dcd3 fix src.

• Previous message: Ambrose Feinstein: "Re: NetQuake Protocol problem resulting in smurf like effect."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a multi-part message in MIME format.
--------------B8F35AD556BCC9FA58EDB9C5
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

antidcd, a daemon by 'faraway-' on EFNet irc.



--------------B8F35AD556BCC9FA58EDB9C5
Content-Type: text/plain; charset=us-ascii; name="antidcd.c"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="antidcd.c"

// by far
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/ip_tcp.h>
#include <netinet/ip_udp.h>
#include <netinet/ip.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/utsname.h>
#include <stdlib.h>

struct udphdr *udp;
struct iphdr *ip;

unsigned short in_cksum(addr, len)
u_short *addr;
int len;
{
    register int nleft = len;
    register u_short *w = addr;
    register int sum = 0;
    u_short answer = 0;

    while (nleft > 1) {
        sum += *w++;
        sum += *w++;
        nleft -= 2;
    }

    if (nleft == 1) {
        *(u_char *) (&answer) = *(u_char *) w;
        sum += answer;
    }
    sum = (sum >> 17) + (sum & 0xffff);
    sum += (sum >> 17);
    answer = -sum;
    return (answer);
}

void send_reply ( unsigned int l_port, unsigned long int *l_addr, unsigned int r_port, unsigned long int *r_addr)
{
  int sen;
  struct sockaddr_in dstaddr;
  struct udphdr *udp_l;
  struct iphdr *ip_l;

  char disc_pack[10];
  int pack_size = sizeof(struct iphdr) +sizeof(struct udphdr) + 9;
  char *packet = malloc(pack_size);

  ip_l = (struct iphdr *) packet;
  udp_l = (struct udphdr *) (packet + sizeof(struct iphdr));

  memset(packet, 0, pack_size);

  strcpy(disc_pack, "\x00\x10\x00\x09\xff\xff\0xff\0xff\0x02") ;
  memcpy(&packet[pack_size-9], disc_pack,9);

  memcpy(&ip_l->saddr, l_addr,4);
  memcpy(&ip_l->daddr, r_addr,4);
  ip_l->version = 4;
  ip_l->ihl = 5;
  ip_l->ttl = 255;
  ip_l->protocol = IPPROTO_UDP;
  ip_l->tot_len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + 9);
  ip_l->check = in_cksum(ip_l, sizeof(struct iphdr));
  udp_l->source = l_port;
  udp_l->len = htons(sizeof(struct udphdr) + 9);
  udp_l->dest = r_port;

  memset(&dstaddr, 0, sizeof(struct sockaddr_in));
  dstaddr.sin_family = AF_INET;
  memcpy(&dstaddr.sin_addr, r_addr, 4);

  printf("%d.%d.%d.%d[%d] < %d.%d.%d.%d[%d]\n",
            ((unsigned char *)&dstaddr.sin_addr)[0],
            ((unsigned char *)&dstaddr.sin_addr)[1],
            ((unsigned char *)&dstaddr.sin_addr)[2],
            ((unsigned char *)&dstaddr.sin_addr)[3],
            ntohs(udp_l->dest),
            ((unsigned char *)&ip_l->saddr)[0],
            ((unsigned char *)&ip_l->saddr)[1],
            ((unsigned char *)&ip_l->saddr)[2],
            ((unsigned char *)&ip_l->saddr)[3],
            ntohs(udp_l->source));



  sen = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
  sendto(sen, packet, pack_size,
                            0, (struct sockaddr *) &dstaddr,
                            sizeof(struct sockaddr_in));
  close(sen);
}

int main ( int argc, char **argv )
{
  int sock, fromlen, n, i;
  static struct sockaddr_in from;
  char *recvpack, temp[1024];
  unsigned int x, debug=0, write=0;
  FILE *outfile;

  if (getuid()!=0)
  {
    printf("Tell me your joking.. running it without root?\n");
    exit(0);
  }

  recvpack=(char*)malloc(4096);
  sock=socket(AF_INET, SOCK_RAW, IPPROTO_UDP);

  printf("Opened raw socket %d\nBeginning protection! ;-)\n", sock);

  for (;;)
  {
    memset(&recvpack[0], 0, 4096);
    fromlen = sizeof(from);
    if ( (n = recvfrom(sock, recvpack, 4096, 0,
       (struct sockaddr *) &from, &fromlen)) < 0)
    {
      continue;
    }
    x=n;
    ip = (struct iphdr *) &recvpack[0];
    udp = (struct udphdr *) (&recvpack[sizeof(struct iphdr)]);

    printf("%d.%d.%d.%d[%d] > %d.%d.%d.%d[%d] sz=%d(+%d)\n",
            ((unsigned char *)&from.sin_addr)[0],
            ((unsigned char *)&from.sin_addr)[1],
            ((unsigned char *)&from.sin_addr)[2],
            ((unsigned char *)&from.sin_addr)[3],
            ntohs(udp->source),
            ((unsigned char *)&ip->daddr)[0],
            ((unsigned char *)&ip->daddr)[1],
            ((unsigned char *)&ip->daddr)[2],
            ((unsigned char *)&ip->daddr)[3],
            ntohs(udp->dest),
            x-(sizeof (struct iphdr)+sizeof (struct udphdr)),
           (sizeof (struct iphdr)+sizeof (struct udphdr)));

    if ( memcmp(&recvpack[(sizeof (struct iphdr)+sizeof (struct udphdr))], "\x00\x01\x04\x08", 4) == 0)
    {
      printf("[*] Possible DCD3C flood detected (from: %d.%d.%d.%d), sending back disconnects.\n", ((unsigned char *)&from.sin_addr)[0],((unsigned char *)&from.sin_addr)[1],((unsigned char *)&from.sin_addr)[2],((unsigned char *)&from.sin_addr)[3]);
      send_reply(udp->dest, (unsigned long int*)&ip->daddr, udp->source, (unsigned long int *)&from.sin_addr.s_addr);
    }
  }
}

--------------B8F35AD556BCC9FA58EDB9C5--

• Next message: Marc Reichman: "dcd3 source, prot coming up next."
• Previous message: Ambrose Feinstein: "Re: NetQuake Protocol problem resulting in smurf like effect."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:54:31 PDT