DDoS (Distributed Denial of Service) Nedir, Nasıl Yapılır.
/*
* zombie_zapper - distributed dos killer
* written by Simple Nomad
* Requirements: Libnet 1.0 or higher (http://www.packetfactory.net/libnet/)
* Compilation instructions:
* gcc `libnet-config --defines` -o zz zz.c -lnet
* Tested on RedHat, Slackware, but should work most places that libnet compiles
* and installs properly.
* Suggested usages:
* zz -a 1 -v 192.168.1.1
* (stops trinoo daemon at 192.168.1.1 from flooding, uses verbose mode)
* zz -u 80 -c 192.168.1.0
* (stops trinoo, tfn, stach, troj_trinoo on 192.168.1 network from
* flooding, udp source port of 80 is being used)
* zz -a 5 -m www.whitehouse.gov -s 10.10.10.10 192.168.1.1
* (stops a shaft agent at 192.168.1.1 from flooding www.whitehouse.gov
* using a forged source address of 10.10.10.10)
* Shouts to my homies on BindView's RAZOR team for all the help with this!
*/
#include
int timer;
/*
* Based off of icmpquery, chain structs to store host names.
*/
struct hosts
{
char *hostname;
u_long hostaddr;
struct hosts *next;
};
struct hosts *hostnames;
struct hosts *hosttail;
/*
* Build the targets
*/
void build_target(char *host, u_long ip_addr)
{
if (hostnames == NULL)
{
hostnames = (struct hosts *) malloc(sizeof(*hostnames));
if (hostnames == NULL)
{
perror("hostnames malloc failed");
exit(-1);
}
hosttail = hostnames;
}
else
{
hosttail->next = (struct hosts *) malloc(sizeof(*hostnames));
if (hosttail->next == NULL)
{
perror("hosttail->next malloc failed");
exit(-1);
}
hosttail = hosttail->next;
}
hosttail->hostname = strdup(host);
if (hosttail->hostname == NULL)
{
perror("strdup failed");
exit(-1);
}
hosttail->hostaddr = ip_addr;
hosttail->next = NULL;
}
/*
* Build a class C of targets
*/
void build_class_c(u_long dst_ip)
{
int i;
u_long class_c_ips[256];
union
{
struct in_addr addr;
ulong temp_ip;
} ip;
for (i = 0; i < 256; i++)
{
class_c_ips[i] = htonl(dst_ip) + i;
class_c_ips[i] = htonl(class_c_ips[i]);
ip.temp_ip = class_c_ips[i];
build_target(inet_ntoa(ip.addr),ip.temp_ip);
}
}
/*
* Process the targets, resolve the hosts, set up the chain
*/
void process_targets(char **hostlist, int verbose)
{
int i;
u_long tmpaddr;
for (i = 0; hostlist[i]; i++)
{
tmpaddr = libnet_name_resolve(hostlist[i], LIBNET_RESOLVE);
/*
* if a "local" hostname is given it could "resolve" to a
* broadcast address if the local host is not set up properly,
* so we need to make sure we grab it and not send the packet
*/
if ((tmpaddr == 0xffffffff) || (tmpaddr == -1))
{
if (verbose) printf("%s not resolved\n",hostlist[i]);
continue;
};
build_target(hostlist[i],tmpaddr);
}
}
void caughtsig(int sig)
{
timer = 0;
return;
}
/*
* build and send the icmp packets
*/
void send_packets(u_long src_ip, char *my_host, u_short sport, int antitype, int flood, int verbose)
{
int packet_size, network, i, p, count, data_len = 0;
u_char *packet;
u_short header, id, dport;
u_char proto;
char data[87],sbuf[87];
u_long dst_ip;
struct hosts *list;
for (p=0;p<87;p++) data[p] = 0;
switch (antitype)
{
case 1: /* Trinoo */
sprintf(sbuf,"d1e l44adsl d1e");
header = LIBNET_UDP_H;
id = 41072;
dport = 27444;
proto = IPPROTO_UDP;
break;
case 2: /* TFN */
sprintf(sbuf,"12345");
header = LIBNET_ICMP_ECHO_H;
id = 567;
proto = IPPROTO_ICMP;
break;
case 3: /* Stacheldraht */
header = LIBNET_ICMP_ECHO_H;
id = 3;
proto = IPPROTO_ICMP;
break;
case 4: /* Troj_Trinoo */
sprintf(sbuf,"d1e []..Ks l44");
header = LIBNET_UDP_H;
id = 41072;
dport = 34555;
proto = IPPROTO_UDP;
break;
case 5: /* Shaft, part one */
sprintf(sbuf,"alive tijgu hi 5 2621");
header = LIBNET_UDP_H;
id = 41072;
dport = 18753;
proto = IPPROTO_UDP;
break;
case 0: /* Shaft, part two */
sprintf(sbuf,"end tijgu %s 5 2621",my_host);
header = LIBNET_UDP_H;
id = 41072;
dport = 18753;
proto = IPPROTO_UDP;
break;
}
if (antitype != 3) /* no payload for stach required */
{
data_len = strlen(sbuf);
