Tribe Flood Network 2000

A tool permitting users to take advantage of others’ resources to coordinate a cyber attack against one or many targets, resulting in a Distributed Denial of Service (DDoS) attack. TFN2K consists of two main components: (1) a user-controllable interactive client program on the master and (2) a server process operating on an agent. The role of the master is to tell its agents to attack a set of predetermined targets. The agents then respond by flooding the targets with tons of packets. Many agents, under the control of the master, can work simultaneously during an attack to cause a disruption in access to the target.

The communications from the master to the agents are encrypted and may be mixed in with multiple decoy data packets. Moreover, the master-to-agent communications as well as the attacks can be transmitted by randomized ICMP, TCP, and UDP packets. Also, the master can fake its IP address (known as spoofing). The cleverness of the TFN2K tool makes it difficult to develop effective countermeasures against it.

The original tools designed to conduct DDoS attacks were Trin00 and Tribe Flood Network (TFN). Then came Tribe Flood Network 2000 (TFN2K) and Stacheldraht (meaning “barbed wire” in German). These tools were developed to flood the target with large amounts of network traffic being sent from many locations but remotely controlled by just one client.

See Also: Internet Control Message Protocol (ICMP); IP Address; Packets; Spoofing.