open Redirect' bot
  58. ex: https://ZOMBIE.com/analyze.html;$POST;url=$TARGET
  59. * <u>Drone</u>: HTTP 'Web Abuse' bot
  60. ex: https://www.isup.me/$TARGET
  61. * <u>X-RPC</u>: XML-RPC Vulnerability
  62. ex: https://ZOMBIE.COM/xmlrpc.php
  63. <hr>
  64. <li><b>Is it possible to stress target's database using UFONet?</b></li>
  65. Yes, it is. For example, you can order to your 'zombies' to submit random valid requests
  66. on a target's search input form. This floods database with queries.
  67. <hr>
  68. <li><b>Can I directly attack an IP address?</b></li>
  69. Yes, you can.
  70. <hr>
  71. <li><b>What kind of extra attacks does the tool have?</b></li><pre>
  72. - LOIC: <a href="https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon" target="_blank">https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon</a>
  73. - LORIS: <a href="https://en.wikipedia.org/wiki/Slowloris_(software)" target="_blank">https://en.wikipedia.org/wiki/Slowloris_(software)</a>
  74. - UFOSYN: <a href="https://en.wikipedia.org/wiki/SYN_flood" target="_blank">https://en.wikipedia.org/wiki/SYN_flood</a>
  75. - FRAGGLE: <a href="https://en.wikipedia.org/wiki/Fraggle_attack" target="_blank">https://en.wikipedia.org/wiki/Fraggle_attack</a>
  76. - UFORST: <a href="https://ddos-guard.net/en/terminology/attack_type/rst-or-fin-flood" target="_blank">https://ddos-guard.net/en/terminology/attack_type/rst-or-fin-flood</a>
  77. - SPRAY: <a href="https://en.wikipedia.org/wiki/DRDOS" target="_blank">https://en.wikipedia.org/wiki/DRDOS</a>
  78. - SMURF: <a href="https://en.wikipedia.org/wiki/Smurf_attack" target="_blank">https://en.wikipedia.org/wiki/Smurf_attack</a>
  79. - XMAS: <a href="https://en.wikipedia.org/wiki/Christmas_tree_packet" target="_blank">https://en.wikipedia.org/wiki/Christmas_tree_packet</a>
  80. - DROPER: <a href="https://en.wikipedia.org/wiki/IP_fragmentation_attack" target="_blank">https://en.wikipedia.org/wiki/IP_fragmentation_attack</a>
  81. - SNIPER: <a href="https://www.imperva.com/learn/application-security/snmp-reflection/" target="_blank">https://www.imperva.com/learn/application-security/snmp-reflection/</a>
  82. - TACHYON: <a href="https://www.us-cert.gov/ncas/alerts/TA13-088A" target="_blank">https://www.us-cert.gov/ncas/alerts/TA13-088A</a>
  83. - PINGER: <a href="https://www.cloudflare.com/learning/ddos/ping-icmp-flood-ddos-attack/" target="_blank">https://www.cloudflare.com/learning/ddos/ping-icmp-flood-ddos-attack/</a>
  84. - MONLIST: <a href="https://www.us-cert.gov/ncas/alerts/TA14-013A" target="_blank">https://www.us-cert.gov/ncas/alerts/TA14-013A</a>
  85. - UFOACK: <a href="https://www.f5.com/services/resources/glossary/push-and-ack-flood" target="_blank">https://www.f5.com/services/resources/glossary/push-and-ack-flood</a>
  86. - OVERLAP: <a href="https://cyberhoot.com/cybrary/fragment-overlap-attack/" target="_blank">https://cyberhoot.com/cybrary/fragment-overlap-attack/</a>
  87. - UFOUDP: <a href="https://en.wikipedia.org/wiki/UDP_flood_attack" target="_blank">https://en.wikipedia.org/wiki/UDP_flood_attack</a>
  88. - NUKE: <a href="https://dl.packetstormsecurity.net/papers/general/tcp-starvation.pdf" target="_blank">https://dl.packetstormsecurity.net/papers/general/tcp-starvation.pdf</a></pre>
  89. <hr>
  90. <li><b>What is a 'wormhole'?</b></li>
  91. It is an <a href="https://en.wikipedia.org/wiki/Internet_Relay_Chat" target="_blank">IRC</a> gateway to <a href="https://en.wikipedia.org/wiki/Freenode" target="_blank">Freenode</a> where UFONet 'masters' can meet.
  92. <hr>
  93. <li><b>What is a 'blackhole'?</b></li>
  94. It is a <a href="https://en.wikipedia.org/wiki/Peer-to-peer" target="_blank">P2P</a> daemon to share 'zombies' with other UFONet 'masters'.
  95. <hr>
  96. <li><b>Where can I report a bug?</b></li>
  97. You can report errors on: <a href="https://github.com/epsylon/ufonet/issues" target="_blank">Github issues</a>.
  98. Also you can stay in touch reporting on my "mothership" (using BOARD provided by default).
  99. If nobody gets back to you, then drop me an <a href="mailto: epsylon@riseup.net">e-mail</a>.</ul></pre></td></tr></table></pre></td></tr></table></center>