for (p=0;pif (verbose) printf(" Payload is \"%s\"\n Data length of %d\n",data,data_len);
}
else if (verbose) printf(" Payload is NULL\n Data length of 0\n");
count = 0;
/* compute packet size */
packet_size = LIBNET_IP_H + header + data_len;
if (verbose) printf(" Packet size is %d\n",packet_size);
/* get mem for packet */
libnet_init_packet(packet_size, &packet);
if (packet == NULL)
{
libnet_error(LIBNET_ERR_FATAL, "unable to init packet mem\n");
}
/* get network ready */
network = libnet_open_raw_sock(IPPROTO_RAW);
if (network == -1)
{
libnet_error(LIBNET_ERR_FATAL, "unable to open network for sending\n");
}
list = hostnames;
/* main sending loop */
while (list != NULL)
{
/* get the target address */
dst_ip = list->hostaddr;
/* build target section */
switch (proto)
{
case IPPROTO_ICMP:
libnet_build_icmp_echo(ICMP_ECHOREPLY,0,id,0,data,data_len,packet + LIBNET_IP_H);
break;
case IPPROTO_UDP:
libnet_build_udp(sport,dport,data,data_len,packet + LIBNET_IP_H);
break;
}
/* build IP section */
libnet_build_ip(header,0,id,0,64,proto,src_ip,dst_ip,NULL,0,packet);
timer = 1;
signal(SIGALRM, caughtsig);
alarm(flood);
while(timer)
{
/* send the packet */
i = libnet_write_ip(network, packet, packet_size);
if (i == -1)
{
libnet_error(LIBNET_ERR_FATAL, "failed to write to network\n");
}
if (i < packet_size)
{
libnet_error(LIBNET_ERR_FATAL, "only wrote %d bytes\n", i);
}
if (verbose == 2)
{
printf("Sent %d bytes for %s\n", i, list->hostname);
}
count++;
/*
* 1/10 sec delay between packets to prevent overflowing the local
* interface
*/
usleep(10000);
}
/* get next address, or NULL if done */
list = list->next;
}
/* clean things up */
if (libnet_close_raw_sock(network) == -1)
{
libnet_error(LIBNET_ERR_WARNING, "couldn't close the interface after sending");
}
libnet_destroy_packet(&packet);
if (verbose) printf(" %d packets sent in %d seconds\n",count,flood);
}
/*
* usage
*/
void usage(char *prog)
{
fprintf(stderr,"USAGE:\n");
fprintf(stderr,"%s [-a 0-5] [-c class C] [-d dev] [-h] [-m host] [-s src] [-u udp] [-v] hosts\n\n",prog);
fprintf(stderr," -a antiddos type to kill:\n");
fprintf(stderr," 0 types 1-4 (default)\n");
fprintf(stderr," 1 trinoo\n");
fprintf(stderr," 2 tfn\n");
fprintf(stderr," 3 stacheldraht\n");
fprintf(stderr," 4 trinoo on Windows\n");
fprintf(stderr," 5 shaft (requires you use the -m option)\n");
fprintf(stderr," -c class C in x.x.x.0 form\n");
fprintf(stderr," -f time in seconds to send packets (default 1)\n");
fprintf(stderr," -d grab local IP from dev (default eth0)\n");
fprintf(stderr," -h this help screen\n");
fprintf(stderr," -m my host being flooded (used with -a 5 above, only one host)\n");
fprintf(stderr," -s spoofed source address (just in case)\n");
fprintf(stderr," -u UDP source port for trinoo (default 53)\n");
fprintf(stderr," -v verbose mode (use twice for more verbosity)\n");
fprintf(stderr," host(s) are target hosts (ignored if using -c)\n");
fprintf(stderr,"\n");
}
int main(int argc, char **argv)
{
char *prog;
extern char *optarg;
extern int optind;
extern int optopt;
extern int opterr;
char ch;
int spoof = 0, verbose = 0, setdev = 0;
int antitype = 0, class_c = 0, shaft = 0;
int flood = 1;
u_long src_ip;
char *my_host;
u_long dst_ip = 0;
u_long class_c_ip;
u_short sport = 53;
u_long CLASS_C_MASK = 0x00ffffff;
char *data[18];
char *dev;
struct libnet_link_int *l;
u_char *ebuf;
prog = argv[0];
dev = "eth0";
printf("Zombie Zapper v1.2 - DDoS killer\n");
printf("Bugs/comments to thegnome@razor.bindview.com\n");
printf("More info and free tools at http://razor.bindview.com\n");
printf("Copyright (c) 2000 BindView Development\n\n");
if(getuid()!=0)
{
fprintf(stderr, "=== You must be root to run %s!\n", prog);
exit(-1);
}
while ((ch = getopt(argc, argv, "hvc:a:m:s:d:u:f:")) != EOF)
switch(ch)
{
case 'c':
dst_ip = libnet_name_resolve(optarg, LIBNET_RESOLVE);
if (dst_ip == -1)
{
