---------------------------------------------------------------- CometShower Protocol (v1.3) Written by Fire © 2004 CowFight Productions http://www.cowfight.com/ ---------------------------------------------------------------- === CONTENTS =================================================== 1. What is CometShower 2. Protocol - Basic Info - Connection - Synchronization - The Attack - Miscellaneous 3. Conclusion === WHAT IS COMETSHOWER ======================================== CometShower is a GUI-implementation of a standard Distributed Denial of Service Attack (DDoS). One server hosts an attack, while several clients connect to the server. When ready, the server will send information to each of the clients including the target address, etc and will synchronize a mass port flood against a target using the bandwidth of each of the clients. === PROTOCOL =================================================== Just in case someone wanted to make a better client or server, or port it to linux, windows, etc, I am documenting the protocol that the clients and server uses. ¥ Basic Info: The current protocol uses a single-connection architecture with the TCP protocol. The default port number for handling clients is TCP port 32111. Packets are sent unencrypted with the following format: COMMAND:PARAMETER1[:PARAMETER2...] The short command string is sent followed by any parameters separated by colons. This will be the format for all data being sent between clients and servers. ¥ Connection: The connection starts by the server [S] accepting a normal 3-way-handshake TCP connection from the requesting client [C]. The server sends a "To-Socket" command to tell [C] to close and connect to a new location. The syntax for this command is "TS:(PortNumber):(Client ID Number)". The port number moves up one (1) for each requesting client and begins at 32115. The ID number is for synchronizing all the clients. Each client is given it's own ID number starting with 0 and incrementing by 1 each new connection. It's also a security measure to make sure the server is getting the right computer in the right socket. When [C] connects in to the new socket, it will send an authentication message to verify that everything's good to go. The message looks like this: "CONNECT:(Assigned ID Number)". So, the first connection would look like this: S: [Begins listening on port 32111] C: [Connects to S on port 32111] S: TS:32115:0 S: [Closes Connection with C and sets port 32111 back to Listening] S: [Begins listening on port 32115] C: [Connects to S on port 32115] C: CONNECT:0 ¥ Synchronization Whenever the server decides, the Ready-Command can be sent out to alert all users of who the target is for the DDoS attack. The Ready-Command looks like this: "RDY:(Target IP Address):(Target Port):(Length of Attack in ms)". The client will echo a ready command when they have set all the data up and are prepared to attack. The command is in this syntax: "RDY:(Assigned ID Number)". So, an example of a synchronization would look like this: S: RDY:127.0.0.1:10700:5000 C: RDY:0 ¥ The Attack Finally, when everyone has been synced up, we need to flag the attack. To start the attack, the server needs to send the Flood command to each ready client. The flood command looks like this: "FLOOD:NOW". The "NOW" part was eventually going to implement some sort of time structure to count-down to an attack, but it was never created. During the attack, clients will be sending the Dump command very often. The Dump command is a way to let the server computer know how many floods each client has dished out to the target. The syntax: "DUMP:(Assigned ID Number):(Total floods)". This data is usually updated every 1 to 5 seconds or so. ¥ Miscellaneous At any time, the server or client can issue a broadcasted message. If a client receives the "BCAST" command, a window is shown with the following message. The syntax is "BCAST:(Message)". If a client sends the server the BCAST command, the server will forward the packet to everyone on the server. === CONCLUSION ================================================= That's just about it. If you have any questions or comments, e-mail me at Fire@Cowfight.com or message me on KDX at kdx://kdx.cowfight.com:10101/ . Let me know if you make anything with this, I'd like to link to it somehow from my site. I'd be really exited if any of you actually built something from this. Enjoy it.