
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# Trinity is a Distributed Denial of Service tool that is controlled by 
# IRC. In the version that the X-Force has been analyzing, the agent 
# binary is installed on a Linux system at /usr/lib/idle.so. When 
# idle.so is started, it connects to an Undernet IRC server on port 
# 6667.
#
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2000-10-16  Jean-Sebastien Morisset <jsmoriss@jsm-mv.dyndns.org>
#             Initial module written for v5.0.
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

# Undernet servers listed in Trinityv3 binary.
#
undernet_servers="204.127.145.17 216.24.134.10 208.51.158.10 \
	199.170.91.114 207.173.16.33 207.96.122.250 205.252.46.98 \
	216.225.7.155 205.188.149.3 207.69.200.131 207.114.4.35"

for host in $undernet_servers
do
	echo "Reject $INTOPT $NETADDR Trinity v3 Server/tcp -> $host IRC (logged)"
	ipchains -A $OUTCHAIN -j REJECT -p tcp -s $NETADDR $UNPRIVPORTS -d $host 6667 -l
done

unset undernet_servers