printf("=== Invalid class C %s\n", optarg);
usage(prog);
exit(-1);
}
/* get the last part of the address */
class_c_ip = ((dst_ip | CLASS_C_MASK) - CLASS_C_MASK);
/* if it is not zero make it zero */
if(class_c_ip) dst_ip = dst_ip ^ class_c_ip;
class_c = 1;
break;
case 'd':
dev = optarg;
setdev = 1;
break;
case 'f':
flood = (int) strtol(optarg, NULL, 10);
if (flood < 1) flood = 1;
if (flood > 360) flood = 360;
break;
case 'h':
usage(prog);
exit(0);
case 'a':
antitype = (int) strtol(optarg, NULL, 10);
break;
case 'm':
if (!(libnet_name_resolve(optarg, LIBNET_RESOLVE)))
{
fprintf(stderr,"=== Unable to resolve hostname,\n");
fprintf(stderr,"=== try using the IP address\n");
usage(prog);
exit(-1);
}
if (strlen(optarg) > 70)
{
fprintf(stderr,"=== Very long hostname, try using just an\n");
fprintf(stderr,"=== IP address.\n");
usage(prog);
exit(-1);
}
my_host = optarg;
shaft = 1;
break;
case 's':
if (!(src_ip = libnet_name_resolve(optarg, LIBNET_RESOLVE)))
{
fprintf(stderr,"=== Unable to resolve source host,\n");
fprintf(stderr,"=== try spoofing with an IP address\n");
usage(prog);
exit(-1);
}
spoof = 1;
break;
case 'u':
sport = (int) strtol(optarg, NULL, 10);
break;
case 'v':
verbose++;
if (verbose > 2) verbose = 2;
break;
default:
usage(prog);
exit(-1);
}
argc -= optind;
argv += optind;
/* post arg processing */
if ((!class_c) && (!argv[0] || !strlen(argv[0])))
{
fprintf(stderr,"=== You must specify target(s) or a class C to send to\n");
usage(prog);
exit(-1);
}
if ((setdev) && (spoof))
{
fprintf(stderr, "=== You cannot specify a device for a source IP address\n");
fprintf(stderr, "=== and spoof your source IP address at the same time.\n");
usage(prog);
exit(-1);
}
if (antitype > 5 || antitype < 0)
{
fprintf(stderr,"=== Invalid or unsupported antiddos type\n");
usage(prog);
exit(-1);
}
if (antitype == 5 && (!shaft))
{
fprintf(stderr,"=== You must specify a host with the -m option when using\n");
fprintf(stderr,"=== the -a option of 5\n");
usage(prog);
exit(-1);
}
if (!spoof)
{
src_ip = libnet_get_ipaddr(l, dev, ebuf);
if ((src_ip == -1) || (src_ip == 0))
{
fprintf(stderr, "=== Grabbing address from %s failed,\n",dev);
fprintf(stderr, "=== try a different device.\n");
usage(prog);
exit(-1);
}
src_ip = htonl(src_ip);
}
/* end post arg processing */
if (verbose)
{
printf("Sending packets to stop these possible daemons from flooding\n\n");
switch(antitype)
{
case 0:
printf("\tTrinoo, TFN, Stacheldraht, Troj_Trinoo\n\n");
break;
case 1:
printf("\tTrinoo\n\n");
break;
case 2:
printf("\tTFN\n\n");
break;
case 3:
printf("\tStacheldraht\n\n");
break;
case 4:
printf("\tTroj_Trinoo\n\n");
break;
case 5:
printf("\tShaft\n\n");
break;
}
}
/* build a class C full of addresses */
if (class_c) build_class_c(dst_ip);
/* build target chain and get a count */
else process_targets(argv, verbose);
if (antitype == 0 || antitype == 1)
{
if (verbose) printf("Building anti-Trinoo packets\n");
send_packets(src_ip,NULL,sport,1,flood,verbose);
}
if (antitype == 0 || antitype == 2)
{
if (verbose) printf("Building anti-TFN packets\n");
send_packets(src_ip,NULL,sport,2,flood,verbose);
}
if (antitype == 0 || antitype == 3)
{
if (verbose) printf("Building anti-Stacheldraht packets\n");
send_packets(src_ip,NULL,sport,3,flood,verbose);
}
if (antitype == 0 || antitype == 4)
{
if (verbose) printf("Building anti-Troj_Trinoo packets\n");
send_packets(src_ip,NULL,sport,4,flood,verbose);
}
if (antitype == 5)
{
if (verbose) printf("Building first set of anti-Shaft packets\n");
send_packets(src_ip,NULL,sport,5,flood,verbose);
if (verbose) printf("Building second set of anti-Shaft packets\n");
send_packets(src_ip,my_host,sport,0,flood,verbose);
}
if (verbose) printf("Complete\n");
exit(0);
}
Kaynaklar
http://www.networkmagazine.com
http://razor.bindview.com
http://staff.washington.edu/dittrich/misc/ddos
http://packetstormsecurity.org/distributed
Hit: 20552
Yazar: renegadealien