- What is UFONet? It is a toolkit designed to launch DDoS and DoS attacks.
- What is a DDoS attack? A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it (for example, with traffic...) from multiple sources.
- What is a DoS attack? A Denial of Service (DoS) attack is an attempt to make an online service unavailable by overwhelming it (for example, with traffic...) from a single source.
- What is a Botnet? A Botnet is a collection of computers often referred to as "zombies" that allows an attacker to control them. It is commonly used to make DDoS attacks.
- What is the philosophy behind UFONet? "On a samurai sword or even any tool, what matters is who goes to use it and for what, not who builds it and when..."
- Why can UFONet be more special, than for example, other botnets previously built? Because UFONet tries not living traces (IPs, etc...) from the origin of the attack. And of course, because it is free/libre. ;-)
- How does UFONet work technically? UFONet is a tool designed to launch Layer 7 (APP/HTTP) DDoS attacks, using 'Open Redirect' vectors, generally located on third-party web applications (a botnet) and other powerful DoS attacks, some including different OSI model layers, as for example the TCP/SYN flood attack, which is performed on Layer 3 (Network).
- Is UFONet a "strong" botnet? Well!. It depends on how you understand a botnet as "strong". If you understand it as;
This schema shows you how the architecture of the requests are made when performing a simple HTTP/WebAbuse DDoS attack.
* privacy; UFONet is the best -ninja- DDoS/DoS tool... * traffic volume; it depends on; 'zombies', bandwidth, target's conf, etc...With UFONet it's not about having a lot of 'zombies', it's more about those you have work properly. If they are nice, you can 'defeat' a 'small' webserver just with a 'couple of dozens'.
Or for example, in a scenario in which a target is using a VPS service with some limited bandwidth rate (ex: 1GB/month) for the attacker is just a matter of time to run the tool and wait until traffic (noise) reaches the maximum limit that closes the service.
Commonly people understand a botnet as an individual tool but UFONet is also a P2P/darknet, that can be used to connect others machines and to run complex schemas involving other people working cooperatively: sharing 'zombies', reporting statistics (with rankings, clans)...
Therefore, UFONet can also be defined fundamentally, as: a botnet of botnets, which is obviously a harder and effective way to overwhelm an objective, than when a single person tries it individually.
* Zombie: HTTP GET 'Open Redirect' bot ex: https://ZOMBIE.com/check?uri=$TARGET * Droid: HTTP GET 'Open Redirect' bot with params ex: https://ZOMBIE.com/css-validator/validator?uri=$TARGET&profile=css3 * Alien: HTTP POST 'Open Redirect' bot ex: https://ZOMBIE.com/analyze.html;$POST;url=$TARGET * Drone: HTTP 'Web Abuse' bot ex: https://www.isup.me/$TARGET * X-RPC: XML-RPC Vulnerability ex: https://ZOMBIE.com/xmlrpc.php
[DDoS] amplification / reflection: - FRAGGLE: https://en.wikipedia.org/wiki/Fraggle_attack - TACHYON: https://en.wikipedia.org/wiki/DNS_amplification_attack - MONLIST: https://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse - SMURF: https://en.wikipedia.org/wiki/Smurf_attack - SNIPER: https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol - MEMCACHED: https://en.wikipedia.org/wiki/Memcached - CHARGEN: https://en.wikipedia.org/wiki/Character_Generator_Protocol - CLDAP: https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol - SSDP: https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol - QOTD: https://en.wikipedia.org/wiki/QOTD - TFTP: https://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol - WSDISCO: https://en.wikipedia.org/wiki/WS-Discovery - COAP: https://en.wikipedia.org/wiki/Constrained_Application_Protocol - MSSQL: https://en.wikipedia.org/wiki/Microsoft_SQL_Server - ARMS: https://en.wikipedia.org/wiki/Apple_Remote_Desktop - PLEX: https://en.wikipedia.org/wiki/Plex_(software) - NETBIOS: https://en.wikipedia.org/wiki/NetBIOS - RIPV1: https://en.wikipedia.org/wiki/Routing_Information_Protocol - SPRAY: https://en.wikipedia.org/wiki/Denial-of-service_attack#Reflected_attack - MIDDLEBOX: https://en.wikipedia.org/wiki/Network_middlebox - DBSTRESS: https://en.wikipedia.org/wiki/SQL_injection [ DoS] direct floods: - LOIC: https://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon - LORIS: https://en.wikipedia.org/wiki/Slowloris_(software) - SLOWREAD: https://en.wikipedia.org/wiki/Slowloris_(software) - GOLDENEYE: https://en.wikipedia.org/wiki/Denial-of-service_attack#Application-layer_attacks - RAPIDRESET: https://en.wikipedia.org/wiki/HTTP/2 - UFOSYN: https://en.wikipedia.org/wiki/SYN_flood - XMAS: https://en.wikipedia.org/wiki/Christmas_tree_packet - NUKE: https://en.wikipedia.org/wiki/Sockstress - UFOACK: https://en.wikipedia.org/wiki/Denial-of-service_attack - UFORST: https://en.wikipedia.org/wiki/TCP_reset_attack - FINFLOOD: https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Connection_termination - DROPER: https://en.wikipedia.org/wiki/IP_fragmentation_attack - OVERLAP: https://en.wikipedia.org/wiki/IP_fragmentation_attack#Overlapping_fragment_attack - PINGER: https://en.wikipedia.org/wiki/Ping_flood - UFOUDP: https://en.wikipedia.org/wiki/UDP_flood_attack
-m TARGET,
and multiple mods can be concatenated in a single command:
sudo ./ufonet -m http://target.com --ssdp 50 --chargen 50 --loic 50If a mod has no resources (placeholder reflectors), UFONet informs you, skips it, and continues with the next mod in the chain.
Also you can stay in touch reporting on my "mothership" (using BOARD provided by default).
If nobody gets back to you, then drop me an e-mail.